Audit Result

UUID: 019ec278-c39f-719c-8e22-bdc1bb7dba93

www.youtube.com

https://www.youtube.com/

Scanned 1 month ago

68
Fair Score
39 total checks
Passed
18
Warnings
17
Errors
4

Meta Information

  • Title Tag Warning

    Found 7 characters. Keep title between 30 and 60 characters.

    Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.

  • Found 126 characters. Good snippet length.

  • Canonical found: https://www.youtube.com/

  • Favicon Pass

    Favicon found and reachable: https://www.youtube.com/s/desktop/43517217/img/favicon.ico (HTTP 200).

    Favicon
  • Viewport meta is missing.

    Fix: Add <meta name="viewport" content="width=device-width, initial-scale=1"> for mobile rendering.

  • HTML Lang Pass

    Language declared as "en".

Content Structure

  • H1 Tag Warning

    Found 2 H1 tags.

    Fix: Use a single, descriptive <h1> that states the primary purpose of the page.

  • Valid heading flow across 2 headings.

  • 2 of 2 images are missing alt text.

    Fix: Add meaningful alt attributes to all informative images for accessibility and image SEO.

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • 2 HTTPS hardening issues detected.

    • • HSTS is missing includeSubDomains.
    • • Could not probe the HTTP version of this page.
    • • Strict-Transport-Security: max-age=31536000

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Missing: referrer-policy.

    Full HTTP headers (22)
    • • accept-ch: Sec-CH-Viewport-Width, Sec-CH-DPR, Device-Memory
    • • alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    • • cache-control: no-cache, no-store, max-age=0, must-revalidate
    • • content-encoding: br
    • • content-security-policy: script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.google.com https://apis.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://youtube.com https://www.youtube.com https://google.com https://*.doubleclick.net https://*.googleapis.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.youtubekids.com https://www.youtube-nocookie.com https://www.youtubeeducation.com https://www-onepick-opensocial.googleusercontent.com;report-uri https://csp.withgoogle.com/csp/youtube_main/allowlist require-trusted-types-for 'script' base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-YunAikxPyOsKfF3HGbVm9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';report-uri https://csp.withgoogle.com/csp/youtube_main/strict
    • • content-type: text/html; charset=utf-8
    • • cross-origin-opener-policy: same-origin-allow-popups; report-to="youtube_main"
    • • date: Sat, 13 Jun 2026 19:32:32 GMT
    • • document-policy: include-js-call-stacks-in-crash-reports
    • • expires: Mon, 01 Jan 1990 00:00:00 GMT
    • • origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 AiDEBptUfVeO93q48VdVMe/ubupazdAl8AaHP+NBzdnW8quUcHdzJUyGSfrmtpKJu7EOvwRp9ug2rEo3XU+WMAMAAAB2eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJEZXZpY2VCb3VuZFNlc3Npb25DcmVkZW50aWFsczIiLCJleHBpcnkiOjE3NzQzMTA0MDAsImlzU3ViZG9tYWluIjp0cnVlfQ==
    • • p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
    • • permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
    • • pragma: no-cache
    • • report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
    • • reporting-endpoints: crash-reporting="/web-reports?context=eJwNzX9MlXUUx3Gf-07GuMC9z32e5_s9z2jZ1K21Bl2cMHWaisXIQtlYG4aKF7o6Jt2bdLnJxGqllWUsNlthRdT6gVi3HyybkUlZsSVKUkvn8meaaUyXtqDQ0feP1z7n7Oyck9OdNbMiYa28rdnaXp6y_nkvZX3Yn7JGb01btdPTVtOpjVZXuCaw8UoOtXcE-WlpkNFlQdavDLLn_SD9nwY5cSFISUsu-zrziJ3No2dvPlWD-XQYl2_kU7ogRDoeIpgOsXNbiOJXQugfQuybGWbktTC_joVpL7F5_QGbE3U2lets2tpsthhl7Tb7e20KMjY1e21uvmhzdtxmcmmEytoI80dMFjjsnuZQWOIwvtwhJ-lw_kmHL_scyo85XPvdYcdVh-sTDi-4LlXapT7l8ninS6bbZXTQJTHk8vBxl-QFlzemeNytPGaIx3CBR-s0j8XVHrue8Wh6zuOT5z2slz0OHfIInPHYOunxha2Y4Sgm7lTEihXePEX2MsVbxksNiqEmxdijigMtip6nFAu2KDI9io96FTsGTX1csfA3RedFxd8BTV6WJmwM3K4ZKtL0lWm6yjWfVWgy92omjbHVmq1fabL3a-76WpMwTn6j2fyzJnVUM--UZtVpTdk5k5c0I1c1N65pXhzXdBjWf5o_JzRTpgrPZguLc4R7QsLbtlAlwuFi4f7ZQmSu4M8XWiuFdmNztdBdIyxaIQwYuauEoTXC6rjwy1rBSZpdI5ISzm0SAtuEtNFhrOkSNrwjHHxXGOkRrhi5u4R84-DHZqfP_P7c3OsXLn0r2N-Z_rDwvXH5iPl_VHjzmKBOCtvPCJlRgb-E6nHhln-FTdeF8wGfJfi8epPPQJbP8pDPE8ZwxGfqbJ_YQp85i3wajYolPoH7fNat8PEf9BmMmdl6n6c3-PS2-ew2IrnZP57ecyQr_MfwgQ-YXtiabEm11MeLHovXF65tTiZShfHEQ4UNzY2pxoZYU92s6KzSaGl0TlF0bt0j0f8Bl6n1bA"
    • • server: ESF
    • • strict-transport-security: max-age=31536000
    • • vary: Sec-CH-Viewport-Width, Sec-CH-DPR, Device-Memory
    • • x-content-type-options: nosniff
    • • x-frame-options: SAMEORIGIN
    • • x-xss-protection: 0

    Fix: Add the missing security headers at your reverse proxy or application layer.

  • CSP Quality Error

    4 CSP hardening issues detected.

    • • script-src/default-src permits 'unsafe-inline'.
    • • script-src/default-src permits 'unsafe-eval'.
    • • CSP is missing a base-uri restriction.
    • • CSP is missing frame-ancestors protection.
    • • Content-Security-Policy: script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.google.com https://apis.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://youtube.com https://www.youtube.com https://google.com https://*.doubleclick.net https://*.googleapis.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.youtubekids.com https://www.youtube-nocookie.com https://www.youtubeeducation.com https://www-onepick-opensocial.googleusercontent.com;report-uri https://csp.withgoogle.com/csp/youtube_main/allowlist require-trusted-types-for 'script' base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-YunAikxPyOsKfF3HGbVm9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';report-uri https://csp.withgoogle.com/csp/youtube_main/strict

    Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.

  • No first-party cookies were set during the initial page load.

  • Server response headers do not expose version tokens.

  • Domain does not appear to be behind Cloudflare.

  • Loaded in 0.40s (perceived).

  • 8 scripts and 4 styles may block rendering.

    • • script: https://www.youtube.com/s/desktop/43517217/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js
    • • script: https://www.youtube.com/s/desktop/43517217/jsbin/webcomponents-all-noPatch.vflset/webcomponents-all-noPatch.js
    • • script: https://www.youtube.com/s/desktop/43517217/jsbin/fetch-polyfill.vflset/fetch-polyfill.js
    • • script: https://www.youtube.com/s/desktop/43517217/jsbin/intersection-observer.min.vflset/intersection-observer.min.js
    • • script: https://www.youtube.com/s/desktop/43517217/jsbin/scheduler.vflset/scheduler.js
    • • script: https://www.youtube.com/s/desktop/43517217/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js
    • • script: https://www.youtube.com/s/desktop/43517217/jsbin/spf.vflset/spf.js
    • • script: https://www.youtube.com/s/desktop/43517217/jsbin/network.vflset/network.js
    • • style: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&family=YouTube+Sans:[email protected]&display=swap
    • • style: https://www.youtube.com/s/desktop/43517217/cssbin/www-main-desktop-home-page-skeleton.css
    • • style: https://www.youtube.com/s/desktop/43517217/cssbin/www-onepick.css
    • • style: https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.gzfHwzzKXTw.L.W.O/am=AAAAACAAIQAwBA/d=0/br=1/rs=AGKMywErdSQ-Upe8dUjb-LxUrjtJWIRWsA

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Text-like assets appear compressed.

  • Robots.txt Pass

    Found robots.txt (200).

  • Found sitemap (200) at https://www.youtube.com/sitemaps/sitemap.xml.

  • No robots meta tag defined.

    Fix: Add <meta name="robots" content="index,follow"> (or the intended directive) in <head>.

Accessibility Basics

  • Form Labels Error

    1 of 1 controls are missing labels.

    • • input[type="text"].ytSearchboxComponentInput.yt-searchbox-input (search_query)

    Fix: Associate each form control with a visible label, aria-label, or aria-labelledby.

  • Landmarks Warning

    Missing landmarks: main, footer.

    Fix: Use semantic regions (<header>, <nav>, <main>, <footer>) for navigation and assistive tech.

  • Tap Target Size Warning

    2 interactive elements appear smaller than 48px.

    • • button#button.style-scope.yt-icon-button (Guide) - 24x24px
    • • button.ytSearchboxComponentSearchButton (Search) - 64x40px

    Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Social & Rich Results

  • Missing og:title or og:description.

    Fix: Add og:title and og:description tags to control social preview text.

  • og:image is present and absolute.

    Open Graph Image
  • Twitter Card Warning

    twitter:card is missing.

    Fix: Add <meta name="twitter:card" content="summary_large_image"> for better previews on X.

  • Structured Data Warning

    No JSON-LD schema scripts found.

    Fix: Add JSON-LD structured data matching your page type (Organization, Article, Product, etc.).

  • PWA Metadata Warning

    Manifest or Apple touch icon is missing.

    Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.

  • 5 social preview quality issues detected.

    • • ISSUE: og:url should be an absolute URL.
    • • ISSUE: og:title should typically be between 10 and 70 characters.
    • • ISSUE: og:description should typically be between 50 and 200 characters.
    • • ISSUE: Preview image aspect ratio (1.00) differs from the recommended ~1.91:1.
    • • ISSUE: twitter:card is missing.
    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.
    • • MEASURED: Image size: 0.01 MB
    • • MEASURED: Image dimensions: 1200x1200

    Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.

Links Analysis

Performance & Runtime

  • LCP could not be measured.

    Fix: Improve LCP by optimizing above-the-fold media, reducing server latency, and inlining critical CSS.

  • Cumulative Layout Shift: 0.000.

  • Total Blocking Time estimate: 599ms.

    Fix: Reduce heavy JavaScript work, split long tasks, and defer non-critical scripts.

  • No failed CSS/JS/image/font/media requests detected.

  • 2 JavaScript runtime issues detected.

    • • Failed to load resource: the server responded with a status of 403 () [https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&dsh=S-1593185245%3A1781379153149249&hl=en&passive=true&service=youtube&uilel=3&flowName=WebLiteSignIn&flowEntry=ServiceLogin&ifkv=AcDsRvwiTGyHEaQicyvZFrRQ7gHKMg0C35E606QpSlmCEmoaN4yv0j0MH63yUtnV421-C3yX0TmG:1]
    • • Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. [about:blank:1]

    Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.