Audit Result

UUID: 019edef4-0ae7-7295-b42b-535ba77d1773

checkyourwebcam.com

https://checkyourwebcam.com/

Scanned 4 weeks ago

92
Excellent Score
39 total checks
Passed
34
Warnings
4
Errors
1

Meta Information

  • Title Tag Pass

    Found 38 characters. Length is optimal.

  • Found 85 characters. Good snippet length.

  • Canonical found: https://checkyourwebcam.com/

  • Favicon Pass

    Favicon found and reachable: favicon.ico (HTTP 200).

    Favicon
  • Viewport configured: width=device-width, initial-scale=1.0, user-scalable=no

  • HTML Lang Pass

    Language declared as "en".

Content Structure

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • 1 HTTPS hardening issues detected.

    • • Could not probe the HTTP version of this page.
    • • Strict-Transport-Security: max-age=31536000; includeSubDomains

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Core security headers were detected.

    Full HTTP headers (19)
    • • access-control-allow-origin: *
    • • alt-svc: h3=":443"; ma=86400
    • • cache-control: public, max-age=0, s-maxage=2592000
    • • cache-tag: 752d5636-23fb-4e56-9343-c107ad27cf9a,2531acf4-67ef-42e6-b002-ab85a6690fb8,f2f68145-c1d4-4327-b58a-8f9ce2c4d61d
    • • cf-cache-status: DYNAMIC
    • • cf-ray: a0e117a18ca7d707-IAD
    • • content-encoding: gzip
    • • content-security-policy: default-src 'self'; script-src 'self' https://checkyourwebcam.stats.fiveem.com; script-src-attr 'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' https://checkyourwebcam.stats.fiveem.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none'
    • • content-type: text/html
    • • date: Fri, 19 Jun 2026 08:16:34 GMT
    • • last-modified: Fri, 19 Jun 2026 08:11:38 GMT
    • • permissions-policy: camera=(self), microphone=(), geolocation=(), payment=(), usb=()
    • • referrer-policy: strict-origin-when-cross-origin
    • • server: cloudflare
    • • strict-transport-security: max-age=31536000; includeSubDomains
    • • svid: c395413b9ccd7cb8cdc720ff9d5c0a035eabd82c94829e16883f178fc3528c30ce3a42181beae448e5b350cc9365d7846a1428d7675594259fba4be86ea57dc8191896dc03ad5d674c57ec5628357fbea2dc4b0fa61434fed73bebbcbbda6b57b28ea2cd21acd1859bea0b9ac8c708d4cf33f0eaaf365764526d1e2d848516548ab3fec3c2fd9f5eeb286501f1f72ef229903e3e4bda844b249b4e7e7941b952146273b534c7d7e315d208226e6b1ccfd511fe6e17a9fcde45bdeecfcf40d757bb6f7052b2dd0843b397624088790c68ff20eb9346f1b52a6c05087466fae279c3ecc7
    • • vary: Accept-Encoding
    • • x-content-type-options: nosniff
    • • x-frame-options: SAMEORIGIN
  • Content Security Policy looks restrictive and avoids common unsafe directives.

    • • Content-Security-Policy: default-src 'self'; script-src 'self' https://checkyourwebcam.stats.fiveem.com; script-src-attr 'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' https://checkyourwebcam.stats.fiveem.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none'
  • No first-party cookies were set during the initial page load.

  • Server response headers do not expose version tokens.

  • Domain appears to be behind Cloudflare.

    • • server: cloudflare
    • • cf-cache-status: DYNAMIC
    • • cf-ray: a0e117a18ca7d707-IAD
  • Loaded in 0.65s (perceived).

  • 0 scripts and 3 styles may block rendering.

    • • style: https://cdn.jsdelivr.net/npm/@picocss/pico@2/css/pico.red.min.css
    • • style: https://fonts.googleapis.com/css2?family=Afacad+Flux:[email protected]&display=swap
    • • style: https://checkyourwebcam.com/style.css

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Text-like assets appear compressed.

  • Robots.txt Pass

    Found robots.txt (200).

  • Found sitemap (200) at https://checkyourwebcam.com/sitemap.xml.

  • Robots meta found: index, follow

Accessibility Basics

  • All 1 controls are labeled.

  • Landmarks Pass

    Header, nav, main, and footer landmarks are present.

  • Tap Target Size Warning

    1 interactive elements appear smaller than 48px.

    • • button#info-btn.info-btn (About this app) - 32x32px

    Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Social & Rich Results

  • Core Open Graph tags are present.

  • og:image is present and absolute.

    Open Graph Image
  • twitter:card set to summary_large_image.

  • JSON-LD schema detected.

  • Manifest and Apple touch icon are configured.

  • Social preview metadata and image quality look good for Open Graph/Twitter.

    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.
    • • MEASURED: Image size: 0.04 MB
    • • MEASURED: Image dimensions: 1200x630

Links Analysis

Performance & Runtime

  • Largest Contentful Paint: 0.65s.

  • Cumulative Layout Shift: 1.034.

    Fix: Reserve space for images/ads and avoid injecting layout-changing elements above existing content.

  • Total Blocking Time estimate: 0ms.

  • No failed CSS/JS/image/font/media requests detected.

  • 1 JavaScript runtime issues detected.

    • • Applying inline style violates the following Content Security Policy directive 'style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com'. Either the 'unsafe-inline' keyword, a hash ('sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. The action has been blocked. [https://checkyourwebcam.com/:108]

    Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.