Audit Result
UUID: 019edfc6-2992-721a-a38c-045d39ae9f74
https://www.tiktok.com/@user12162098x/photo/7518973937397583110
Scanned 4 weeks ago
Meta Information
-
Title Tag Warning
Found 22 characters. Keep title between 30 and 60 characters.
Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.
-
Meta Description Error
Missing meta description.
Fix: Add <meta name="description" content="..."> in <head> with a clear page summary.
-
Canonical URL Warning
Canonical link not found.
Fix: Add <link rel="canonical" href="https://example.com/page"> to avoid duplicate URL ambiguity.
-
Favicon Warning
No favicon link found in <head>.
Fix: Add <link rel="icon" href="/favicon.ico"> to ensure browser tab and bookmark visibility.
-
Viewport Meta Pass
Viewport configured: width=device-width, initial-scale=1.0
-
HTML Lang Pass
Language declared as "en".
Content Structure
-
H1 Tag Error
No H1 heading found.
Fix: Use a single, descriptive <h1> that states the primary purpose of the page.
-
Heading Hierarchy Pass
Valid heading flow across 0 headings.
-
Image Alt Text Pass
All 0 images include alt text.
Technical Optimization
-
HTTPS Pass
Page is served over HTTPS.
-
HSTS & HTTPS Redirect Warning
1 HTTPS hardening issues detected.
- • Could not probe the HTTP version of this page.
- • Strict-Transport-Security: max-age=31536000; includeSubdomains
Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.
-
Security Headers Pass
Core security headers were detected.
Full HTTP headers (30)
- • access-control-expose-headers: x-tt-traceflag,x-tt-logid
- • cache-control: max-age=0, no-cache, no-store
- • content-encoding: br
- • content-security-policy: report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=7qSeM8cmzi4GPGC6JsU1aj&v=2&s=421&b=oab; report-to csp-endpoint; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok-usts.com *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokglobalshop.us *.tiktokmusic.me *.tiktokshop.com *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttcdn-us.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com api.music.apple.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com interactives.ap.org media.ticketmaster.eu newassets.hcaptcha.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com static.captchami.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com tx41v.arkoselabs.com unpkg.com vimeo.com lf-tiktok-web-bak.tiktokcdn-us.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: http://localhost:* https://localhost:* wss://im-ws.tiktok.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-usts.com *.tiktok.com/passport/ *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.us *.tiktokglobalshopv.us *.tiktokmusic.me *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv-us.com *.tiktokv.us *.tiktokw.eu/passport/ *.tiktokw.us *.topbuzzcdn.com *.ttcdn-us.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.us.tiktok.com *.us.tiktokv.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com affiliate-us.tiktok.com analytics.tiktok.com api.music.apple.com code.jquery.com effecthouse.tiktok.com facebook.com google.com i.ticketweb.com im-api.tiktok.com im-image.tiktokv.com im-ws.tiktok.com image-va.tiktok.com images.universe.com interactives.ap.org livecenter.tiktok.com login-eu.www.tiktok.com login-no1a.www.tiktok.com login-row.www.tiktok.com login-us.www.tiktok.com media.ticketmaster.eu newassets.hcaptcha.com newsroom.tiktok.com p0-pu-private-useast8.tiktok.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net scm-us.tiktok.com seller-us.tiktok.com shop.tiktok.com starling-i18n.tiktokv.com/check_and_get_text/ starling-sg.tiktokv.com/check_and_get_text/ starling-va.tiktokv.com/check_and_get_text/ static-label.frontgatetickets.com static.captchami.com support.tiktok.com t.co t.tiktok.com tikitoks.com tiktok.captchami.com tiktokfollowersfree.com tv.tiktok.com tx41v.arkoselabs.com unpkg.com us.tiktok.com v16-webapp-prime.tiktok.com v16-webapp.tiktok.com v19-webapp-prime.tiktok.com vas-alisg16.tiktokv.com vas-maliva16.tiktokv.com vas-useast2a.tiktokv.com vas-va.tiktokv.com vcs-sg.tiktokv.com vcs-va.byteoversea.com vcs-va.tiktokv.com verification-i18n.tiktok.com verification-sg.tiktok.com verification-va.byteoversea.com verification-va.tiktok.com verification.tiktokw.eu verification16-normal-no1a.tiktokw.eu verify-sg.byteoversea.com video-tcs-sg.tiktok.com video-tcs-va.tiktok.com vimeo.com web-i18n.tiktok.com/passport/ web-sg.tiktok.com/passport/ web-va.tiktok.com/passport/ webapp-sg.tiktok.com webapp-va.tiktok.com www.tiktok.com; script-src 'inline-speculation-rules' 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com accounts.google.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net interactives.ap.org js-cdn.music.apple.com/musickit/v3/musickit.js js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/bric-captcha-ttweb/core-captcha/ static.captchami.com tiktok.captchami.com tx41v.arkoselabs.com unpkg.com vimeo.com www.facebook.net www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com lf-tiktok-web-bak.tiktokcdn-us.com lf16-tiktok-web.tiktokcdn-us.com/obj/tiktok-web-tx/obj/waf-aiso/; worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js www.tiktok.com/tiktokstudio/static/worker/ www.tiktok.com/tiktokstudio/sw.js www.tiktok.com/web-static-js/
- • content-type: text/html; charset=utf-8
- • date: Fri, 19 Jun 2026 12:06:03 GMT
- • expires: Fri, 19 Jun 2026 12:06:03 GMT
- • feature-policy: microphone 'none'; geolocation 'none'
- • pragma: no-cache
- • referrer-policy: strict-origin-when-cross-origin
- • reporting-endpoints: csp-endpoint="https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=7qSeM8cmzi4GPGC6JsU1aj&v=2&s=421&b=oab"
- • server: nginx
- • server-timing: inner; dur=166 cdn-cache; desc=MISS, edge; dur=2, origin; dur=173
- • strict-transport-security: max-age=31536000; includeSubdomains
- • x-akamai-request-id: a284eaf6
- • x-bytefaas-execution-duration: 164.48
- • x-bytefaas-request-id: 20260619120603EE926CE5A5305D54ED37
- • x-cache: TCP_MISS from a23-202-158-69.deploy.akamaitechnologies.com (AkamaiGHost/22.5.3-1bfcac812b30f7e01d3bfc6066b8b27c) (-)
- • x-content-type-options: nosniff
- • x-download-options: noopen
- • x-frame-options: SAMEORIGIN
- • x-gw-dst-psm: serverless.tiktok.desktop
- • x-origin-response-time: 174,23.202.158.69
- • x-powered-by: Goofy Node
- • x-pumbaa-web-avail: 1
- • x-tt-logid: 20260619120603EE926CE5A5305D54ED37
- • x-tt-trace-host: 01ace5187a7e07babf5870f95205416cd42e0c806c5f5b538be4143e38c31ebd5ef9009ea2dffa6e0a739fc9acb309f3e680f5b47b5b695f655388d5deef303802b0388fd9ca03b6b134772a8af1e16e1488e142060c6e5b55e41c40a1191fc415
- • x-tt-trace-id: 00-260619120603EE926CE5A5305D54ED37-2ADCD1E94C802706-00
- • x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
- • x-xss-protection: 1; mode=block
-
CSP Quality Error
4 CSP hardening issues detected.
- • script-src/default-src permits 'unsafe-eval'.
- • CSP is missing object-src 'none'.
- • CSP is missing a base-uri restriction.
- • CSP is missing frame-ancestors protection.
- • Content-Security-Policy: report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=7qSeM8cmzi4GPGC6JsU1aj&v=2&s=421&b=oab; report-to csp-endpoint; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok-usts.com *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokglobalshop.us *.tiktokmusic.me *.tiktokshop.com *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttcdn-us.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com api.music.apple.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com interactives.ap.org media.ticketmaster.eu newassets.hcaptcha.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com static.captchami.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com tx41v.arkoselabs.com unpkg.com vimeo.com lf-tiktok-web-bak.tiktokcdn-us.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: http://localhost:* https://localhost:* wss://im-ws.tiktok.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-usts.com *.tiktok.com/passport/ *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.us *.tiktokglobalshopv.us *.tiktokmusic.me *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv-us.com *.tiktokv.us *.tiktokw.eu/passport/ *.tiktokw.us *.topbuzzcdn.com *.ttcdn-us.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.us.tiktok.com *.us.tiktokv.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com affiliate-us.tiktok.com analytics.tiktok.com api.music.apple.com code.jquery.com effecthouse.tiktok.com facebook.com google.com i.ticketweb.com im-api.tiktok.com im-image.tiktokv.com im-ws.tiktok.com image-va.tiktok.com images.universe.com interactives.ap.org livecenter.tiktok.com login-eu.www.tiktok.com login-no1a.www.tiktok.com login-row.www.tiktok.com login-us.www.tiktok.com media.ticketmaster.eu newassets.hcaptcha.com newsroom.tiktok.com p0-pu-private-useast8.tiktok.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net scm-us.tiktok.com seller-us.tiktok.com shop.tiktok.com starling-i18n.tiktokv.com/check_and_get_text/ starling-sg.tiktokv.com/check_and_get_text/ starling-va.tiktokv.com/check_and_get_text/ static-label.frontgatetickets.com static.captchami.com support.tiktok.com t.co t.tiktok.com tikitoks.com tiktok.captchami.com tiktokfollowersfree.com tv.tiktok.com tx41v.arkoselabs.com unpkg.com us.tiktok.com v16-webapp-prime.tiktok.com v16-webapp.tiktok.com v19-webapp-prime.tiktok.com vas-alisg16.tiktokv.com vas-maliva16.tiktokv.com vas-useast2a.tiktokv.com vas-va.tiktokv.com vcs-sg.tiktokv.com vcs-va.byteoversea.com vcs-va.tiktokv.com verification-i18n.tiktok.com verification-sg.tiktok.com verification-va.byteoversea.com verification-va.tiktok.com verification.tiktokw.eu verification16-normal-no1a.tiktokw.eu verify-sg.byteoversea.com video-tcs-sg.tiktok.com video-tcs-va.tiktok.com vimeo.com web-i18n.tiktok.com/passport/ web-sg.tiktok.com/passport/ web-va.tiktok.com/passport/ webapp-sg.tiktok.com webapp-va.tiktok.com www.tiktok.com; script-src 'inline-speculation-rules' 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com accounts.google.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net interactives.ap.org js-cdn.music.apple.com/musickit/v3/musickit.js js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/bric-captcha-ttweb/core-captcha/ static.captchami.com tiktok.captchami.com tx41v.arkoselabs.com unpkg.com vimeo.com www.facebook.net www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com lf-tiktok-web-bak.tiktokcdn-us.com lf16-tiktok-web.tiktokcdn-us.com/obj/tiktok-web-tx/obj/waf-aiso/; worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js www.tiktok.com/tiktokstudio/static/worker/ www.tiktok.com/tiktokstudio/sw.js www.tiktok.com/web-static-js/
Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.
-
Cookie Security Pass
No first-party cookies were set during the initial page load.
-
Server response headers do not expose version tokens.
-
Cloudflare Proxy Warning
Domain does not appear to be behind Cloudflare.
-
Perceived Load Time Pass
Loaded in 0.57s (perceived).
-
Render Blocking Resources Warning
5 scripts and 1 styles may block rendering.
- • script: https://lf16-cdn-tos.tiktokcdn-us.com/obj/static-tx/tiktok-infra/csp/sdk-pre/slardar.web.pre.js
- • script: https://lf16-cdn-tos.tiktokcdn-us.com/obj/static-tx/slardar/fe/sdk-web/browser.oci.js?bid=tiktok_webapp&globalName=SlardarClient
- • script: https://lf16-cdn-tos.tiktokcdn-us.com/obj/static-tx/slardar/fe/sdk-web/plugins/common-monitors.1.16.7.js
- • script: https://lf16-cdn-tos.tiktokcdn-us.com/obj/static-tx/slardar/fe/sdk-web/plugins/common-monitors.1.14.1.js
- • script: https://lf16-cdn-tos.tiktokcdn-us.com/obj/static-tx/slardar/fe/sdk-web/plugins//common-monitors.1.16.6.js
- • style: https://lf16-tiktok-web.tiktokcdn-us.com/obj/tiktok-web-tx/tiktok/webapp/main/react-v18/webapp-desktop/static/assets/pa_prompt.08a5744b.css
Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.
-
Compression Warning
6 text resources look uncompressed.
- • https://mcs.tiktokw.us/v1/list (application/json; charset=utf-8)
- • https://mcs.tiktokv.us/v1/user/webid (application/json; charset=utf-8)
- • https://mcs.tiktokv.us/v1/list (application/json; charset=utf-8)
- • https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/?biz_id=pns_communication_service (application/json; charset=utf-8)
- • https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/?biz_id=tiktok_webapp (application/json; charset=utf-8)
- • https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/?biz_id=webmssdk (application/json; charset=utf-8)
Fix: Enable Brotli or Gzip compression for HTML, CSS, JS, and JSON responses.
-
Robots.txt Pass
Found robots.txt (200).
-
Sitemap File Pass
Found sitemap (200) at https://www.tiktok.com/sitemap.xml.
-
Crawl Directives Warning
No robots meta tag defined.
Fix: Add <meta name="robots" content="index,follow"> (or the intended directive) in <head>.
Accessibility Basics
-
Form Labels Pass
All 0 controls are labeled.
-
Landmarks Warning
Missing landmarks: header, nav, main, footer.
Fix: Use semantic regions (<header>, <nav>, <main>, <footer>) for navigation and assistive tech.
-
Tap Target Size Warning
3 interactive elements appear smaller than 48px.
- • button#top-right-get-coins-button.css-50aty2-7937d88b--StyledActionBarButton.egvv9qt3 - 32x32px
- • button.css-50aty2-7937d88b--StyledActionBarButton.egvv9qt3 - 32x32px
- • button#top-right-action-bar-login-button.TUXButton.TUXButton--capsule (Log in) - 76x32px
Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.
Social & Rich Results
-
Open Graph Basics Warning
Missing og:title or og:description.
Fix: Add og:title and og:description tags to control social preview text.
-
Open Graph Image Warning
og:image is missing.
Fix: Add <meta property="og:image" content="https://..."> with a high-quality share image.
-
Twitter Card Warning
twitter:card is missing.
Fix: Add <meta name="twitter:card" content="summary_large_image"> for better previews on X.
-
Structured Data Warning
No JSON-LD schema scripts found.
Fix: Add JSON-LD structured data matching your page type (Organization, Article, Product, etc.).
-
PWA Metadata Warning
Manifest or Apple touch icon is missing.
Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.
-
Open Graph/Twitter Quality Warning
5 social preview quality issues detected.
- • ISSUE: og:url should be an absolute URL.
- • ISSUE: og:title should typically be between 10 and 70 characters.
- • ISSUE: og:description should typically be between 50 and 200 characters.
- • ISSUE: Use an absolute URL for og:image or twitter:image.
- • ISSUE: twitter:card is missing.
- • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
- • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
- • GUIDELINE: Optimal preview image size: 1200x630 pixels.
- • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
- • GUIDELINE: Optimal preview image file size: under 5 MB.
- • GUIDELINE: Recommended twitter:card: summary_large_image.
Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.
Links Analysis
-
Internal Links Pass
Checked 0 links. No broken internal links found.
-
External Links Pass
No broken external links found in checked URLs.
-
Link Format Pass
All 0 links use non-empty href values.
Performance & Runtime
-
Core Web Vitals: LCP Pass
Largest Contentful Paint: 1.08s.
-
Core Web Vitals: CLS Pass
Cumulative Layout Shift: 0.000.
-
Main Thread Blocking (TBT) Warning
Total Blocking Time estimate: 206ms.
Fix: Reduce heavy JavaScript work, split long tasks, and defer non-critical scripts.
-
Broken Assets Pass
No failed CSS/JS/image/font/media requests detected.
-
JavaScript Runtime Errors Warning
4 JavaScript runtime issues detected.
- • Request failed: https://www.tiktok.com/api/item/detail/?WebIdLastTime=1781870763&aid=1988&app_language=en&app_name=tiktok_web&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Linux%20x86_64&browser_version=5.0%20%28X11%3B%20Linux%20x86_64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20HeadlessChrome%2F145.0.7632.6%20Safari%2F537.36&channel=tiktok_web&clientABVersions=70508271&clientABVersions=73720541&clientABVersions=75638230&clientABVersions=75694226&clientABVersions=75843653&clientABVersions=76055830&clientABVersions=76065196&clientABVersions=76088343&clientABVersions=76146170&clientABVersions=76146379&clientABVersions=76184866&clientABVersions=76191889&clientABVersions=76198652&clientABVersions=76208833&clientABVersions=76212861&clientABVersions=76248964&clientABVersions=76251328&clientABVersions=76251409&clientABVersions=76252684&clientABVersions=76276622&clientABVersions=76299613&clientABVersions=76308136&clientABVersions=76314877&clientABVersions=70405643&clientABVersions=71057832&clientABVersions=71200802&clientABVersions=72361743&clientABVersions=73171280&clientABVersions=73208420&clientABVersions=74276218&clientABVersions=74844724&clientABVersions=75330961&clientABVersions=73675307&clientABVersions=76088375&cookie_enabled=true&coverFormat=2&data_collection_enabled=false&device_id=7653076629745518094&device_platform=web_pc&focus_state=true&from_page=user&history_len=2&is_fullscreen=false&is_page_visible=true&itemId=7518973937397583110&language=en&odinId=7653076634374931470&os=linux&priority_region=&referer=®ion=US&screen_height=800&screen_width=1280&tz_name=Europe%2FBratislava&user_is_login=false&video_encoding=dash&webcast_language=en&msToken=&X-Bogus=DFSzsIROscbANxhRCRZyjjPPCOut&X-Gnarly=MHmXYyIR-dIkVIC4535T1Ous7Vsi4efYbcBtv7tihvIMWMqLoGh3/Bgl6mc10XZiY0J4LM/YidUfZBllUljUbni7SUhiC3IAS3Ylh8hXjf401PUAb37stOWldWLvzr-GcEAw62lPPSwn4vgN3XUSd5QV0CB6jJisnE9v4JUAh2QhqUxgHkD2zJ3QKLMiPz0ENc78dWgwoG/MiInaWUD6JI1/xGIo78Ra9sAzFcp/-LxrFECYgvF8nageKbYcEbVmYa6AdcuQHjfdtbQn9734wsCQmZcdvKEev/sEPvLwEluZWs-tYA9KJSN911P62Iw4XmOY472Ler9f (HTTP 403, type: fetch)
- • Request failed: https://www.tiktok.com/api/item/detail/?WebIdLastTime=1781870763&aid=1988&app_language=en&app_name=tiktok_web&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Linux%20x86_64&browser_version=5.0%20%28X11%3B%20Linux%20x86_64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20HeadlessChrome%2F145.0.7632.6%20Safari%2F537.36&channel=tiktok_web&clientABVersions=70508271&clientABVersions=73720541&clientABVersions=75638230&clientABVersions=75694226&clientABVersions=75843653&clientABVersions=76055830&clientABVersions=76065196&clientABVersions=76088343&clientABVersions=76146170&clientABVersions=76146379&clientABVersions=76184866&clientABVersions=76191889&clientABVersions=76198652&clientABVersions=76208833&clientABVersions=76212861&clientABVersions=76248964&clientABVersions=76251328&clientABVersions=76251409&clientABVersions=76252684&clientABVersions=76276622&clientABVersions=76299613&clientABVersions=76308136&clientABVersions=76314877&clientABVersions=70405643&clientABVersions=71057832&clientABVersions=71200802&clientABVersions=72361743&clientABVersions=73171280&clientABVersions=73208420&clientABVersions=74276218&clientABVersions=74844724&clientABVersions=75330961&clientABVersions=73675307&clientABVersions=76088375&cookie_enabled=true&coverFormat=2&data_collection_enabled=false&device_id=7653076629745518094&device_platform=web_pc&focus_state=true&from_page=user&history_len=2&is_fullscreen=false&is_page_visible=true&itemId=7518973937397583110&language=en&odinId=7653076634374931470&os=linux&priority_region=&referer=®ion=US&screen_height=800&screen_width=1280&tz_name=Europe%2FBratislava&user_is_login=false&video_encoding=dash&webcast_language=en&msToken=&X-Bogus=DFSzsIROscbANxhRCRZyjjPPCOut&X-Gnarly=MHmXYyIR-dIkVIC4535T1Ous7Vsi4efYbcBtv7tihvIMWMqLoGh3/Bgl6mc10XZiY0J4LM/YidUfZBllUljUbni7SUhiC3IAS3Ylh8hXjf401PUAb37stOWldWLvzr-GcEAw62lPPSwn4vgN3XUSd5QV0CB6jJisnE9v4JUAh2QhqUxgHkD2zJ3QKLMiPz0ENc78dWgwoG/MiInaWUD6JI1/xGIo78Ra9sAzFcp/-LxrFECYgvF8nageKbYcEbVmYa6AdcuQHjfdtbQn9734wsCQmZcdvKEev/sEPvLwEluZWs-tYA9KJSN911P62Iw4XmOY472Ler9f (net::ERR_ABORTED, type: fetch)
- • Failed to load resource: the server responded with a status of 403 () [https://www.tiktok.com/api/item/detail/?WebIdLastTime=1781870763&aid=1988&app_language=en&app_name=tiktok_web&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Linux%20x86_64&browser_version=5.0%20%28X11%3B%20Linux%20x86_64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20HeadlessChrome%2F145.0.7632.6%20Safari%2F537.36&channel=tiktok_web&clientABVersions=70508271&clientABVersions=73720541&clientABVersions=75638230&clientABVersions=75694226&clientABVersions=75843653&clientABVersions=76055830&clientABVersions=76065196&clientABVersions=76088343&clientABVersions=76146170&clientABVersions=76146379&clientABVersions=76184866&clientABVersions=76191889&clientABVersions=76198652&clientABVersions=76208833&clientABVersions=76212861&clientABVersions=76248964&clientABVersions=76251328&clientABVersions=76251409&clientABVersions=76252684&clientABVersions=76276622&clientABVersions=76299613&clientABVersions=76308136&clientABVersions=76314877&clientABVersions=70405643&clientABVersions=71057832&clientABVersions=71200802&clientABVersions=72361743&clientABVersions=73171280&clientABVersions=73208420&clientABVersions=74276218&clientABVersions=74844724&clientABVersions=75330961&clientABVersions=73675307&clientABVersions=76088375&cookie_enabled=true&coverFormat=2&data_collection_enabled=false&device_id=7653076629745518094&device_platform=web_pc&focus_state=true&from_page=user&history_len=2&is_fullscreen=false&is_page_visible=true&itemId=7518973937397583110&language=en&odinId=7653076634374931470&os=linux&priority_region=&referer=®ion=US&screen_height=800&screen_width=1280&tz_name=Europe%2FBratislava&user_is_login=false&video_encoding=dash&webcast_language=en&msToken=&X-Bogus=DFSzsIROscbANxhRCRZyjjPPCOut&X-Gnarly=MHmXYyIR-dIkVIC4535T1Ous7Vsi4efYbcBtv7tihvIMWMqLoGh3/Bgl6mc10XZiY0J4LM/YidUfZBllUljUbni7SUhiC3IAS3Ylh8hXjf401PUAb37stOWldWLvzr-GcEAw62lPPSwn4vgN3XUSd5QV0CB6jJisnE9v4JUAh2QhqUxgHkD2zJ3QKLMiPz0ENc78dWgwoG/MiInaWUD6JI1/xGIo78Ra9sAzFcp/-LxrFECYgvF8nageKbYcEbVmYa6AdcuQHjfdtbQn9734wsCQmZcdvKEev/sEPvLwEluZWs-tYA9KJSN911P62Iw4XmOY472Ler9f:1]
- • Uncaught (in promise) #<Response>
Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.