Audit Result

UUID: 019efb2e-7c30-72e5-b001-9c4ef024bfe8

mghost.pl

https://mghost.pl/

Scanned 3 weeks ago

86
Excellent Score
39 total checks
Passed
30
Warnings
7
Errors
2

Meta Information

  • Title Tag Pass

    Found 56 characters. Length is optimal.

  • Found 118 characters. Good snippet length.

  • Canonical found: https://mghost.pl

  • Favicon Pass

    Favicon found and reachable: /favicon.ico (HTTP 200).

    Favicon
  • Viewport configured: width=device-width, initial-scale=1

  • HTML Lang Pass

    Language declared as "pl-PL".

Content Structure

  • H1 Tag Pass

    Exactly one H1 found: "Superszybki i niezawodny hosting dla Twojej witryny".

  • Valid heading flow across 27 headings.

  • 1 of 16 images are missing alt text.

    Fix: Add meaningful alt attributes to all informative images for accessibility and image SEO.

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • 1 HTTPS hardening issues detected.

    • • Could not probe the HTTP version of this page.
    • • Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Core security headers were detected.

    Full HTTP headers (20)
    • • content-encoding: gzip
    • • content-security-policy: base-uri 'none'; default-src 'self'; connect-src 'self' https://mghost.pl https://api.mghost.pl https://o447951.ingest.sentry.io https://*.ingest.sentry.io https://*.ingest.de.sentry.io https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://analytics.google.com https://www.google.com https://www.googleadservices.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://www.facebook.com https://www.clarity.ms https://*.clarity.ms https://api.iconify.design; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://*.doubleclick.net https://www.google.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu; img-src 'self' data: https://mghost.pl https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://www.facebook.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.clarity.ms https://*.clarity.ms; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src-attr 'unsafe-hashes' 'sha256-bwK6T5wZVTANitXbrTsel7kl/PyCjCd/Dq5Qoz3imjM='; style-src 'self' 'unsafe-inline'; script-src 'self' 'nonce-yd/yovqJpBgxUgwgsr76vrUk' 'strict-dynamic' 'wasm-unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://connect.facebook.net https://www.clarity.ms; upgrade-insecure-requests; worker-src 'self' blob:;
    • • content-type: text/html;charset=utf-8
    • • cross-origin-embedder-policy: unsafe-none
    • • cross-origin-opener-policy: same-origin
    • • cross-origin-resource-policy: same-origin
    • • date: Wed, 24 Jun 2026 19:49:41 GMT
    • • origin-agent-cluster: ?1
    • • permissions-policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
    • • referrer-policy: strict-origin-when-cross-origin
    • • server: nginx
    • • strict-transport-security: max-age=31536000; includeSubDomains; preload
    • • vary: Accept-Encoding
    • • x-content-type-options: nosniff
    • • x-dns-prefetch-control: off
    • • x-download-options: noopen
    • • x-frame-options: DENY
    • • x-permitted-cross-domain-policies: none
    • • x-robots-tag: index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1
    • • x-xss-protection: 0
  • Content Security Policy looks restrictive and avoids common unsafe directives.

    • • Content-Security-Policy: base-uri 'none'; default-src 'self'; connect-src 'self' https://mghost.pl https://api.mghost.pl https://o447951.ingest.sentry.io https://*.ingest.sentry.io https://*.ingest.de.sentry.io https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://analytics.google.com https://www.google.com https://www.googleadservices.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://www.facebook.com https://www.clarity.ms https://*.clarity.ms https://api.iconify.design; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://*.doubleclick.net https://www.google.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu; img-src 'self' data: https://mghost.pl https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://www.facebook.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.clarity.ms https://*.clarity.ms; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src-attr 'unsafe-hashes' 'sha256-bwK6T5wZVTANitXbrTsel7kl/PyCjCd/Dq5Qoz3imjM='; style-src 'self' 'unsafe-inline'; script-src 'self' 'nonce-yd/yovqJpBgxUgwgsr76vrUk' 'strict-dynamic' 'wasm-unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://connect.facebook.net https://www.clarity.ms; upgrade-insecure-requests; worker-src 'self' blob:;
  • No first-party cookies were set during the initial page load.

  • Server response headers do not expose version tokens.

  • Domain does not appear to be behind Cloudflare.

  • Loaded in 1.04s (perceived).

  • 0 scripts and 16 styles may block rendering.

    • • style: https://mghost.pl/_nuxt/entry.Dm3fi2Jx.css
    • • style: https://mghost.pl/_nuxt/index.DE8LAYTH.css
    • • style: https://mghost.pl/_nuxt/default.CGtTI9m6.css
    • • style: https://mghost.pl/_nuxt/cart.DEmfaWrv.css
    • • style: https://mghost.pl/_nuxt/BlogGrid.64WiMNtT.css
    • • style: https://mghost.pl/_nuxt/Faq.BFtsjXC6.css
    • • style: https://mghost.pl/_nuxt/Details.DD-DAgGp.css
    • • style: https://mghost.pl/_nuxt/przeniesienie-strony.CC0jtJmk.css
    • • style: https://mghost.pl/_nuxt/BoxIntro.D4mGXt5I.css
    • • style: https://mghost.pl/_nuxt/domain-configure.B9Toslle.css
    • • style: https://mghost.pl/_nuxt/domain-pricing.ByP7x6MD.css
    • • style: https://mghost.pl/_nuxt/index.Bwcb9Sx1.css
    • • style: https://mghost.pl/_nuxt/kontakt.C6VUbIEH.css
    • • style: https://mghost.pl/_nuxt/index.Byjq0Rbn.css
    • • style: https://mghost.pl/_nuxt/register.C0Y4B2eL.css
    • • style: https://mghost.pl/_nuxt/login.oSRlZ0Ft.css

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Text-like assets appear compressed.

  • Robots.txt Pass

    Found robots.txt (200).

  • Found sitemap (200) at https://mghost.pl/sitemap_index.xml.

  • Robots meta found: index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1

Accessibility Basics

  • All 2 controls are labeled.

  • Landmarks Pass

    Header, nav, main, and footer landmarks are present.

  • Tap Target Size Warning

    20 interactive elements appear smaller than 48px.

    • • a.skip-to-content (Przejdź do treści) - 48x24px
    • • button.scrollUp (Scroll up site) - 40x40px
    • • a (Go to cart) - 34x31px
    • • button.lang-switch-btn (Zmień język) - 46x15px
    • • a (Blog) - 71x24px
    • • button.search-trigger (Znajdź domenę) - 10x10px
    • • a (Zobacz wszystkie pakiety hostingu) - 213x15px
    • • a.router-link-active.router-link-exact-active - 185x38px
    • • a (Go to facebook fanpage) - 36x36px
    • • a (Go to mghost linkedin) - 36x36px
    • • button.footer__menu--header (Oferta) - 71x47px
    • • a (Hosting współdzielony) - 156x36px
    • • a (VPS) - 156x36px
    • • a (Usługi Sys/DevOps) - 156x36px
    • • a (Licencje) - 156x36px
    • • button.footer__menu--header (Szybki dostęp) - 146x47px
    • • a (Zamów nową usługę) - 185x36px
    • • a (Zarejestruj nową domenę) - 185x36px
    • • a (Przenieś do nas domenę) - 185x36px
    • • a (Przenieś stronę do MGHost) - 185x36px

    Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Social & Rich Results

  • Core Open Graph tags are present.

  • og:image is present and absolute.

    Open Graph Image
  • twitter:card set to summary_large_image.

  • JSON-LD schema detected.

  • PWA Metadata Warning

    Manifest or Apple touch icon is missing.

    Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.

  • 1 social preview quality issues detected.

    • • ISSUE: Failed to fetch preview image: network error.
    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.

    Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.

Links Analysis

  • 1 internal links returned errors.

    • • https://mghost.pl/gamevps (HTTP 404)

    Fix: Fix or remove the listed internal URLs, and ensure routes/pages return 200 responses.

  • No broken external links found in checked URLs.

  • All 68 links use non-empty href values.

Performance & Runtime

  • Largest Contentful Paint: 1.09s.

  • Cumulative Layout Shift: 0.080.

  • Total Blocking Time estimate: 133ms.

  • No failed CSS/JS/image/font/media requests detected.

  • 2 JavaScript runtime issues detected.

    • • Request failed: https://api.mghost.pl/api/auth/user (HTTP 401, type: fetch)
    • • Failed to load resource: the server responded with a status of 401 () [https://api.mghost.pl/api/auth/user:1]

    Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.