Audit Result

UUID: 019f0aa4-93d6-71b6-9c06-dec5c763f7fc

buatlapak.com

https://buatlapak.com/

Scanned 2 weeks ago

83
Fair Score
39 total checks
Passed
27
Warnings
11
Errors
1

Meta Information

  • Title Tag Warning

    Found 61 characters. Keep title between 30 and 60 characters.

    Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.

  • Found 162 characters. Keep description around 70-160 characters.

    Fix: Add <meta name="description" content="..."> in <head> with a clear page summary.

  • Canonical found: https://buatlapak.com

  • Favicon Pass

    Favicon found and reachable: /favicon.ico (HTTP 200).

    Favicon
  • Viewport configured: width=device-width, initial-scale=1

  • HTML Lang Pass

    Language declared as "id".

Content Structure

  • H1 Tag Pass

    Exactly one H1 found: "99% UMKM Indonesia belum punya website. Kamu termasuk?".

  • Detected 1 heading level jumps.

    • • Skipped from h2 to h4: "Masih mau kirim link GoF**d/Sh*pee ke customer?" -> "Produk".

    Fix: Follow semantic order (h1 -> h2 -> h3) and avoid skipping heading levels.

  • All 14 images include alt text.

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • 1 HTTPS hardening issues detected.

    • • Could not probe the HTTP version of this page.
    • • Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Core security headers were detected.

    Full HTTP headers (25)
    • • alt-svc: h3=":443"; ma=86400
    • • cache-control: public, max-age=0, must-revalidate
    • • cdn-cache-control: public, max-age=60, stale-while-revalidate=300
    • • cf-ray: a126fedb39345938-IAD
    • • content-encoding: zstd
    • • content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://media.buatlapak.com https://buatlapak.com https://*.tile.openstreetmap.org; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://challenges.cloudflare.com https://token-plan-sgp.xiaomimimo.com https://generativelanguage.googleapis.com; frame-src https://challenges.cloudflare.com; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests
    • • content-type: text/html; charset=utf-8
    • • date: Sat, 27 Jun 2026 19:53:02 GMT
    • • nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
    • • permissions-policy: camera=(), microphone=(), geolocation=(), payment=(self), usb=(), magnetometer=(), gyroscope=(), accelerometer=()
    • • referrer-policy: strict-origin-when-cross-origin
    • • report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SRGsnT%2F1Xw0%2Fh1%2BJ2DKA22%2F%2FPh6PWY89rEi2jp7psO%2Fvx4%2B2AFs9JRrhfcyFldrlcsUHq4Og%2F9EUJv9cBD3ZTbk7OcUPIX%2Bmxe%2FnFtjLv%2BfMMVQp1%2FJKDx4NJ0JvyS%2BhIXKkLzdfis45uBqA"}]}
    • • server: cloudflare
    • • server-timing: cfEdge;dur=323,cfOrigin;dur=0,cfWorker;dur=294
    • • speculation-rules: "/cdn-cgi/speculation"
    • • strict-transport-security: max-age=31536000; includeSubDomains; preload
    • • vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch
    • • x-content-type-options: nosniff
    • • x-frame-options: DENY
    • • x-nextjs-cache: MISS
    • • x-nextjs-prerender: 1
    • • x-nextjs-stale-time: 300
    • • x-opennext: 1
    • • x-powered-by: Next.js
    • • x-xss-protection: 1; mode=block
  • CSP Quality Error

    3 CSP hardening issues detected.

    • • script-src/default-src permits 'unsafe-inline'.
    • • script-src/default-src permits 'unsafe-eval'.
    • • CSP is missing frame-ancestors protection.
    • • Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://media.buatlapak.com https://buatlapak.com https://*.tile.openstreetmap.org; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://challenges.cloudflare.com https://token-plan-sgp.xiaomimimo.com https://generativelanguage.googleapis.com; frame-src https://challenges.cloudflare.com; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests

    Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.

  • No first-party cookies were set during the initial page load.

  • Server response headers do not expose version tokens.

  • Domain appears to be behind Cloudflare.

    • • server: cloudflare
    • • cf-ray: a126fedb39345938-IAD
  • Loaded in 0.95s (perceived).

  • 1 scripts and 1 styles may block rendering.

    • • script: https://buatlapak.com/_next/static/chunks/polyfills-42372ed130431b0a.js
    • • style: https://buatlapak.com/_next/static/css/1ccf3b45f45e5d4a.css

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Text-like assets appear compressed.

  • Robots.txt Pass

    Found robots.txt (200).

  • Found sitemap (200) at https://buatlapak.com/sitemap.xml.

  • Robots meta found: index, follow

Accessibility Basics

  • All 0 controls are labeled.

  • Landmarks Warning

    Missing landmarks: header.

    Fix: Use semantic regions (<header>, <nav>, <main>, <footer>) for navigation and assistive tech.

  • Tap Target Size Warning

    8 interactive elements appear smaller than 48px.

    • • a.flex.items-center (BuatLapak) - 140x36px
    • • a.text-sm.text-gray-600 (Fitur) - 28x20px
    • • a.text-sm.text-gray-600 (Cara Kerja) - 68x20px
    • • a.text-sm.text-gray-600 (Harga) - 40x20px
    • • button.group/button.inline-flex (Mulai Gratis) - 107x32px
    • • a.hover:text-white.transition-colors (Syarat) - 37x16px
    • • a.hover:text-white.transition-colors (Privasi) - 39x16px
    • • a.hover:text-white.transition-colors (Kontak) - 41x16px

    Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Social & Rich Results

  • Core Open Graph tags are present.

  • og:image is present and absolute.

    Open Graph Image
  • twitter:card set to summary_large_image.

  • JSON-LD schema detected.

  • PWA Metadata Warning

    Manifest or Apple touch icon is missing.

    Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.

  • 1 social preview quality issues detected.

    • • ISSUE: Failed to fetch preview image: network error.
    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.

    Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.

Links Analysis

  • Checked 4 links. No broken internal links found.

  • External Links Warning

    1 external links returned errors or timed out.

    • • https://wa.me/62xxx (HTTP 404)

    Fix: Replace dead external URLs or point to working alternatives.

  • Link Format Warning

    4 links are empty, invalid, or placeholder-only.

    • • href="#" text="FAQ"
    • • href="#" text="Kontak"
    • • href="#" text="Privasi"
    • • href="#" text="Kontak"

    Fix: Replace empty/#/javascript href values with real destinations or use buttons for non-navigation actions.

Performance & Runtime