Audit Result
UUID: 019f1a14-f800-70b9-8191-5b048dc0bf7e
https://www.youtube.com/
Scanned 2 weeks ago
Meta Information
-
Title Tag Warning
Found 7 characters. Keep title between 30 and 60 characters.
Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.
-
Meta Description Pass
Found 126 characters. Good snippet length.
-
Canonical URL Pass
Canonical found: https://www.youtube.com/
-
Favicon Pass
Favicon found and reachable: https://www.youtube.com/s/desktop/6740ecb6/img/favicon.ico (HTTP 200).
-
Viewport Meta Pass
Viewport configured: width=device-width, initial-scale=1.0, viewport-fit=cover
-
HTML Lang Pass
Language declared as "en".
Content Structure
-
H1 Tag Warning
Found 4 H1 tags.
Fix: Use a single, descriptive <h1> that states the primary purpose of the page.
-
Heading Hierarchy Warning
Detected 1 heading level jumps.
- • Skipped from h1 to h3: "<h1>" -> "<h3>".
Fix: Follow semantic order (h1 -> h2 -> h3) and avoid skipping heading levels.
-
Image Alt Text Error
7 of 7 images are missing alt text.
Fix: Add meaningful alt attributes to all informative images for accessibility and image SEO.
Technical Optimization
-
HTTPS Pass
Page is served over HTTPS.
-
HSTS & HTTPS Redirect Warning
2 HTTPS hardening issues detected.
- • HSTS is missing includeSubDomains.
- • Could not probe the HTTP version of this page.
- • Strict-Transport-Security: max-age=31536000
Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.
-
Security Headers Warning
Missing: referrer-policy.
Full HTTP headers (22)
- • accept-ch: Sec-CH-Viewport-Width, Sec-CH-DPR, Device-Memory
- • alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
- • cache-control: no-cache, no-store, max-age=0, must-revalidate
- • content-encoding: br
- • content-security-policy: script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.google.com https://apis.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://youtube.com https://www.youtube.com https://google.com https://*.doubleclick.net https://*.googleapis.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.youtubekids.com https://www.youtube-nocookie.com https://www.youtubeeducation.com https://www-onepick-opensocial.googleusercontent.com;report-uri https://csp.withgoogle.com/csp/youtube_main/allowlist require-trusted-types-for 'script' base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-d9CK9lKYU9KyydLMEbeIVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';report-uri https://csp.withgoogle.com/csp/youtube_main/strict
- • content-type: text/html; charset=utf-8
- • cross-origin-opener-policy: same-origin-allow-popups; report-to="youtube_main"
- • date: Tue, 30 Jun 2026 19:50:01 GMT
- • document-policy: include-js-call-stacks-in-crash-reports
- • expires: Mon, 01 Jan 1990 00:00:00 GMT
- • origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 AiDEBptUfVeO93q48VdVMe/ubupazdAl8AaHP+NBzdnW8quUcHdzJUyGSfrmtpKJu7EOvwRp9ug2rEo3XU+WMAMAAAB2eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJEZXZpY2VCb3VuZFNlc3Npb25DcmVkZW50aWFsczIiLCJleHBpcnkiOjE3NzQzMTA0MDAsImlzU3ViZG9tYWluIjp0cnVlfQ==
- • p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
- • permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
- • pragma: no-cache
- • report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
- • reporting-endpoints: crash-reporting="/web-reports?context=eJwNzX9o1HUcx_F9fda47rbdfff98fm8WaSoYGm3dqONSLOYJTrZHFiQTpvbOktaO7e-u20oKv0iaY0JhizTDMq2zAtC7cf8RZADm0oXspVaJoXNRuKMmm5inz8evODFC17hP--evaTZagmnrNVzWq2uxYH1777AOjAQWNXn2qyxGWmrdmbaavq1w9oTe3Zax7UwtfMi_FgZYaw6wkurIxz-JMLAFxEuXonwcFseR3vzqb-cT9_XBdQMFrDd-Pt2AeWPRUkno0TSUd7bFiWxM4o6FeXo7BjZXTFSB2Jc-C9Gd5nN-8_YXKyzqXrBZtMmm9eNim6b45_aFGVs7h21uTxhc6eykKraQuZnTRY57J_uEC9zmFjuEE45_LHVYfGIw45xh6lJhw15Lm-7LjXKpSFw2dzrktnrMjbo0jzk8vLPLrtzPJ70PWZpj7NFHp3TPSpWePS_6WG963H6tMc3ts_kQz71CR_vUZ81y3xC1T4fGj2NPkNNPhOv-PS96pPp89kx6NM76vPPNEV-riJmnHhAMVSsOLREkVmqyKlU3OxQJLYr3jimCB1X_PKtIhhWNF1QrLlkXFVkxxW3byjemVBYtxR_TSru3KVZFNY8FdUs15ozCY0s0HRWaZ5YqRlaq3kuqfl9o6Z9myZ3p2btHk3LR5rvP9Zk-zTXjLx-TYFR-J2m5ozmpLH3rGbqnKZ7WJMzollqfGBkxjRc19x3U7NxSnPKIEdYhHAiV1gXEp6-R9gaFVpnCSfnCp8tEB5fKPxUIcgqYbBeeK1FyKSFUePBdmHuZuH6FmHK2LdLmLNfGM8I938uhA6a7pDQdViY8aUQfCW8NSCsOCL8MCKsOm82l8z3b8KLRtcVIXFVmHdDKMwLjQ70ZHNjPef7h5kZ70y1BW0NyeL2ZEN8XWuqOYgnm5-PN7auD9Y31jfVlZaUlpeUlz5SXFJWt6Hkf8nC6gM"
- • server: ESF
- • strict-transport-security: max-age=31536000
- • vary: Sec-CH-Viewport-Width, Sec-CH-DPR, Device-Memory
- • x-content-type-options: nosniff
- • x-frame-options: SAMEORIGIN
- • x-xss-protection: 0
Fix: Add the missing security headers at your reverse proxy or application layer.
-
CSP Quality Error
4 CSP hardening issues detected.
- • script-src/default-src permits 'unsafe-inline'.
- • script-src/default-src permits 'unsafe-eval'.
- • CSP is missing a base-uri restriction.
- • CSP is missing frame-ancestors protection.
- • Content-Security-Policy: script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.google.com https://apis.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://youtube.com https://www.youtube.com https://google.com https://*.doubleclick.net https://*.googleapis.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.youtubekids.com https://www.youtube-nocookie.com https://www.youtubeeducation.com https://www-onepick-opensocial.googleusercontent.com;report-uri https://csp.withgoogle.com/csp/youtube_main/allowlist require-trusted-types-for 'script' base-uri 'self';object-src 'none';script-src 'report-sample' 'nonce-d9CK9lKYU9KyydLMEbeIVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';report-uri https://csp.withgoogle.com/csp/youtube_main/strict
Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.
-
Cookie Security Pass
No first-party cookies were set during the initial page load.
-
Server response headers do not expose version tokens.
-
Cloudflare Proxy Warning
Domain does not appear to be behind Cloudflare.
-
Perceived Load Time Pass
Loaded in 0.40s (perceived).
-
Render Blocking Resources Warning
14 scripts and 7 styles may block rendering.
- • script: https://static.doubleclick.net/instream/ad_status.js
- • script: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
- • script: https://www.youtube.com/s/player/4918c89a/player_ias.vflset/en_US/miniplayer.js
- • script: https://www.youtube.com/s/player/4918c89a/player_ias.vflset/en_US/remote.js
- • script: https://www.youtube.com/s/player/4918c89a/player_ias.vflset/en_US/offline.js
- • script: https://www.youtube.com/s/desktop/6740ecb6/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js
- • script: https://www.youtube.com/s/desktop/6740ecb6/jsbin/webcomponents-all-noPatch.vflset/webcomponents-all-noPatch.js
- • script: https://www.youtube.com/s/desktop/6740ecb6/jsbin/fetch-polyfill.vflset/fetch-polyfill.js
- • script: https://www.youtube.com/s/desktop/6740ecb6/jsbin/intersection-observer.min.vflset/intersection-observer.min.js
- • script: https://www.youtube.com/s/desktop/6740ecb6/jsbin/scheduler.vflset/scheduler.js
- • script: https://www.youtube.com/s/desktop/6740ecb6/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js
- • script: https://www.youtube.com/s/desktop/6740ecb6/jsbin/spf.vflset/spf.js
- • script: https://www.youtube.com/s/desktop/6740ecb6/jsbin/network.vflset/network.js
- • script: https://www.youtube.com/s/player/4918c89a/player_ias.vflset/en_US/base.js
- • style: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&family=YouTube+Sans:[email protected]&display=swap
- • style: https://www.youtube.com/s/desktop/6740ecb6/cssbin/www-main-desktop-home-page-skeleton.css
- • style: https://www.youtube.com/s/desktop/6740ecb6/cssbin/www-onepick.css
- • style: https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.BWSDMgLVs5c.L.W.O/am=AAAAEAAgBMDm/d=0/br=1/rs=AGKMywGgebl0REYhdI0O2gcwpEDqVU_f3Q
- • style: https://fonts.googleapis.com/css?family=Roboto:300italic,400italic,500italic,700italic
- • style: https://fonts.googleapis.com/css?family=Roboto+Mono:400
- • style: https://www.youtube.com/s/player/4918c89a/www-player.css
Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.
-
Compression Pass
Text-like assets appear compressed.
-
Robots.txt Pass
Found robots.txt (200).
-
Sitemap File Pass
Found sitemap (200) at https://www.youtube.com/sitemaps/sitemap.xml.
-
Crawl Directives Warning
No robots meta tag defined.
Fix: Add <meta name="robots" content="index,follow"> (or the intended directive) in <head>.
Accessibility Basics
-
Form Labels Error
1 of 2 controls are missing labels.
- • input[type="text"].ytSearchboxComponentInput.yt-searchbox-input (search_query)
Fix: Associate each form control with a visible label, aria-label, or aria-labelledby.
-
Landmarks Warning
Missing landmarks: footer.
Fix: Use semantic regions (<header>, <nav>, <main>, <footer>) for navigation and assistive tech.
-
Tap Target Size Warning
7 interactive elements appear smaller than 48px.
- • button#button.style-scope.yt-icon-button (Guide) - 24x24px
- • button.ytSpecButtonShapeNextHost.ytSpecButtonShapeNextTonal (Skip navigation) - 130x40px
- • button.ytSearchboxComponentSearchButton (Search) - 64x40px
- • button.ytSpecButtonShapeNextHost.ytSpecButtonShapeNextText (Search with your voice) - 40x40px
- • a.yt-simple-endpoint.style-scope - 40x40px
- • button#button.style-scope.yt-icon-button (Settings) - 24x24px
- • a.ytSpecButtonShapeNextHost.ytSpecButtonShapeNextOutline (Sign in) - 99x40px
Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.
Social & Rich Results
-
Open Graph Basics Warning
Missing og:title or og:description.
Fix: Add og:title and og:description tags to control social preview text.
-
-
Twitter Card Warning
twitter:card is missing.
Fix: Add <meta name="twitter:card" content="summary_large_image"> for better previews on X.
-
Structured Data Warning
No JSON-LD schema scripts found.
Fix: Add JSON-LD structured data matching your page type (Organization, Article, Product, etc.).
-
PWA Metadata Warning
Manifest or Apple touch icon is missing.
Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.
-
Open Graph/Twitter Quality Warning
5 social preview quality issues detected.
- • ISSUE: og:url should be an absolute URL.
- • ISSUE: og:title should typically be between 10 and 70 characters.
- • ISSUE: og:description should typically be between 50 and 200 characters.
- • ISSUE: Preview image aspect ratio (1.00) differs from the recommended ~1.91:1.
- • ISSUE: twitter:card is missing.
- • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
- • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
- • GUIDELINE: Optimal preview image size: 1200x630 pixels.
- • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
- • GUIDELINE: Optimal preview image file size: under 5 MB.
- • GUIDELINE: Recommended twitter:card: summary_large_image.
- • MEASURED: Image size: 0.01 MB
- • MEASURED: Image dimensions: 1200x1200
Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.
Links Analysis
-
Internal Links Pass
Checked 5 links. No broken internal links found.
-
External Links Pass
No broken external links found in checked URLs.
-
Link Format Warning
17 links are empty, invalid, or placeholder-only.
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
- • href="(empty)"
Fix: Replace empty/#/javascript href values with real destinations or use buttons for non-navigation actions.
Performance & Runtime
-
Core Web Vitals: LCP Pass
Largest Contentful Paint: 1.67s.
-
Core Web Vitals: CLS Pass
Cumulative Layout Shift: 0.001.
-
Total Blocking Time estimate: 721ms.
Fix: Reduce heavy JavaScript work, split long tasks, and defer non-critical scripts.
-
Broken Assets Pass
No failed CSS/JS/image/font/media requests detected.
-
JavaScript Runtime Errors Warning
3 JavaScript runtime issues detected.
- • Request failed: https://www.youtube.com/ (net::ERR_ABORTED, type: fetch)
- • Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. [about:blank:1]
- • Failed to load resource: the server responded with a status of 403 () [https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&dsh=S722574011%3A1782849003807483&hl=en&passive=true&service=youtube&uilel=3&flowName=WebLiteSignIn&flowEntry=ServiceLogin&ifkv=AcDsRvzo0VwYHDPkaZErAniYcv_JXQ1Asw8O6UamdoDQmkiXsa34CEQQX-uhdfepAc7lssLrR9PFwg:1]
Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.