Audit Result

UUID: 019f1bec-610f-70c9-be7d-3e838018aa1c

videoall.ai

https://videoall.ai/

Scanned 2 weeks ago

86
Excellent Score
39 total checks
Passed
30
Warnings
7
Errors
2

Meta Information

  • Title Tag Pass

    Found 50 characters. Length is optimal.

  • Found 142 characters. Good snippet length.

  • Canonical found: https://videoall.ai

  • Favicon Pass

    Favicon found and reachable: /icon.svg?e61a3cd25065dc5f (HTTP 200).

    Favicon
  • Viewport configured: width=device-width, initial-scale=1

  • HTML Lang Pass

    Language declared as "en".

Content Structure

  • H1 Tag Pass

    Exactly one H1 found: "Create Stunning AI Videos With World-Class AI Models".

  • Valid heading flow across 24 headings.

  • All 36 images include alt text.

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • 2 HTTPS hardening issues detected.

    • • Missing Strict-Transport-Security header.
    • • Could not probe the HTTP version of this page.

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Missing: strict-transport-security.

    Full HTTP headers (19)
    • • alt-svc: h3=":443"; ma=86400
    • • cache-control: private, no-cache, no-store, max-age=0, must-revalidate
    • • cf-cache-status: DYNAMIC
    • • cf-ray: a142a4934df688ee-IAD
    • • content-encoding: zstd
    • • content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://c.bing.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; media-src 'self' blob: https:; font-src 'self' data:; connect-src 'self' https:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'
    • • content-type: text/html; charset=utf-8
    • • date: Wed, 01 Jul 2026 04:24:45 GMT
    • • link: </_next/static/media/bb3ef058b751a6ad-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/e4af272ccee01ff0-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"
    • • nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
    • • permissions-policy: camera=(), microphone=(), geolocation=()
    • • referrer-policy: strict-origin-when-cross-origin
    • • report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=amOm7adL4iu3doQ1Qo5CzJFb7dyfpC6K5CL2UMvgoELF3uMg2hhNcB3%2BI6sNdaI9PyWe00itOrfKL2SOYt6upEHUwtMQ74TIeoDGUt8cOar%2Bn0hymqGTMA6xreyH%2FG%2Bu91oz8h8q1cBR%2Bw%3D%3D"}]}
    • • server: cloudflare
    • • server-timing: cfCacheStatus;desc="DYNAMIC" cfEdge;dur=8,cfOrigin;dur=26
    • • vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
    • • x-content-type-options: nosniff
    • • x-frame-options: DENY
    • • x-powered-by: Next.js

    Fix: Add the missing security headers at your reverse proxy or application layer.

  • CSP Quality Error

    3 CSP hardening issues detected.

    • • script-src/default-src permits 'unsafe-inline'.
    • • script-src/default-src permits 'unsafe-eval'.
    • • CSP is missing object-src 'none'.
    • • Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://c.bing.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; media-src 'self' blob: https:; font-src 'self' data:; connect-src 'self' https:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'

    Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.

  • No first-party cookies were set during the initial page load.

  • Server response headers do not expose version tokens.

  • Domain appears to be behind Cloudflare.

    • • server: cloudflare
    • • cf-cache-status: DYNAMIC
    • • cf-ray: a142a4934df688ee-IAD
  • Loaded in 0.33s (perceived).

  • 1 scripts and 3 styles may block rendering.

    • • script: https://videoall.ai/_next/static/chunks/polyfills-42372ed130431b0a.js
    • • style: https://videoall.ai/_next/static/css/b5cc39ff4257726e.css
    • • style: https://videoall.ai/_next/static/css/b708dcb647e61b3e.css
    • • style: https://videoall.ai/_next/static/css/b8f7c165e0b2dd4c.css

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Text-like assets appear compressed.

  • Robots.txt Pass

    Found robots.txt (200).

  • Found sitemap (200) at https://videoall.ai/sitemap.xml.

  • Robots meta found: index, follow

Accessibility Basics

  • All 0 controls are labeled.

  • Landmarks Warning

    Missing landmarks: header.

    Fix: Use semantic regions (<header>, <nav>, <main>, <footer>) for navigation and assistive tech.

  • Tap Target Size Warning

    22 interactive elements appear smaller than 48px.

    • • a.nav-logo - 150x28px
    • • a (Text to Video) - 108x32px
    • • a (Image to Video) - 119x32px
    • • a (Video to Video) - 117x32px
    • • a (Text to Image) - 110x32px
    • • a (Image to Image) - 121x32px
    • • a (Pricing) - 68x32px
    • • a (My Assets) - 89x32px
    • • button.icon-button (Toggle theme) - 31x38px
    • • button.language-menu-trigger (Language) - 112x38px
    • • button.media-mute-button (Unmute preview) - 34x34px
    • • button.segment (Sunrise) - 174x3px
    • • button.segment (Fighting Dragon) - 174x3px
    • • button.segment (Girl on Bed) - 174x3px
    • • button.segment (Father Talking) - 174x3px
    • • button.segment (Sports Car) - 174x3px
    • • button (Sunrise) - 174x20px
    • • button (Fighting Dragon) - 174x20px
    • • button.active (Girl on Bed) - 174x20px
    • • button (Father Talking) - 174x20px
    • • button (Sports Car) - 174x20px
    • • button.media-mute-button.portrait-mute-button (Unmute preview) - 34x34px

    Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Social & Rich Results

  • Core Open Graph tags are present.

  • og:image is present and absolute.

    Open Graph Image
  • twitter:card set to summary_large_image.

  • JSON-LD schema detected.

  • PWA Metadata Warning

    Manifest or Apple touch icon is missing.

    Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.

  • Social preview metadata and image quality look good for Open Graph/Twitter.

    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.
    • • MEASURED: Image size: 0.15 MB
    • • MEASURED: Image dimensions: 1200x630

Links Analysis

  • Checked 22 links. No broken internal links found.

  • No broken external links found in checked URLs.

  • All 57 links use non-empty href values.

Performance & Runtime

  • Largest Contentful Paint: 0.33s.

  • Cumulative Layout Shift: 0.000.

  • Total Blocking Time estimate: 10ms.

  • 1 asset requests failed.

    • • https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496 (csp)

    Fix: Fix missing files, update asset URLs, and ensure static assets return HTTP 200.

  • 3 JavaScript runtime issues detected.

    • • Request failed: https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496 (csp, type: script)
    • • Request failed: https://videoall.ai/auth/signin?_rsc=19zvn (net::ERR_ABORTED, type: fetch)
    • • Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://c.bing.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. [https://videoall.ai/:1]

    Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.