Audit Result

UUID: 019f1e2f-9131-70dc-a420-745d6a20907b

creditcards.hsbc.com.cn

https://creditcards.hsbc.com.cn/nwxhf/0321/?openFrom=external#/login/login?upRouteFlag=1

Scanned 2 weeks ago

62
Needs Attention
39 total checks
Passed
15
Warnings
18
Errors
6

Meta Information

  • Title Tag Warning

    Found 2 characters. Keep title between 30 and 60 characters.

    Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.

  • Missing meta description.

    Fix: Add <meta name="description" content="..."> in <head> with a clear page summary.

  • Canonical URL Warning

    Canonical link not found.

    Fix: Add <link rel="canonical" href="https://example.com/page"> to avoid duplicate URL ambiguity.

  • Favicon Warning

    No favicon link found in <head>.

    Fix: Add <link rel="icon" href="/favicon.ico"> to ensure browser tab and bookmark visibility.

  • Viewport configured: width=device-width,initial-scale=1

  • HTML Lang Pass

    Language declared as "en".

Content Structure

  • H1 Tag Error

    No H1 heading found.

    Fix: Use a single, descriptive <h1> that states the primary purpose of the page.

  • Valid heading flow across 0 headings.

  • 3 of 3 images are missing alt text.

    Fix: Add meaningful alt attributes to all informative images for accessibility and image SEO.

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • 2 HTTPS hardening issues detected.

    • • Missing Strict-Transport-Security header.
    • • Could not probe the HTTP version of this page.

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Missing: strict-transport-security, content-security-policy, x-content-type-options, referrer-policy.

    Full HTTP headers (18)
    • • access-control-allow-credentials: true
    • • access-control-allow-headers: Content-Type,Accept,X-Requested-With,remember-me,Authorization
    • • access-control-allow-methods: GET,POST,OPTIONS
    • • access-control-expose-headers: Authorization
    • • access-control-max-age: 3600
    • • allow: GET,POST,OPTIONS
    • • cache-control: no-store
    • • connection: keep-alive
    • • content-encoding: gzip
    • • content-language: zh-CN
    • • content-type: text/html
    • • date: Wed, 01 Jul 2026 14:57:32 GMT
    • • last-modified: Wed, 24 Jun 2026 06:12:36 GMT
    • • transfer-encoding: chunked
    • • x-frame-options: DENY
    • • x-via: 1.1 PS-HKG-04StD63:8 (Cdn Cache Server V2.0), 1.1 PSmgbsdBOS1av79:10 (Cdn Cache Server V2.0)
    • • x-ws-request-id: 6a452adc_PSmgbsdBOS1av79_41653-4078
    • • x-xss-protection: 1;mode=block 1;mode=block

    Fix: Add the missing security headers at your reverse proxy or application layer.

  • CSP Quality Warning

    Content-Security-Policy header is missing.

    • • Missing Content-Security-Policy header.

    Fix: Define a restrictive Content-Security-Policy and avoid unsafe directives such as unsafe-inline and unsafe-eval.

  • No first-party cookies were set during the initial page load.

  • Server response headers do not expose version tokens.

  • Domain does not appear to be behind Cloudflare.

  • Loaded in 10.90s (perceived).

    Fix: Reduce payload size, cache static assets, and remove non-critical JS from initial load.

  • 1 scripts and 3 styles may block rendering.

    • • script: https://creditcards.hsbc.com.cn/nwxhf/0321/static/js/login.4acf0750.js
    • • style: https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/chunk-vendors.5f5217c4.css
    • • style: https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/app.f449ebd0.css
    • • style: https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/login.e4f84fe6.css

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Compression Warning

    8 text resources look uncompressed.

    • • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/AnnList.24debcfe.css (text/css)
    • • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/AutoInstallmentInfo.ff32985e.css (text/css)
    • • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/BillSendTypeUpdate.da2c3248.css (text/css)
    • • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/ConfirmStage.e5595534.css (text/css)
    • • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/SorryPage.923909a8.css (text/css)
    • • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/err.c8228aff.css (text/css)
    • • https://creditcards.hsbc.com.cn/nwxhf/0321/static/js/chunk-2d0e2365.ca620345.js (application/javascript;charset=UTF-8)
    • • https://creditcards.hsbc.com.cn/nwxhf/0321/static/js/err.7bcdc3f3.js (application/javascript;charset=UTF-8)

    Fix: Enable Brotli or Gzip compression for HTML, CSS, JS, and JSON responses.

  • Robots.txt Error

    robots.txt missing or inaccessible (404).

    Fix: Create a robots.txt file at https://creditcards.hsbc.com.cn/robots.txt and allow intended crawlers.

  • Sitemap File Warning

    Sitemap missing or inaccessible at https://creditcards.hsbc.com.cn/sitemap.xml (404).

    Fix: Publish a sitemap.xml and reference it in robots.txt with: Sitemap: https://creditcards.hsbc.com.cn/sitemap.xml

  • No robots meta tag defined.

    Fix: Add <meta name="robots" content="index,follow"> (or the intended directive) in <head>.

Accessibility Basics

  • All 3 controls are labeled.

  • Landmarks Warning

    Missing landmarks: header, nav, main, footer.

    Fix: Use semantic regions (<header>, <nav>, <main>, <footer>) for navigation and assistive tech.

  • Interactive targets look touch-friendly.

Social & Rich Results

  • Missing og:title or og:description.

    Fix: Add og:title and og:description tags to control social preview text.

  • og:image is missing.

    Fix: Add <meta property="og:image" content="https://..."> with a high-quality share image.

  • Twitter Card Warning

    twitter:card is missing.

    Fix: Add <meta name="twitter:card" content="summary_large_image"> for better previews on X.

  • Structured Data Warning

    No JSON-LD schema scripts found.

    Fix: Add JSON-LD structured data matching your page type (Organization, Article, Product, etc.).

  • PWA Metadata Warning

    Manifest or Apple touch icon is missing.

    Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.

  • 5 social preview quality issues detected.

    • • ISSUE: og:url should be an absolute URL.
    • • ISSUE: og:title should typically be between 10 and 70 characters.
    • • ISSUE: og:description should typically be between 50 and 200 characters.
    • • ISSUE: Use an absolute URL for og:image or twitter:image.
    • • ISSUE: twitter:card is missing.
    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.

    Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.

Links Analysis

Performance & Runtime