Audit Result
UUID: 019f1e2f-9131-70dc-a420-745d6a20907b
https://creditcards.hsbc.com.cn/nwxhf/0321/?openFrom=external#/login/login?upRouteFlag=1
Scanned 2 weeks ago
Meta Information
-
Title Tag Warning
Found 2 characters. Keep title between 30 and 60 characters.
Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.
-
Meta Description Error
Missing meta description.
Fix: Add <meta name="description" content="..."> in <head> with a clear page summary.
-
Canonical URL Warning
Canonical link not found.
Fix: Add <link rel="canonical" href="https://example.com/page"> to avoid duplicate URL ambiguity.
-
Favicon Warning
No favicon link found in <head>.
Fix: Add <link rel="icon" href="/favicon.ico"> to ensure browser tab and bookmark visibility.
-
Viewport Meta Pass
Viewport configured: width=device-width,initial-scale=1
-
HTML Lang Pass
Language declared as "en".
Content Structure
-
H1 Tag Error
No H1 heading found.
Fix: Use a single, descriptive <h1> that states the primary purpose of the page.
-
Heading Hierarchy Pass
Valid heading flow across 0 headings.
-
Image Alt Text Error
3 of 3 images are missing alt text.
Fix: Add meaningful alt attributes to all informative images for accessibility and image SEO.
Technical Optimization
-
HTTPS Pass
Page is served over HTTPS.
-
HSTS & HTTPS Redirect Warning
2 HTTPS hardening issues detected.
- • Missing Strict-Transport-Security header.
- • Could not probe the HTTP version of this page.
Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.
-
Security Headers Warning
Missing: strict-transport-security, content-security-policy, x-content-type-options, referrer-policy.
Full HTTP headers (18)
- • access-control-allow-credentials: true
- • access-control-allow-headers: Content-Type,Accept,X-Requested-With,remember-me,Authorization
- • access-control-allow-methods: GET,POST,OPTIONS
- • access-control-expose-headers: Authorization
- • access-control-max-age: 3600
- • allow: GET,POST,OPTIONS
- • cache-control: no-store
- • connection: keep-alive
- • content-encoding: gzip
- • content-language: zh-CN
- • content-type: text/html
- • date: Wed, 01 Jul 2026 14:57:32 GMT
- • last-modified: Wed, 24 Jun 2026 06:12:36 GMT
- • transfer-encoding: chunked
- • x-frame-options: DENY
- • x-via: 1.1 PS-HKG-04StD63:8 (Cdn Cache Server V2.0), 1.1 PSmgbsdBOS1av79:10 (Cdn Cache Server V2.0)
- • x-ws-request-id: 6a452adc_PSmgbsdBOS1av79_41653-4078
- • x-xss-protection: 1;mode=block 1;mode=block
Fix: Add the missing security headers at your reverse proxy or application layer.
-
CSP Quality Warning
Content-Security-Policy header is missing.
- • Missing Content-Security-Policy header.
Fix: Define a restrictive Content-Security-Policy and avoid unsafe directives such as unsafe-inline and unsafe-eval.
-
Cookie Security Pass
No first-party cookies were set during the initial page load.
-
Server response headers do not expose version tokens.
-
Cloudflare Proxy Warning
Domain does not appear to be behind Cloudflare.
-
Perceived Load Time Error
Loaded in 10.90s (perceived).
Fix: Reduce payload size, cache static assets, and remove non-critical JS from initial load.
-
Render Blocking Resources Warning
1 scripts and 3 styles may block rendering.
- • script: https://creditcards.hsbc.com.cn/nwxhf/0321/static/js/login.4acf0750.js
- • style: https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/chunk-vendors.5f5217c4.css
- • style: https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/app.f449ebd0.css
- • style: https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/login.e4f84fe6.css
Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.
-
Compression Warning
8 text resources look uncompressed.
- • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/AnnList.24debcfe.css (text/css)
- • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/AutoInstallmentInfo.ff32985e.css (text/css)
- • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/BillSendTypeUpdate.da2c3248.css (text/css)
- • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/ConfirmStage.e5595534.css (text/css)
- • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/SorryPage.923909a8.css (text/css)
- • https://creditcards.hsbc.com.cn/nwxhf/0321/static/css/err.c8228aff.css (text/css)
- • https://creditcards.hsbc.com.cn/nwxhf/0321/static/js/chunk-2d0e2365.ca620345.js (application/javascript;charset=UTF-8)
- • https://creditcards.hsbc.com.cn/nwxhf/0321/static/js/err.7bcdc3f3.js (application/javascript;charset=UTF-8)
Fix: Enable Brotli or Gzip compression for HTML, CSS, JS, and JSON responses.
-
Robots.txt Error
robots.txt missing or inaccessible (404).
Fix: Create a robots.txt file at https://creditcards.hsbc.com.cn/robots.txt and allow intended crawlers.
-
Sitemap File Warning
Sitemap missing or inaccessible at https://creditcards.hsbc.com.cn/sitemap.xml (404).
Fix: Publish a sitemap.xml and reference it in robots.txt with: Sitemap: https://creditcards.hsbc.com.cn/sitemap.xml
-
Crawl Directives Warning
No robots meta tag defined.
Fix: Add <meta name="robots" content="index,follow"> (or the intended directive) in <head>.
Accessibility Basics
-
Form Labels Pass
All 3 controls are labeled.
-
Landmarks Warning
Missing landmarks: header, nav, main, footer.
Fix: Use semantic regions (<header>, <nav>, <main>, <footer>) for navigation and assistive tech.
-
Tap Target Size Pass
Interactive targets look touch-friendly.
Social & Rich Results
-
Open Graph Basics Warning
Missing og:title or og:description.
Fix: Add og:title and og:description tags to control social preview text.
-
Open Graph Image Warning
og:image is missing.
Fix: Add <meta property="og:image" content="https://..."> with a high-quality share image.
-
Twitter Card Warning
twitter:card is missing.
Fix: Add <meta name="twitter:card" content="summary_large_image"> for better previews on X.
-
Structured Data Warning
No JSON-LD schema scripts found.
Fix: Add JSON-LD structured data matching your page type (Organization, Article, Product, etc.).
-
PWA Metadata Warning
Manifest or Apple touch icon is missing.
Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.
-
Open Graph/Twitter Quality Warning
5 social preview quality issues detected.
- • ISSUE: og:url should be an absolute URL.
- • ISSUE: og:title should typically be between 10 and 70 characters.
- • ISSUE: og:description should typically be between 50 and 200 characters.
- • ISSUE: Use an absolute URL for og:image or twitter:image.
- • ISSUE: twitter:card is missing.
- • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
- • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
- • GUIDELINE: Optimal preview image size: 1200x630 pixels.
- • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
- • GUIDELINE: Optimal preview image file size: under 5 MB.
- • GUIDELINE: Recommended twitter:card: summary_large_image.
Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.
Links Analysis
-
Internal Links Pass
Checked 0 links. No broken internal links found.
-
External Links Pass
No broken external links found in checked URLs.
-
Link Format Pass
All 0 links use non-empty href values.
Performance & Runtime
-
Core Web Vitals: LCP Error
Largest Contentful Paint: 10.98s.
Fix: Improve LCP by optimizing above-the-fold media, reducing server latency, and inlining critical CSS.
-
Core Web Vitals: CLS Pass
Cumulative Layout Shift: 0.004.
-
Total Blocking Time estimate: 91ms.
-
Broken Assets Pass
No failed CSS/JS/image/font/media requests detected.
-
No console/page runtime errors detected during audit.