Audit Result

UUID: 019f2d4e-7de9-71ed-be1a-660463afaa0c

admin.db.tivornya.hu

https://admin.db.tivornya.hu/login?next=/

Scanned 1 week ago

60
Needs Attention
39 total checks
Passed
14
Warnings
19
Errors
6

Meta Information

  • Title Tag Warning

    Found 9 characters. Keep title between 30 and 60 characters.

    Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.

  • Missing meta description.

    Fix: Add <meta name="description" content="..."> in <head> with a clear page summary.

  • Canonical URL Warning

    Canonical link not found.

    Fix: Add <link rel="canonical" href="https://example.com/page"> to avoid duplicate URL ambiguity.

  • Favicon Pass

    Favicon found and reachable: /favicon.ico?ver=91600 (HTTP 200).

    Favicon
  • Viewport configured: width=device-width, initial-scale=1

  • HTML Lang Pass

    Language declared as "en".

Content Structure

  • H1 Tag Error

    No H1 heading found.

    Fix: Use a single, descriptive <h1> that states the primary purpose of the page.

  • Valid heading flow across 0 headings.

  • All 0 images include alt text.

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • 2 HTTPS hardening issues detected.

    • • Missing Strict-Transport-Security header.
    • • Could not probe the HTTP version of this page.

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Missing: strict-transport-security, referrer-policy.

    Full HTTP headers (13)
    • • alt-svc: h3=":443"; ma=2592000
    • • cache-control: private=True, no-store=True
    • • content-encoding: zstd
    • • content-length: 2509
    • • content-security-policy: default-src ws: http: data: blob: 'unsafe-inline' 'unsafe-eval';
    • • content-type: text/html; charset=utf-8
    • • cross-origin-opener-policy: same-origin
    • • date: Sat, 04 Jul 2026 13:25:40 GMT
    • • server: Caddy gunicorn
    • • vary: Accept-Encoding
    • • x-content-type-options: nosniff
    • • x-frame-options: SAMEORIGIN
    • • x-xss-protection: 1; mode=block

    Fix: Add the missing security headers at your reverse proxy or application layer.

  • CSP Quality Error

    5 CSP hardening issues detected.

    • • script-src/default-src permits 'unsafe-inline'.
    • • script-src/default-src permits 'unsafe-eval'.
    • • CSP is missing object-src 'none'.
    • • CSP is missing a base-uri restriction.
    • • CSP is missing frame-ancestors protection.
    • • Content-Security-Policy: default-src ws: http: data: blob: 'unsafe-inline' 'unsafe-eval';

    Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.

  • No first-party cookies were set during the initial page load.

  • Server response headers do not expose version tokens.

  • Domain does not appear to be behind Cloudflare.

  • Loaded in 3.16s (perceived).

    Fix: Reduce payload size, cache static assets, and remove non-critical JS from initial load.

  • 6 scripts and 1 styles may block rendering.

    • • script: https://admin.db.tivornya.hu/static/vendor/require/require.min.js?ver=91600
    • • script: https://admin.db.tivornya.hu/static/js/generated/vendor.react.js?ver=91600
    • • script: https://admin.db.tivornya.hu/static/js/generated/vendor.main.js?ver=91600
    • • script: https://admin.db.tivornya.hu/static/js/generated/vendor.others.js?ver=91600
    • • script: https://admin.db.tivornya.hu/static/js/generated/vendor.sqleditor.js?ver=91600
    • • script: https://admin.db.tivornya.hu/static/js/generated/pgadmin_commons.js?ver=91600
    • • style: https://admin.db.tivornya.hu/static/js/generated/style.css?ver=91600

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Compression Warning

    1 text resources look uncompressed.

    • • https://admin.db.tivornya.hu/tools/translations.js?ver=91600 (application/javascript; charset=utf-8)

    Fix: Enable Brotli or Gzip compression for HTML, CSS, JS, and JSON responses.

  • Robots.txt Error

    robots.txt missing or inaccessible (404).

    Fix: Create a robots.txt file at https://admin.db.tivornya.hu/robots.txt and allow intended crawlers.

  • Sitemap File Warning

    Sitemap missing or inaccessible at https://admin.db.tivornya.hu/sitemap.xml (404).

    Fix: Publish a sitemap.xml and reference it in robots.txt with: Sitemap: https://admin.db.tivornya.hu/sitemap.xml

  • No robots meta tag defined.

    Fix: Add <meta name="robots" content="index,follow"> (or the intended directive) in <head>.

Accessibility Basics

  • Form Labels Error

    4 of 4 controls are missing labels.

    • • input (csrf_token)
    • • input[type="text"].MuiInputBase-input.MuiOutlinedInput-input (email)
    • • input[type="password"].MuiInputBase-input.MuiOutlinedInput-input (password)
    • • select.MuiNativeSelect-select.MuiNativeSelect-outlined (language)

    Fix: Associate each form control with a visible label, aria-label, or aria-labelledby.

  • Landmarks Warning

    Missing landmarks: header, nav, main, footer.

    Fix: Use semantic regions (<header>, <nav>, <main>, <footer>) for navigation and assistive tech.

  • Tap Target Size Warning

    2 interactive elements appear smaller than 48px.

    • • button.MuiButtonBase-root.MuiButton-root (Login) - 418x35px
    • • button.MuiButtonBase-root.MuiIconButton-root (Close Message) - 30x30px

    Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Social & Rich Results

  • Missing og:title or og:description.

    Fix: Add og:title and og:description tags to control social preview text.

  • og:image is missing.

    Fix: Add <meta property="og:image" content="https://..."> with a high-quality share image.

  • Twitter Card Warning

    twitter:card is missing.

    Fix: Add <meta name="twitter:card" content="summary_large_image"> for better previews on X.

  • Structured Data Warning

    No JSON-LD schema scripts found.

    Fix: Add JSON-LD structured data matching your page type (Organization, Article, Product, etc.).

  • PWA Metadata Warning

    Manifest or Apple touch icon is missing.

    Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.

  • 5 social preview quality issues detected.

    • • ISSUE: og:url should be an absolute URL.
    • • ISSUE: og:title should typically be between 10 and 70 characters.
    • • ISSUE: og:description should typically be between 50 and 200 characters.
    • • ISSUE: Use an absolute URL for og:image or twitter:image.
    • • ISSUE: twitter:card is missing.
    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.

    Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.

Links Analysis

Performance & Runtime

  • Largest Contentful Paint: 3.16s.

    Fix: Improve LCP by optimizing above-the-fold media, reducing server latency, and inlining critical CSS.

  • Cumulative Layout Shift: 0.000.

  • Total Blocking Time estimate: 241ms.

    Fix: Reduce heavy JavaScript work, split long tasks, and defer non-critical scripts.

  • No failed CSS/JS/image/font/media requests detected.

  • No console/page runtime errors detected during audit.