Audit Result

UUID: 019f2f77-b61e-717b-8009-1c96e28621ce

marie-leroy.com

https://marie-leroy.com/

Scanned 1 week ago

73
Fair Score
39 total checks
Passed
23
Warnings
11
Errors
5

Meta Information

  • Title Tag Warning

    Found 11 characters. Keep title between 30 and 60 characters.

    Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.

  • Found 138 characters. Good snippet length.

  • Canonical found: https://marie-leroy.com/

  • Favicon Warning

    No favicon link found in <head>.

    Fix: Add <link rel="icon" href="/favicon.ico"> to ensure browser tab and bookmark visibility.

  • Viewport configured: width=device-width, initial-scale=1

  • HTML Lang Pass

    Language declared as "fr".

Content Structure

  • H1 Tag Pass

    Exactly one H1 found: "Marie LeroyCopywriter indépendante".

  • Valid heading flow across 30 headings.

  • All 14 images include alt text.

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • 1 HTTPS hardening issues detected.

    • • Could not probe the HTTP version of this page.
    • • Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Core security headers were detected.

    Full HTTP headers (19)
    • • alt-svc: h3=":443"; ma=86400
    • • cf-cache-status: DYNAMIC
    • • cf-ray: a161ea01cc977d5c-IAD
    • • content-encoding: zstd
    • • content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://eu.i.posthog.com https://eu-assets.i.posthog.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob: https://api.dicebear.com https://img.youtube.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://eu.i.posthog.com https://eu-assets.i.posthog.com https://*.sentry.io https://fonts.googleapis.com https://fonts.gstatic.com; media-src 'self' blob:; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; trusted-types default dompurify vue posthog
    • • content-type: text/html;charset=utf-8
    • • cross-origin-opener-policy: same-origin
    • • date: Sat, 04 Jul 2026 23:29:56 GMT
    • • nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
    • • referrer-policy: strict-origin-when-cross-origin
    • • report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SwM8HmABLvWFQ8a8P41v0mPYhZTBgldRoEevP%2BkMU%2BAeYT9nbo1KZx5Qd52hAXYBu0bXrnuqsIzYRK%2FX%2FbTnRVxWLoXE8zLxcV1Y%2BK0Ov%2BlyiHbNrXaxWX8Fx%2B1lxq9wjN8fn4Ih6mrKb1AXtP0%3D"}]}
    • • server: cloudflare
    • • server-timing: cfCacheStatus;desc="DYNAMIC" cfEdge;dur=7,cfOrigin;dur=9099
    • • speculation-rules: "/cdn-cgi/speculation"
    • • strict-transport-security: max-age=31536000; includeSubDomains; preload
    • • vary: Accept-Encoding
    • • x-content-type-options: nosniff
    • • x-frame-options: DENY
    • • x-powered-by: Nuxt
  • CSP Quality Error

    1 CSP hardening issues detected.

    • • script-src/default-src permits 'unsafe-inline'.
    • • Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://eu.i.posthog.com https://eu-assets.i.posthog.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob: https://api.dicebear.com https://img.youtube.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://eu.i.posthog.com https://eu-assets.i.posthog.com https://*.sentry.io https://fonts.googleapis.com https://fonts.gstatic.com; media-src 'self' blob:; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; trusted-types default dompurify vue posthog

    Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.

  • No first-party cookies were set during the initial page load.

  • Server response headers do not expose version tokens.

  • Domain appears to be behind Cloudflare.

    • • server: cloudflare
    • • cf-cache-status: DYNAMIC
    • • cf-ray: a161ea01cc977d5c-IAD
  • Loaded in 9.84s (perceived).

    Fix: Reduce payload size, cache static assets, and remove non-critical JS from initial load.

  • 0 scripts and 4 styles may block rendering.

    • • style: https://marie-leroy.com/_nuxt/entry.tn0RQdqM.css
    • • style: https://marie-leroy.com/_nuxt/default.D7eKOmNC.css
    • • style: https://marie-leroy.com/_nuxt/YouTubeEmbed.CQp5ccSg.css
    • • style: https://marie-leroy.com/_nuxt/Hero.8JZbEkSI.css

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Compression Warning

    1 text resources look uncompressed.

    • • https://marie-leroy.com/_nuxt/entry.tn0RQdqM.css (text/css; charset=utf-8)

    Fix: Enable Brotli or Gzip compression for HTML, CSS, JS, and JSON responses.

  • Robots.txt Pass

    Found robots.txt (200).

  • Found sitemap (200) at https://marie-leroy.com/sitemap.xml.

  • No robots meta tag defined.

    Fix: Add <meta name="robots" content="index,follow"> (or the intended directive) in <head>.

Accessibility Basics

  • All 0 controls are labeled.

  • Landmarks Pass

    Header, nav, main, and footer landmarks are present.

  • Tap Target Size Warning

    17 interactive elements appear smaller than 48px.

    • • button.font-medium.inline-flex (Témoignages) - 103x39px
    • • button.font-medium.inline-flex (Ma méthode) - 96x39px
    • • button.font-medium.inline-flex (Pourquoi agir) - 104x39px
    • • button.font-medium.inline-flex (À propos) - 73x39px
    • • button.font-medium.inline-flex (FAQ) - 41x39px
    • • a.font-medium.inline-flex (Me contacter) - 105x36px
    • • button.rounded-md.font-medium (Témoignages) - 85x32px
    • • button.rounded-md.font-medium (Ma méthode) - 77x32px
    • • button.rounded-md.font-medium (Pourquoi agir) - 84x32px
    • • button.rounded-md.font-medium (À propos) - 56x32px
    • • button.rounded-md.font-medium (FAQ) - 24x32px
    • • a.rounded-md.font-medium (Mentions légales) - 105x32px
    • • a.rounded-md.font-medium (Confidentialité) - 94x32px
    • • a.rounded-md.font-medium (CGV) - 26x32px
    • • a.rounded-md.font-medium (instagram) - 32x32px
    • • a.rounded-md.font-medium (facebook) - 32x32px
    • • a.rounded-md.font-medium (linkedin) - 32x32px

    Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Social & Rich Results

  • Core Open Graph tags are present.

  • og:image URL returned HTTP 404.

    Fix: Make sure the og:image URL returns HTTP 200 and points to a publicly accessible image.

  • twitter:card set to summary_large_image.

  • JSON-LD schema detected.

  • PWA Metadata Warning

    Manifest or Apple touch icon is missing.

    Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.

  • 1 social preview quality issues detected.

    • • ISSUE: Preview image URL failed with HTTP 404: https://marie-leroy.com/uploads/images/1764838832348-IMG_0080.jpeg
    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.

    Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.

Links Analysis

  • Checked 8 links. No broken internal links found.

  • External Links Warning

    1 external links returned errors or timed out.

    • • https://www.linkedin.com/in/marie-leroy-217a02246/ (HTTP 999)

    Fix: Replace dead external URLs or point to working alternatives.

  • All 14 links use non-empty href values.

Performance & Runtime

  • Largest Contentful Paint: 10.68s.

    Fix: Improve LCP by optimizing above-the-fold media, reducing server latency, and inlining critical CSS.

  • Cumulative Layout Shift: 0.100.

  • Total Blocking Time estimate: 138ms.

  • 1 asset requests failed.

    • • https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496 (csp)

    Fix: Fix missing files, update asset URLs, and ensure static assets return HTTP 200.

  • 2 JavaScript runtime issues detected.

    • • Request failed: https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496 (csp, type: script)
    • • Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://eu.i.posthog.com https://eu-assets.i.posthog.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. [https://marie-leroy.com/:1]

    Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.