Audit Result

UUID: 019f3291-355c-7116-ae46-2260a3311031

carrubo.cristianobleve.com

https://carrubo.cristianobleve.com/

Scanned 1 week ago

72
Fair Score
39 total checks
Passed
19
Warnings
18
Errors
2

Meta Information

  • Title Tag Warning

    Found 18 characters. Keep title between 30 and 60 characters.

    Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.

  • Found 69 characters. Keep description around 70-160 characters.

    Fix: Add <meta name="description" content="..."> in <head> with a clear page summary.

  • Canonical URL Warning

    Canonical link not found.

    Fix: Add <link rel="canonical" href="https://example.com/page"> to avoid duplicate URL ambiguity.

  • Favicon Pass

    Favicon found and reachable: https://img.cristianobleve.com/img/pictures/carrubo_app_1.png?circle=1&w=150&h=150 (HTTP 200).

    Favicon
  • Viewport configured: width=device-width, initial-scale=1

  • HTML Lang Pass

    Language declared as "it".

Content Structure

  • H1 Tag Pass

    Exactly one H1 found: "Accedi".

  • Detected 2 heading level jumps.

    • • Skipped from h1 to h3: "Accedi" -> "Cookies".
    • • Skipped from h2 to h4: "Cookie Preferences" -> "Strictly Necessary".

    Fix: Follow semantic order (h1 -> h2 -> h3) and avoid skipping heading levels.

  • All 1 images include alt text.

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • 3 HTTPS hardening issues detected.

    • • HSTS max-age is too short (0s).
    • • HSTS is missing includeSubDomains.
    • • Could not probe the HTTP version of this page.
    • • Strict-Transport-Security: max-age=0

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Core security headers were detected.

    Full HTTP headers (25)
    • • access-control-allow-origin: *
    • • age: 285591
    • • alt-svc: h3=":443"; ma=86400
    • • cache-control: public, max-age=0, must-revalidate
    • • cf-cache-status: DYNAMIC
    • • cf-ray: a166dfd2cdfd07d5-IAD
    • • content-disposition: inline
    • • content-encoding: zstd
    • • content-security-policy: frame-ancestors 'none';
    • • content-type: text/html; charset=utf-8
    • • date: Sun, 05 Jul 2026 13:56:41 GMT
    • • last-modified: Thu, 02 Jul 2026 06:36:50 GMT
    • • nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
    • • permissions-policy: geolocation=(), microphone=(), camera=()
    • • referrer-policy: strict-origin-when-cross-origin
    • • report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YC0h%2BJ1BBDf%2FD5rQT1U9xenKLqJ7Y04pU31OHdM%2FEivWNEZ6%2BtZW2%2B7FaG0p4aSSRpZ37n556nJopH7fXa7yORpUdQdpvA9qhuc%2BT14BH9YfNnAUIiNcCwFpC5H%2Fut5OQGL9K4i03E7HmAFVLlDCx8TmMKQpxwEQCg%3D%3D"}]}
    • • server: cloudflare
    • • server-timing: cfCacheStatus;desc="DYNAMIC" cfEdge;dur=21,cfOrigin;dur=1944
    • • strict-transport-security: max-age=0
    • • vary: accept-encoding
    • • x-content-type-options: nosniff
    • • x-frame-options: DENY
    • • x-vercel-cache: HIT
    • • x-vercel-id: iad1::rmqtb-1783259799632-3f271669522c
    • • x-xss-protection: 1; mode=block
  • CSP Quality Warning

    2 CSP hardening issues detected.

    • • CSP is missing object-src 'none'.
    • • CSP is missing a base-uri restriction.
    • • Content-Security-Policy: frame-ancestors 'none';

    Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.

  • No first-party cookies were set during the initial page load.

  • Server response headers do not expose version tokens.

  • Domain appears to be behind Cloudflare.

    • • server: cloudflare
    • • cf-cache-status: DYNAMIC
    • • cf-ray: a166dfd2cdfd07d5-IAD
  • Loaded in 2.83s (perceived).

    Fix: Reduce payload size, cache static assets, and remove non-critical JS from initial load.

  • 2 scripts and 3 styles may block rendering.

    • • script: https://kit.fontawesome.com/cbaddc662a.js
    • • script: https://cdn.jsdelivr.net/npm/@supabase/supabase-js/dist/umd/supabase.min.js
    • • style: https://carrubo.cristianobleve.com/assets/css/style.css
    • • style: https://carrubo.cristianobleve.com/assets/css/login.css
    • • style: https://carrubo.cristianobleve.com/assets/css/cookie-manager.css

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Text-like assets appear compressed.

  • Robots.txt Pass

    Found robots.txt (200).

  • Found sitemap (200) at https://carrubo.cristianobleve.com/sitemap.xml.

  • No robots meta tag defined.

    Fix: Add <meta name="robots" content="index,follow"> (or the intended directive) in <head>.

Accessibility Basics

  • All 5 controls are labeled.

  • Landmarks Warning

    Missing landmarks: nav.

    Fix: Use semantic regions (<header>, <nav>, <main>, <footer>) for navigation and assistive tech.

  • Tap Target Size Warning

    12 interactive elements appear smaller than 48px.

    • • a.login-logo (Il Carrubo) - 115x32px
    • • a#forgotPasswordLink.login-forgot (Password dimenticata?) - 150x21px
    • • button.login-toggle-password (Mostra password) - 29x27px
    • • button.login-submit (Accedi) - 354x44px
    • • button.login-social-btn (Google) - 113x44px
    • • button.login-social-btn (GitHub) - 113x44px
    • • button.login-social-btn (Discord) - 113x44px
    • • a (Privacy Policy) - 98x17px
    • • a (Termini e Condizioni) - 133x17px
    • • button#cm-accept-all.cm-btn.cm-btn-primary (Accept) - 87x36px
    • • button#cm-decline-all.cm-btn.cm-btn-secondary (Decline) - 88x36px
    • • button#cm-customize.cm-btn.cm-btn-secondary (Customize) - 109x36px

    Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Social & Rich Results

  • Core Open Graph tags are present.

  • og:image exists but is not an absolute URL.

    Fix: Use an absolute URL in <meta property="og:image">.

  • twitter:card set to summary_large_image.

  • Structured Data Warning

    No JSON-LD schema scripts found.

    Fix: Add JSON-LD structured data matching your page type (Organization, Article, Product, etc.).

  • PWA Metadata Warning

    Manifest or Apple touch icon is missing.

    Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.

  • 2 social preview quality issues detected.

    • • ISSUE: og:url should be an absolute URL.
    • • ISSUE: Use an absolute URL for og:image or twitter:image.
    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.

    Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.

Links Analysis

  • Checked 4 links. No broken internal links found.

  • No broken external links found in checked URLs.

  • Link Format Warning

    1 links are empty, invalid, or placeholder-only.

    • • href="#" text="Password dimenticata?"

    Fix: Replace empty/#/javascript href values with real destinations or use buttons for non-navigation actions.

Performance & Runtime

  • Largest Contentful Paint: 4.48s.

    Fix: Improve LCP by optimizing above-the-fold media, reducing server latency, and inlining critical CSS.

  • Cumulative Layout Shift: 0.131.

    Fix: Reserve space for images/ads and avoid injecting layout-changing elements above existing content.

  • Total Blocking Time estimate: 56ms.

  • 2 asset requests failed.

    • • https://fonts.cristianobleve.com/tntdigital/stylesheet.css (net::ERR_CERT_COMMON_NAME_INVALID)
    • • https://fonts.cristianobleve.com/all.css (net::ERR_CERT_COMMON_NAME_INVALID)

    Fix: Fix missing files, update asset URLs, and ensure static assets return HTTP 200.

  • 2 JavaScript runtime issues detected.

    • • Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID [https://fonts.cristianobleve.com/tntdigital/stylesheet.css:1]
    • • Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID [https://fonts.cristianobleve.com/all.css:1]

    Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.