Audit Result
UUID: 019f43c7-03e6-70c6-9121-fc8282cbcb18
https://joval.pt/
Scanned 1 week ago
Meta Information
-
Title Tag Pass
Found 53 characters. Length is optimal.
-
Meta Description Pass
Found 147 characters. Good snippet length.
-
Canonical URL Pass
Canonical found: https://joval.pt
-
-
Viewport Meta Pass
Viewport configured: width=device-width, initial-scale=1.0, viewport-fit=cover
-
HTML Lang Pass
Language declared as "pt".
Content Structure
-
H1 Tag Pass
Exactly one H1 found: "Eletrobombas, bombas submersíveis, motores e sistemas de pressurização fabricados em Portugal".
-
Heading Hierarchy Pass
Valid heading flow across 39 headings.
-
Image Alt Text Pass
All 26 images include alt text.
Technical Optimization
-
HTTPS Pass
Page is served over HTTPS.
-
HSTS & HTTPS Redirect Warning
1 HTTPS hardening issues detected.
- • Could not probe the HTTP version of this page.
- • Strict-Transport-Security: max-age=31536000; includeSubDomains
Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.
-
Security Headers Pass
Core security headers were detected.
Full HTTP headers (23)
- • alt-svc: h3=":443"; ma=86400
- • cache-control: no-store, no-cache, must-revalidate
- • cf-cache-status: DYNAMIC
- • cf-ray: a1826920eb4bdff2-IAD
- • content-encoding: zstd
- • content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://code.jquery.com https://www.google.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://www.google.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://www.google-analytics.com https://www.google.com https://*.google.com https://*.gstatic.com https://*.googleapis.com; connect-src 'self' https://cdn.jsdelivr.net https://www.google-analytics.com https://www.google.com https://challenges.cloudflare.com; frame-src 'self' https://*.google.com https://*.google.pt https://challenges.cloudflare.com; child-src 'self' https://*.google.com https://*.google.pt https://challenges.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'self';
- • content-type: text/html; charset=UTF-8
- • date: Wed, 08 Jul 2026 22:08:59 GMT
- • expires: Thu, 19 Nov 1981 08:52:00 GMT
- • link: </llms.txt>; rel="llms-txt", </llms-full.txt>; rel="llms-full-txt"
- • nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
- • permissions-policy: geolocation=(), microphone=(), camera=()
- • pragma: no-cache
- • referrer-policy: strict-origin-when-cross-origin
- • report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6CzIW3y4t4si6TapfjGulyoSO%2FWD4X1Qt9gcCQAf31eAVn24CCyyl6wCzHusZlF1ooW3Vg1isNDc6Ln9QRM1uhAj3T6erM1T6179DnF%2FsL14fGPZwca3KPlJ%2FkESbslhnc0vEhkZ4Q%3D%3D"}]}
- • server: cloudflare
- • server-timing: cfCacheStatus;desc="DYNAMIC" cfEdge;dur=16,cfOrigin;dur=405
- • strict-transport-security: max-age=31536000; includeSubDomains
- • vary: Accept-Encoding
- • x-content-type-options: nosniff
- • x-frame-options: SAMEORIGIN
- • x-llms-txt: /llms.txt
- • x-xss-protection: 1; mode=block
-
CSP Quality Error
3 CSP hardening issues detected.
- • script-src/default-src permits 'unsafe-inline'.
- • CSP is missing object-src 'none'.
- • CSP is missing a base-uri restriction.
- • Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://code.jquery.com https://www.google.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://www.google.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://www.google-analytics.com https://www.google.com https://*.google.com https://*.gstatic.com https://*.googleapis.com; connect-src 'self' https://cdn.jsdelivr.net https://www.google-analytics.com https://www.google.com https://challenges.cloudflare.com; frame-src 'self' https://*.google.com https://*.google.pt https://challenges.cloudflare.com; child-src 'self' https://*.google.com https://*.google.pt https://challenges.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'self';
Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.
-
Cookie Security Pass
No first-party cookies were set during the initial page load.
-
Server response headers do not expose version tokens.
-
Cloudflare Proxy Pass
Domain appears to be behind Cloudflare.
- • server: cloudflare
- • cf-cache-status: DYNAMIC
- • cf-ray: a1826920eb4bdff2-IAD
-
Perceived Load Time Pass
Loaded in 0.52s (perceived).
-
Render Blocking Resources Warning
0 scripts and 2 styles may block rendering.
- • style: https://joval.pt/css/core.css?v=1783546935
- • style: https://joval.pt/css/page-home.css?v=1783546935
Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.
-
Compression Pass
Text-like assets appear compressed.
-
Robots.txt Pass
Found robots.txt (200).
-
Sitemap File Pass
Found sitemap (200) at https://joval.pt/sitemap.xml.
-
Crawl Directives Pass
Robots meta found: index, follow, max-image-preview:large
Accessibility Basics
-
Form Labels Pass
All 2 controls are labeled.
-
Landmarks Pass
Header, nav, main, and footer landmarks are present.
-
Tap Target Size Warning
6 interactive elements appear smaller than 48px.
- • a (Início) - 40x48px
- • a (Sobre) - 45x48px
- • a (+351 253 490 740) - 137x24px
- • a ([email protected]) - 105x24px
- • button.cookie-consent__btn.cookie-consent__btn--accept (Aceitar) - 89x34px
- • button.cookie-consent__btn.cookie-consent__btn--reject (Rejeitar) - 95x34px
Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.
Social & Rich Results
-
Open Graph Basics Pass
Core Open Graph tags are present.
-
-
Twitter Card Pass
twitter:card set to summary_large_image.
-
Structured Data Pass
JSON-LD schema detected.
-
PWA Metadata Pass
Manifest and Apple touch icon are configured.
-
Social preview metadata and image quality look good for Open Graph/Twitter.
- • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
- • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
- • GUIDELINE: Optimal preview image size: 1200x630 pixels.
- • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
- • GUIDELINE: Optimal preview image file size: under 5 MB.
- • GUIDELINE: Recommended twitter:card: summary_large_image.
- • MEASURED: Image size: 0.10 MB
- • MEASURED: Image dimensions: 1200x630
Links Analysis
-
Internal Links Pass
Checked 42 links. No broken internal links found.
-
External Links Pass
No broken external links found in checked URLs.
-
Link Format Pass
All 78 links use non-empty href values.
Performance & Runtime
-
Core Web Vitals: LCP Pass
Largest Contentful Paint: 0.73s.
-
Core Web Vitals: CLS Error
Cumulative Layout Shift: 0.593.
Fix: Reserve space for images/ads and avoid injecting layout-changing elements above existing content.
-
Total Blocking Time estimate: 0ms.
-
Broken Assets Error
1 asset requests failed.
- • https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496 (csp)
Fix: Fix missing files, update asset URLs, and ensure static assets return HTTP 200.
-
JavaScript Runtime Errors Warning
2 JavaScript runtime issues detected.
- • Request failed: https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496 (csp, type: script)
- • Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://code.jquery.com https://www.google.com https://challenges.cloudflare.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. [https://joval.pt/:1]
Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.