Audit Result

UUID: 019f713b-adeb-70e9-9c5f-cbf84ae1e7dd

vercel.com

https://vercel.com/login?next=%2Fsso-api%3Furl%3Dhttps%253A%252F%252Fwork-tracker-3wog5pgvg-gio-g7.vercel.app%252F%26nonce%3Da03a1a9566ac8cfa068b2b02eadf289a6ba936ead539aafe58ccae2b50ba4370

Scanned 12 hours ago

78
Fair Score
39 total checks
Passed
25
Warnings
11
Errors
3

Meta Information

  • Title Tag Warning

    Found 14 characters. Keep title between 30 and 60 characters.

    Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.

  • Missing meta description.

    Fix: Add <meta name="description" content="..."> in <head> with a clear page summary.

  • Canonical found: https://vercel.com/login

  • Favicon Pass

    Favicon found and reachable: https://assets.vercel.com/image/upload/q_auto/front/favicon/vercel/favicon.ico (HTTP 200).

    Favicon
  • Viewport configured: width=device-width, initial-scale=1, maximum-scale=1

  • HTML Lang Pass

    Language declared as "en-US".

Content Structure

  • H1 Tag Pass

    Exactly one H1 found: "Log in to Vercel".

  • Valid heading flow across 1 headings.

  • 6 of 6 images are missing alt text.

    Fix: Add meaningful alt attributes to all informative images for accessibility and image SEO.

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • 1 HTTPS hardening issues detected.

    • • Could not probe the HTTP version of this page.
    • • Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Core security headers were detected.

    Full HTTP headers (24)
    • • access-control-allow-origin: *
    • • age: 781
    • • cache-control: public, max-age=0, must-revalidate
    • • content-disposition: inline
    • • content-encoding: br
    • • content-security-policy: default-src 'self' vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.google.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.google.com www.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.ampproject.org *.googleapis.com *.fides-cdn.ethyca.com *.ethyca.com cdn.ethyca.com cdn.vercel-insights.com va.vercel-scripts.com cdp.vercel.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.google.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com github.com calendly.com *.vusercontent.net *.vercel.run vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.google.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.google.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' videos.ctfassets.net user-images.githubusercontent.com replicate.delivery *.public.blob.vercel-storage.com *.private.blob.vercel-storage.com blob: data: vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.google.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*;connect-src wss://ws-us3.pusher.com data: * https://*.contentful.com cdp.vercel.com;font-src 'self' *.vercel.com *.gstatic.com vercel.live;frame-ancestors 'self' https://vercel.com https://app.contentful.com https://*.contentful.com https://*.vercel.sh https://*.vercel.com;worker-src 'self' *.vercel.com blob:
    • • content-type: text/html; charset=utf-8
    • • date: Fri, 17 Jul 2026 17:59:21 GMT
    • • feature-policy: fullscreen 'self'; camera 'none'
    • • link: <https://avatars.githubusercontent.com>; rel=preconnect; crossorigin="", <https://py8fhxnkzwtsqdo9.public.blob.vercel-storage.com>; rel=preconnect; crossorigin="", <https://images.ctfassets.net>; rel=preconnect; crossorigin="", <https://accounts.google.com>; rel=preconnect; crossorigin="", </_next/static/immutable/media/797e433ab948586e.p.1v5bejj26fx9h.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/immutable/media/Geist_Variable-s.p.2v-cf9syxr5ni.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"
    • • referrer-policy: origin-when-cross-origin
    • • server: Vercel
    • • strict-transport-security: max-age=31536000; includeSubDomains; preload
    • • vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
    • • x-content-type-options: nosniff
    • • x-dns-prefetch-control: on
    • • x-download-options: noopen
    • • x-frame-options: DENY
    • • x-matched-path: /login
    • • x-nextjs-prerender: 1
    • • x-nextjs-stale-time: 300
    • • x-vercel-cache: HIT
    • • x-vercel-id: iad1::2lzgv-1784311161959-3f139fd41953
    • • x-xss-protection: 0
  • CSP Quality Error

    4 CSP hardening issues detected.

    • • script-src/default-src permits 'unsafe-inline'.
    • • script-src/default-src permits 'unsafe-eval'.
    • • CSP is missing object-src 'none'.
    • • CSP is missing a base-uri restriction.
    • • Content-Security-Policy: default-src 'self' vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.google.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.google.com www.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.ampproject.org *.googleapis.com *.fides-cdn.ethyca.com *.ethyca.com cdn.ethyca.com cdn.vercel-insights.com va.vercel-scripts.com cdp.vercel.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.google.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com github.com calendly.com *.vusercontent.net *.vercel.run vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.google.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.google.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' videos.ctfassets.net user-images.githubusercontent.com replicate.delivery *.public.blob.vercel-storage.com *.private.blob.vercel-storage.com blob: data: vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.google.com *.github.com *.codesandbox.io https://risk.clearbit.com wss://*.vercel.com localhost:* chrome-extension://*;connect-src wss://ws-us3.pusher.com data: * https://*.contentful.com cdp.vercel.com;font-src 'self' *.vercel.com *.gstatic.com vercel.live;frame-ancestors 'self' https://vercel.com https://app.contentful.com https://*.contentful.com https://*.vercel.sh https://*.vercel.com;worker-src 'self' *.vercel.com blob:

    Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.

  • No first-party cookies were set during the initial page load.

  • Server response headers do not expose version tokens.

  • Domain does not appear to be behind Cloudflare.

  • Loaded in 0.76s (perceived).

  • 15 scripts and 8 styles may block rendering.

    • • script: https://vercel.com/_next/static/immutable/chunks/0c0hxoamwjsbw.js
    • • script: https://vercel.com/_next/static/immutable/chunks/3l42gi5x2ux3l.js
    • • script: https://vercel.com/_next/static/immutable/chunks/34vqqlfuwtzlj.js
    • • script: https://vercel.com/_next/static/immutable/chunks/37kiw8xolm7p0.js
    • • script: https://vercel.com/_next/static/immutable/chunks/0sct3q710x6xf.js
    • • script: https://vercel.com/_next/static/immutable/chunks/3unu45tgaku2t.js
    • • script: https://vercel.com/_next/static/immutable/chunks/1574sb7tg46v7.js
    • • script: https://vercel.com/_next/static/immutable/chunks/200n-vnv6d_-6.js
    • • script: https://vercel.com/_next/static/immutable/chunks/321jjcc63jt8w.js
    • • script: https://vercel.com/_next/static/immutable/chunks/1g02vwivem2ux.js
    • • script: https://vercel.com/_next/static/immutable/chunks/2ym50f_4nya9u.js
    • • script: https://vercel.com/_next/static/immutable/chunks/0ue8_lyxtkpj-.js
    • • script: https://vercel.com/_next/static/immutable/chunks/35bfbxdukpoav.js
    • • script: https://vercel.com/_next/static/immutable/chunks/3yarunrihtv7q.js
    • • script: https://vercel.com/_next/static/immutable/chunks/1cirq5lg4p1a3.js
    • • style: https://vercel.com/_next/static/immutable/chunks/3-9eu6686e3u2.css
    • • style: https://vercel.com/_next/static/immutable/chunks/3cfn95dd3pb1_.css
    • • style: https://vercel.com/_next/static/immutable/chunks/3-qb-ev6vlqj7.css
    • • style: https://vercel.com/_next/static/immutable/chunks/3ddc9o1fx6cgv.css
    • • style: https://vercel.com/_next/static/immutable/chunks/2fqz_1niksx55.css
    • • style: https://accounts.google.com/gsi/style
    • • style: https://vercel.com/_next/static/immutable/chunks/2p1w8vfjnkf-k.css
    • • style: https://vercel.com/_next/static/immutable/chunks/24pqk4y0dmq3x.css

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Compression Warning

    5 text resources look uncompressed.

    • • https://vercel.com/_next/static/immutable/chunks/0aklq1edl20b3.js (application/javascript; charset=utf-8)
    • • https://vercel.com/signup?next=%2Fsso-api%3Furl%3Dhttps%253A%252F%252Fwork-tracker-3wog5pgvg-gio-g7.vercel.app%252F%26nonce%3Da03a1a9566ac8cfa068b2b02eadf289a6ba936ead539aafe58ccae2b50ba4370&_rsc=_H_fFy2_Q06N8BA7 (text/x-component)
    • • https://vercel.com/_next/static/immutable/chunks/2p1w8vfjnkf-k.css (text/css; charset=utf-8)
    • • https://vercel.com/api/stream/internal (application/json; charset=utf-8)
    • • https://vercel.com/signup?_rsc=_H_fFy2_Q06N8BA7 (text/x-component)

    Fix: Enable Brotli or Gzip compression for HTML, CSS, JS, and JSON responses.

  • Robots.txt Pass

    Found robots.txt (200).

  • Found sitemap (200) at https://vercel.com/sitemap.xml.

  • No robots meta tag defined.

    Fix: Add <meta name="robots" content="index,follow"> (or the intended directive) in <head>.

Accessibility Basics

  • All 1 controls are labeled.

  • Landmarks Pass

    Header, nav, main, and footer landmarks are present.

  • Tap Target Size Warning

    11 interactive elements appear smaller than 48px.

    • • a.fixed.-m-px (Skip to content) - 118x24px
    • • a#header-sign-up-btn.outline-none.m-0 (Sign Up) - 76x32px
    • • button.outline-none.m-0 (Continue with Email) - 320x40px
    • • button.outline-none.m-0 (Continue with Google) - 320x40px
    • • button.outline-none.m-0 (Continue with GitHub) - 320x40px
    • • button.outline-none.m-0 (Continue with Apple) - 320x40px
    • • button.outline-none.m-0 (Continue with SAML SSO) - 320x40px
    • • button.outline-none.m-0 (Continue with Passkey) - 320x40px
    • • button.outline-none.m-0 (Show other options) - 320x40px
    • • a.cursor-pointer.focus-visible:outline-2 (Terms) - 35x16px
    • • a.cursor-pointer.focus-visible:outline-2 (Privacy Policy) - 79x16px

    Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Social & Rich Results

  • Missing og:title or og:description.

    Fix: Add og:title and og:description tags to control social preview text.

  • og:image is present and absolute.

    Open Graph Image
  • twitter:card set to summary_large_image.

  • Structured Data Warning

    No JSON-LD schema scripts found.

    Fix: Add JSON-LD structured data matching your page type (Organization, Article, Product, etc.).

  • Manifest and Apple touch icon are configured.

  • 2 social preview quality issues detected.

    • • ISSUE: og:url should be an absolute URL.
    • • ISSUE: og:description should typically be between 50 and 200 characters.
    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.
    • • MEASURED: Image size: 0.02 MB
    • • MEASURED: Image dimensions: 1200x630

    Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.

Links Analysis

Performance & Runtime

  • Largest Contentful Paint: 0.76s.

  • Cumulative Layout Shift: 0.000.

  • Total Blocking Time estimate: 0ms.

  • No failed CSS/JS/image/font/media requests detected.

  • 2 JavaScript runtime issues detected.

    • • Failed to load resource: the server responded with a status of 403 () [https://vercel.com/api/jwt:1]
    • • Provider's accounts list is empty. [https://vercel.com/login?next=%2Fsso-api%3Furl%3Dhttps%253A%252F%252Fwork-tracker-3wog5pgvg-gio-g7.vercel.app%252F%26nonce%3Da03a1a9566ac8cfa068b2b02eadf289a6ba936ead539aafe58ccae2b50ba4370:1]

    Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.