Website audit scorecard for mortgageinottawa.com
The scanner fetched the public page, extracted deterministic facts, and stored scored results across SEO / AEO, security, accessibility, and design.
Submitted
https://mortgageinottawa.com
Final URL
https://mortgageinottawa.com
Created
Jul 8, 2026, 6:39 PM
Safe fetch
309 ms
61
out of 100
70
out of 100
80/114 rule points
39
out of 100
30/76 rule points
61
out of 100
57/94 rule points
73
out of 100
80/110 rule points
Category point breakdown
Biggest score-losing checks
Detected 0 of 5 common public security headers. Present: none. Missing: strict-transport-security, content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
axe found 6 violation rule(s), including 2 serious or critical rule(s). Top rules: label-title-only (1), link-name (8), heading-order (1), landmark-one-main (1), meta-viewport (1).
A small allowlist probe returned a public success response.
Detected 0 CTA candidate(s).
Remove exposed sensitive files
-16 rule ptsWhat failed
A small public allowlist probe found a sensitive-looking file path.
Evidence
A small allowlist probe returned a public success response.
Priority
Priority 1: fix before sharing the page publicly.
Why it matters
Publicly exposed config or backup files can leak implementation details or secrets.
How to fix it
Remove the exposed file, block public access to that path, and rotate any secrets that may have been exposed.
Copyable agent prompt
Add common public security headers
-18 rule ptsWhat failed
Several basic browser protection headers were not visible.
Evidence
Detected 0 of 5 common public security headers. Present: none. Missing: strict-transport-security, content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Priority
Priority 5: fix before sharing the page publicly.
Why it matters
These headers reduce avoidable browser-side risk and show a baseline of care before launch.
How to fix it
Configure headers such as Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
Copyable agent prompt
Fix rendered axe accessibility violations
-18 rule ptsWhat failed
The rendered page has accessibility rule violations detected by axe-core.
Evidence
axe found 6 violation rule(s), including 2 serious or critical rule(s). Top rules: label-title-only (1), link-name (8), heading-order (1), landmark-one-main (1), meta-viewport (1).
Priority
Priority 5: fix before sharing the page publicly.
Why it matters
axe checks the actual browser-rendered page, so these issues can affect people using keyboards, screen readers, or other assistive technology.
How to fix it
Fix the top axe rule IDs first, especially critical and serious violations around names, roles, labels, headings, contrast, landmarks, and keyboard-accessible controls.
Copyable agent prompt
Remove insecure page resources
-12 rule ptsWhat failed
The page references insecure HTTP assets or links from an HTTPS page.
Evidence
Detected 2 insecure asset or link reference(s).
Priority
Priority 4: fix before sharing the page publicly.
Why it matters
Mixed content can cause browser warnings, broken assets, and lower visitor trust.
How to fix it
Change public asset, link, and form URLs from http:// to https:// where the destination supports it.
Copyable agent prompt
Make the primary CTA obvious
-14 rule ptsWhat failed
The page does not have a detectable call to action.
Evidence
Detected 0 CTA candidate(s).
Priority
Priority 4: fix before sharing the page publicly.
Why it matters
Early visitors need a clear next step, such as trying the product, joining a waitlist, or booking a demo.
How to fix it
Add one prominent CTA above the fold with action-oriented text such as Start, Join, Try, Book, or Get started.
Copyable agent prompt
SEO / AEO
Severity mix: 1 critical, 7 high, 3 medium, 2 low.
sitemap.xml validity
-12 rule ptssitemap.xml returned HTTP success but did not contain a urlset or sitemapindex root.
Page title
-10 rule ptsTitle is 77 characters.
Heading structure
-8 rule ptsDetected 1 H1 heading(s) and 4 total headings.
Security
Severity mix: 2 critical, 3 high, 0 medium, 0 low.
Sensitive file probes
-16 rule ptsA small allowlist probe returned a public success response.
Common security headers
-18 rule ptsDetected 0 of 5 common public security headers. Present: none. Missing: strict-transport-security, content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Mixed content indicators
-12 rule ptsDetected 2 insecure asset or link reference(s).
Accessibility
Severity mix: 0 critical, 3 high, 5 medium, 0 low.
Rendered axe accessibility violations
-18 rule ptsaxe found 6 violation rule(s), including 2 serious or critical rule(s). Top rules: label-title-only (1), link-name (8), heading-order (1), landmark-one-main (1), meta-viewport (1).
Heading order
-11 rule ptsHeading levels found: 1, 4, 2, 2.
Basic contrast
-8 rule pts15 of 100 rendered text color sample(s) missed WCAG contrast targets. Worst rendered ratio: 1.
Design
Severity mix: 0 critical, 3 high, 6 medium, 2 low.
Visible primary CTA
-14 rule ptsDetected 0 CTA candidate(s).
Rendered layout ergonomics
-9 rule ptsHorizontal overflow: 0px. Small tap targets: 13.
Spacing consistency
-7 rule ptsDetected 0 spacing class/style signal(s).
Showing failed checks.
Failed checks
These checks need attention.
Page title
0/10Title is 77 characters.
Failed: earned 0 of 10 points.
Priority: Priority 8: fix during launch polish.
Why it matters: Search engines, social previews, and saved browser tabs use the title to tell people what your product is.
Fix: Set one concise title tag, ideally 10 to 70 characters, that includes the product name and the main promise.
Copyable agent prompt
Heading structure
0/8Detected 1 H1 heading(s) and 4 total headings.
Failed: earned 0 of 8 points.
Priority: Priority 9: fix during launch polish.
Why it matters: Clear headings help visitors, search engines, and assistive technology understand the page quickly.
Fix: Keep one H1 for the main promise, then use H2 and H3 headings in order for sections below it.
Copyable agent prompt
sitemap.xml validity
0/12sitemap.xml returned HTTP success but did not contain a urlset or sitemapindex root.
Failed: earned 0 of 12 points.
Priority: Priority 7: fix during launch polish.
Why it matters: A sitemap helps search engines discover the landing page and related public pages sooner.
Fix: Add a static sitemap file or dynamic /sitemap.xml route with valid urlset or sitemapindex XML, include your public canonical URLs, and confirm it returns HTTP 200.
Copyable agent prompt
LLM-readable file
0/4HTTP 404 returned for llms_txt.
Failed: earned 0 of 4 points.
Priority: Priority 24: lower-risk cleanup after urgent launch blockers.
Why it matters: A short LLM-readable file can help answer engines and AI tools summarize your product accurately.
Fix: Add /llms.txt or /.well-known/llms.txt with the product name, audience, value proposition, and key public links.
Copyable agent prompt
Mixed content indicators
0/12Detected 2 insecure asset or link reference(s).
Failed: earned 0 of 12 points.
Priority: Priority 4: fix before sharing the page publicly.
Why it matters: Mixed content can cause browser warnings, broken assets, and lower visitor trust.
Fix: Change public asset, link, and form URLs from http:// to https:// where the destination supports it.
Copyable agent prompt
Common security headers
0/18Detected 0 of 5 common public security headers. Present: none. Missing: strict-transport-security, content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Failed: earned 0 of 18 points.
Priority: Priority 5: fix before sharing the page publicly.
Why it matters: These headers reduce avoidable browser-side risk and show a baseline of care before launch.
Fix: Configure headers such as Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
Copyable agent prompt
Sensitive file probes
0/16A small allowlist probe returned a public success response.
Failed: earned 0 of 16 points.
Priority: Priority 1: fix before sharing the page publicly.
Why it matters: Publicly exposed config or backup files can leak implementation details or secrets.
Fix: Remove the exposed file, block public access to that path, and rotate any secrets that may have been exposed.
Copyable agent prompt
Heading order
0/11Heading levels found: 1, 4, 2, 2.
Failed: earned 0 of 11 points.
Priority: Priority 13: fix during launch polish.
Why it matters: A clean heading outline helps visitors scan the page and helps assistive technology navigate it.
Fix: Use headings in order: one H1, then H2 for major sections, then H3 for subsections.
Copyable agent prompt
Basic contrast
0/815 of 100 rendered text color sample(s) missed WCAG contrast targets. Worst rendered ratio: 1.
Failed: earned 0 of 8 points.
Priority: Priority 20: lower-risk cleanup after urgent launch blockers.
Why it matters: Low contrast makes a launch page feel less polished and can exclude users with low vision.
Fix: Review key text, buttons, and links against a 4.5:1 contrast target for normal text.
Copyable agent prompt
Rendered axe accessibility violations
0/18axe found 6 violation rule(s), including 2 serious or critical rule(s). Top rules: label-title-only (1), link-name (8), heading-order (1), landmark-one-main (1), meta-viewport (1).
Failed: earned 0 of 18 points.
Priority: Priority 5: fix before sharing the page publicly.
Why it matters: axe checks the actual browser-rendered page, so these issues can affect people using keyboards, screen readers, or other assistive technology.
Fix: Fix the top axe rule IDs first, especially critical and serious violations around names, roles, labels, headings, contrast, landmarks, and keyboard-accessible controls.
Copyable agent prompt
Visible primary CTA
0/14Detected 0 CTA candidate(s).
Failed: earned 0 of 14 points.
Priority: Priority 4: fix before sharing the page publicly.
Why it matters: Early visitors need a clear next step, such as trying the product, joining a waitlist, or booking a demo.
Fix: Add one prominent CTA above the fold with action-oriented text such as Start, Join, Try, Book, or Get started.
Copyable agent prompt
Spacing consistency
0/7Detected 0 spacing class/style signal(s).
Failed: earned 0 of 7 points.
Priority: Priority 25: lower-risk cleanup after urgent launch blockers.
Why it matters: Consistent spacing helps the page feel deliberate and easier to scan.
Fix: Use consistent section padding, gaps, and margins across repeated content blocks.
Copyable agent prompt
Rendered layout ergonomics
0/9Horizontal overflow: 0px. Small tap targets: 13.
Failed: earned 0 of 9 points.
Priority: Priority 13: fix during launch polish.
Why it matters: Horizontal overflow and tiny tap targets make the page feel broken on real devices, especially for mobile visitors.
Fix: Remove elements wider than the viewport, add responsive constraints, and make important links, buttons, inputs, and controls at least 40px tall and wide where possible.
Copyable agent prompt
Share preview
mortgageinottawa.com website audit report
Needs fixes before launch: 61/100 overall, with prioritized fixes for SEO, security, accessibility, and design.
Public reports expose the scanned public URL, safe scores, sanitized public evidence, and fix guidance. They do not include credentials, cookies, hidden form values, or sensitive response bodies.