Website audit scorecard for nicklaunches.com
The scanner fetched the public page, extracted deterministic facts, and stored scored results across SEO / AEO, security, accessibility, and design.
Submitted
https://nicklaunches.com/
Final URL
https://nicklaunches.com
Created
Jul 5, 2026, 11:21 PM
Safe fetch
114 ms
68
out of 100
91
out of 100
84/92 rule points
45
out of 100
34/76 rule points
61
out of 100
57/94 rule points
76
out of 100
84/110 rule points
Category point breakdown
Biggest score-losing checks
axe found 2 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (76), heading-order (1).
A small allowlist probe returned a public success response.
Detected 1 of 5 common public security headers. Present: strict-transport-security. Missing: content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Detected 2 insecure asset or link reference(s).
Remove exposed sensitive files
-16 rule ptsWhat failed
A small public allowlist probe found a sensitive-looking file path.
Evidence
A small allowlist probe returned a public success response.
Priority
Priority 1: fix before sharing the page publicly.
Why it matters
Publicly exposed config or backup files can leak implementation details or secrets.
How to fix it
Remove the exposed file, block public access to that path, and rotate any secrets that may have been exposed.
Add common public security headers
-14 rule ptsWhat failed
Several basic browser protection headers were not visible.
Evidence
Detected 1 of 5 common public security headers. Present: strict-transport-security. Missing: content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Priority
Priority 5: fix before sharing the page publicly.
Why it matters
These headers reduce avoidable browser-side risk and show a baseline of care before launch.
How to fix it
Configure headers such as Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
Fix rendered axe accessibility violations
-18 rule ptsWhat failed
The rendered page has accessibility rule violations detected by axe-core.
Evidence
axe found 2 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (76), heading-order (1).
Priority
Priority 5: fix before sharing the page publicly.
Why it matters
axe checks the actual browser-rendered page, so these issues can affect people using keyboards, screen readers, or other assistive technology.
How to fix it
Fix the top axe rule IDs first, especially critical and serious violations around names, roles, labels, headings, contrast, landmarks, and keyboard-accessible controls.
Remove insecure page resources
-12 rule ptsWhat failed
The page references insecure HTTP assets or links from an HTTPS page.
Evidence
Detected 2 insecure asset or link reference(s).
Priority
Priority 4: fix before sharing the page publicly.
Why it matters
Mixed content can cause browser warnings, broken assets, and lower visitor trust.
How to fix it
Change public asset, link, and form URLs from http:// to https:// where the destination supports it.
Use one clear H1 and ordered headings
-8 rule ptsWhat failed
The page heading structure is either missing a single main heading or skips heading levels.
Evidence
Detected 1 H1 heading(s) and 4 total headings.
Priority
Priority 9: fix during launch polish.
Why it matters
Clear headings help visitors, search engines, and assistive technology understand the page quickly.
How to fix it
Keep one H1 for the main promise, then use H2 and H3 headings in order for sections below it.
SEO / AEO
Severity mix: 0 critical, 6 high, 3 medium, 2 low.
Heading structure
-8 rule ptsDetected 1 H1 heading(s) and 4 total headings.
Security
Severity mix: 2 critical, 3 high, 0 medium, 0 low.
Sensitive file probes
-16 rule ptsA small allowlist probe returned a public success response.
Common security headers
-14 rule ptsDetected 1 of 5 common public security headers. Present: strict-transport-security. Missing: content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Mixed content indicators
-12 rule ptsDetected 2 insecure asset or link reference(s).
Accessibility
Severity mix: 0 critical, 3 high, 5 medium, 0 low.
Rendered axe accessibility violations
-18 rule ptsaxe found 2 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (76), heading-order (1).
Heading order
-11 rule ptsHeading levels found: 1, 3, 3, 3.
Basic contrast
-8 rule pts1 of 100 rendered text color sample(s) missed WCAG contrast targets. Worst rendered ratio: 2.28.
Design
Severity mix: 0 critical, 3 high, 6 medium, 2 low.
Rendered speed signals
-10 rule ptsDOMContentLoaded: 2618ms. Load complete: 2878ms. First contentful paint: 576ms. Resources: 200. Scripts: 17. Images: 3. Third-party origins: 58. Transfer: not available.
Rendered layout ergonomics
-9 rule ptsHorizontal overflow: 0px. Small tap targets: 113.
Runtime console health
-7 rule ptsDetected 1 console error(s) and 0 uncaught page error(s) during render.
Showing failed checks.
Failed checks
These checks need attention.
Heading structure
0/8Detected 1 H1 heading(s) and 4 total headings.
Failed: earned 0 of 8 points.
Priority: Priority 9: fix during launch polish.
Why it matters: Clear headings help visitors, search engines, and assistive technology understand the page quickly.
Fix: Keep one H1 for the main promise, then use H2 and H3 headings in order for sections below it.
Mixed content indicators
0/12Detected 2 insecure asset or link reference(s).
Failed: earned 0 of 12 points.
Priority: Priority 4: fix before sharing the page publicly.
Why it matters: Mixed content can cause browser warnings, broken assets, and lower visitor trust.
Fix: Change public asset, link, and form URLs from http:// to https:// where the destination supports it.
Common security headers
4/18Detected 1 of 5 common public security headers. Present: strict-transport-security. Missing: content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Failed: earned 4 of 18 points from partial coverage.
Priority: Priority 5: fix before sharing the page publicly.
Why it matters: These headers reduce avoidable browser-side risk and show a baseline of care before launch.
Fix: Configure headers such as Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
Sensitive file probes
0/16A small allowlist probe returned a public success response.
Failed: earned 0 of 16 points.
Priority: Priority 1: fix before sharing the page publicly.
Why it matters: Publicly exposed config or backup files can leak implementation details or secrets.
Fix: Remove the exposed file, block public access to that path, and rotate any secrets that may have been exposed.
Heading order
0/11Heading levels found: 1, 3, 3, 3.
Failed: earned 0 of 11 points.
Priority: Priority 13: fix during launch polish.
Why it matters: A clean heading outline helps visitors scan the page and helps assistive technology navigate it.
Fix: Use headings in order: one H1, then H2 for major sections, then H3 for subsections.
Basic contrast
0/81 of 100 rendered text color sample(s) missed WCAG contrast targets. Worst rendered ratio: 2.28.
Failed: earned 0 of 8 points.
Priority: Priority 20: lower-risk cleanup after urgent launch blockers.
Why it matters: Low contrast makes a launch page feel less polished and can exclude users with low vision.
Fix: Review key text, buttons, and links against a 4.5:1 contrast target for normal text.
Rendered axe accessibility violations
0/18axe found 2 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (76), heading-order (1).
Failed: earned 0 of 18 points.
Priority: Priority 5: fix before sharing the page publicly.
Why it matters: axe checks the actual browser-rendered page, so these issues can affect people using keyboards, screen readers, or other assistive technology.
Fix: Fix the top axe rule IDs first, especially critical and serious violations around names, roles, labels, headings, contrast, landmarks, and keyboard-accessible controls.
Rendered speed signals
0/10DOMContentLoaded: 2618ms. Load complete: 2878ms. First contentful paint: 576ms. Resources: 200. Scripts: 17. Images: 3. Third-party origins: 58. Transfer: not available.
Failed: earned 0 of 10 points.
Priority: Priority 14: fix during launch polish.
Why it matters: Slow pages lose impatient visitors and make every SEO, social, and paid-traffic visit work harder.
Fix: Reduce render-blocking scripts/styles, compress and size images, defer non-critical JavaScript, reduce third-party tags, and keep above-the-fold content quick to paint.
Runtime console health
0/7Detected 1 console error(s) and 0 uncaught page error(s) during render.
Failed: earned 0 of 7 points.
Priority: Priority 15: fix during launch polish.
Why it matters: Runtime errors can break forms, CTAs, animations, tracking, or responsive behavior even when the static HTML looks fine.
Fix: Open the page in a browser, reproduce the console errors, and fix missing assets, hydration problems, client-side exceptions, or failing third-party scripts.
Rendered layout ergonomics
0/9Horizontal overflow: 0px. Small tap targets: 113.
Failed: earned 0 of 9 points.
Priority: Priority 13: fix during launch polish.
Why it matters: Horizontal overflow and tiny tap targets make the page feel broken on real devices, especially for mobile visitors.
Fix: Remove elements wider than the viewport, add responsive constraints, and make important links, buttons, inputs, and controls at least 40px tall and wide where possible.
Share preview
nicklaunches.com website audit report
Needs fixes before launch: 68/100 overall, with prioritized fixes for SEO, security, accessibility, and design.
Public reports expose the scanned public URL, safe scores, sanitized public evidence, and fix guidance. They do not include credentials, cookies, hidden form values, or sensitive response bodies.