The scanner fetched the public page, extracted deterministic facts, and stored scored results across SEO / AEO, security, accessibility, and design.
Submitted
https://nicklaunches.com/
Final URL
https://nicklaunches.com
Created
Jul 3, 2026, 4:28 AM
Safe fetch
352 ms
71
out of 100
100
out of 100
92/92 rule points
45
out of 100
34/76 rule points
72
out of 100
68/94 rule points
67
out of 100
74/110 rule points
Category point breakdown
Biggest score-losing checks
axe found 2 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (74), region (5).
A small allowlist probe returned a public success response.
Detected 1 of 5 common public security headers. Present: strict-transport-security. Missing: content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Detected 2 insecure asset or link reference(s).
What failed
A small public allowlist probe found a sensitive-looking file path.
Evidence
A small allowlist probe returned a public success response.
Priority
Priority 1: fix before sharing the page publicly.
Why it matters
Publicly exposed config or backup files can leak implementation details or secrets.
How to fix it
Remove the exposed file, block public access to that path, and rotate any secrets that may have been exposed.
What failed
Several basic browser protection headers were not visible.
Evidence
Detected 1 of 5 common public security headers. Present: strict-transport-security. Missing: content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Priority
Priority 5: fix before sharing the page publicly.
Why it matters
These headers reduce avoidable browser-side risk and show a baseline of care before launch.
How to fix it
Configure headers such as Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
What failed
The rendered page has accessibility rule violations detected by axe-core.
Evidence
axe found 2 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (74), region (5).
Priority
Priority 5: fix before sharing the page publicly.
Why it matters
axe checks the actual browser-rendered page, so these issues can affect people using keyboards, screen readers, or other assistive technology.
How to fix it
Fix the top axe rule IDs first, especially critical and serious violations around names, roles, labels, headings, contrast, landmarks, and keyboard-accessible controls.
What failed
The page references insecure HTTP assets or links from an HTTPS page.
Evidence
Detected 2 insecure asset or link reference(s).
Priority
Priority 4: fix before sharing the page publicly.
Why it matters
Mixed content can cause browser warnings, broken assets, and lower visitor trust.
How to fix it
Change public asset, link, and form URLs from http:// to https:// where the destination supports it.
What failed
The browser-rendered page has layout or tap-target issues.
Evidence
Horizontal overflow: 0px. Small tap targets: 166.
Priority
Priority 13: fix during launch polish.
Why it matters
Horizontal overflow and tiny tap targets make the page feel broken on real devices, especially for mobile visitors.
How to fix it
Remove elements wider than the viewport, add responsive constraints, and make important links, buttons, inputs, and controls at least 40px tall and wide where possible.
This scan did not produce unknown checks. If a future page has partial public data, the report will show those checks here instead of guessing.
Severity mix: 0 critical, 6 high, 3 medium, 2 low.
No failed checks in this category.
Severity mix: 2 critical, 3 high, 0 medium, 0 low.
A small allowlist probe returned a public success response.
Detected 1 of 5 common public security headers. Present: strict-transport-security. Missing: content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Detected 2 insecure asset or link reference(s).
Severity mix: 0 critical, 3 high, 5 medium, 0 low.
axe found 2 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (74), region (5).
1 of 100 rendered text color sample(s) missed WCAG contrast targets. Worst rendered ratio: 2.28.
Severity mix: 0 critical, 3 high, 6 medium, 2 low.
Detected about 2391 visible word(s).
DOMContentLoaded: 3338ms. Load complete: 3725ms. First contentful paint: 668ms. Resources: 209. Scripts: 18. Images: 3. Third-party origins: 76. Transfer: not available.
Horizontal overflow: 0px. Small tap targets: 166.
Showing failed checks.
These checks need attention.
Detected 2 insecure asset or link reference(s).
Failed: earned 0 of 12 points.
Priority: Priority 4: fix before sharing the page publicly.
Why it matters: Mixed content can cause browser warnings, broken assets, and lower visitor trust.
Fix: Change public asset, link, and form URLs from http:// to https:// where the destination supports it.
Detected 1 of 5 common public security headers. Present: strict-transport-security. Missing: content-security-policy, x-content-type-options, x-frame-options, referrer-policy.
Failed: earned 4 of 18 points from partial coverage.
Priority: Priority 5: fix before sharing the page publicly.
Why it matters: These headers reduce avoidable browser-side risk and show a baseline of care before launch.
Fix: Configure headers such as Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
A small allowlist probe returned a public success response.
Failed: earned 0 of 16 points.
Priority: Priority 1: fix before sharing the page publicly.
Why it matters: Publicly exposed config or backup files can leak implementation details or secrets.
Fix: Remove the exposed file, block public access to that path, and rotate any secrets that may have been exposed.
1 of 100 rendered text color sample(s) missed WCAG contrast targets. Worst rendered ratio: 2.28.
Failed: earned 0 of 8 points.
Priority: Priority 20: lower-risk cleanup after urgent launch blockers.
Why it matters: Low contrast makes a launch page feel less polished and can exclude users with low vision.
Fix: Review key text, buttons, and links against a 4.5:1 contrast target for normal text.
axe found 2 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (74), region (5).
Failed: earned 0 of 18 points.
Priority: Priority 5: fix before sharing the page publicly.
Why it matters: axe checks the actual browser-rendered page, so these issues can affect people using keyboards, screen readers, or other assistive technology.
Fix: Fix the top axe rule IDs first, especially critical and serious violations around names, roles, labels, headings, contrast, landmarks, and keyboard-accessible controls.
Detected about 2391 visible word(s).
Failed: earned 0 of 10 points.
Priority: Priority 21: lower-risk cleanup after urgent launch blockers.
Why it matters: Too little copy can leave visitors confused; too much copy can bury the value proposition.
Fix: Add concise sections for value, proof, how it works, and next steps, then remove repetitive copy.
DOMContentLoaded: 3338ms. Load complete: 3725ms. First contentful paint: 668ms. Resources: 209. Scripts: 18. Images: 3. Third-party origins: 76. Transfer: not available.
Failed: earned 0 of 10 points.
Priority: Priority 14: fix during launch polish.
Why it matters: Slow pages lose impatient visitors and make every SEO, social, and paid-traffic visit work harder.
Fix: Reduce render-blocking scripts/styles, compress and size images, defer non-critical JavaScript, reduce third-party tags, and keep above-the-fold content quick to paint.
Detected 2 console error(s) and 0 uncaught page error(s) during render.
Failed: earned 0 of 7 points.
Priority: Priority 15: fix during launch polish.
Why it matters: Runtime errors can break forms, CTAs, animations, tracking, or responsive behavior even when the static HTML looks fine.
Fix: Open the page in a browser, reproduce the console errors, and fix missing assets, hydration problems, client-side exceptions, or failing third-party scripts.
Horizontal overflow: 0px. Small tap targets: 166.
Failed: earned 0 of 9 points.
Priority: Priority 13: fix during launch polish.
Why it matters: Horizontal overflow and tiny tap targets make the page feel broken on real devices, especially for mobile visitors.
Fix: Remove elements wider than the viewport, add responsive constraints, and make important links, buttons, inputs, and controls at least 40px tall and wide where possible.
Security and accessibility checks are basic automated public checks. They are not a complete security audit, penetration test, privacy review, or WCAG certification.
Checked: https://nicklaunches.com
Next/final: https://nicklaunches.com
Content type: text/html; charset=utf-8
Checked: https://nicklaunches.com
Next/final: https://nicklaunches.com
Content type: text/html; charset=utf-8
Content hash: bad294d428323a46bf8419f4aeb9553f7d4240c5e10f197a8542f813a8af070e
Checked: https://nicklaunches.com/robots.txt
Next/final: https://nicklaunches.com/robots.txt
Content type: text/plain; charset=utf-8
Content hash: f1b8b02b79ff78479fdd0fed2fe007df15634538b0316327a24f3d04cd57eb4c
Checked: https://nicklaunches.com/sitemap.xml
Next/final: https://nicklaunches.com/sitemap.xml
Content type: application/xml
Content hash: e80e0d70864c0df43b1fb136ff6c9cdbc720e7f19c81587dbad071273c99004f
Checked: https://nicklaunches.com/llms.txt
Next/final: https://nicklaunches.com/llms.txt
Content type: text/plain; charset=utf-8
Content hash: df723273eb27e545efcb4db7b340d6afc25c48bb910aff18526ac3f2187bcd46
Checked: https://nicklaunches.com/.env
Next/final: https://nicklaunches.com/.env
Content type: text/html; charset=utf-8
Fetch result: HTTP 404 returned for security_probe.
Checked: https://nicklaunches.com/.git/config
Next/final: https://nicklaunches.com/.git/config
Content type: text/html
Content hash: c7444bcc63fee501ed5c88d939f9f5a5c2d2404bd960cf8423b034eb40a96a5a
Checked: https://nicklaunches.com/wp-config.php
Next/final: https://nicklaunches.com/wp-config.php
Content type: text/html; charset=utf-8
Fetch result: HTTP 403 returned for security_probe.
Checked: https://nicklaunches.com/backup.zip
Next/final: https://nicklaunches.com/backup.zip
Content type: text/html; charset=utf-8
Fetch result: HTTP 404 returned for security_probe.
Captured public headers
content-type
text/html; charset=utf-8
content-length
719283
strict-transport-security
max-age=63072000
Share preview
nicklaunches.com website audit report
Close to ready: 71/100 overall, with prioritized fixes for SEO, security, accessibility, and design.
Public reports expose the scanned public URL, safe scores, sanitized public evidence, and fix guidance. They do not include credentials, cookies, hidden form values, or sensitive response bodies.