The scanner fetched the public page, extracted deterministic facts, and stored scored results across SEO / AEO, security, accessibility, and design.
Submitted
Studenten.campusmap24.de
Final URL
https://studenten.campusmap24.de
Created
Jun 30, 2026, 7:15 AM
Safe fetch
227 ms
73
out of 100
79
out of 100
73/92 rule points
83
out of 100
63/76 rule points
57
out of 100
54/94 rule points
74
out of 100
81/110 rule points
Category point breakdown
Biggest score-losing checks
axe found 3 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (8), region (29), aria-allowed-role (1).
Detected 2 image(s) missing alt text out of 23.
Detected 2 of 5 common public security headers. Present: x-content-type-options, referrer-policy. Missing: strict-transport-security, content-security-policy, x-frame-options.
Detected 0 JSON-LD schema block(s).
What failed
The rendered page has accessibility rule violations detected by axe-core.
Evidence
axe found 3 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (8), region (29), aria-allowed-role (1).
Priority
Priority 5: fix before sharing the page publicly.
Why it matters
axe checks the actual browser-rendered page, so these issues can affect people using keyboards, screen readers, or other assistive technology.
How to fix it
Fix the top axe rule IDs first, especially critical and serious violations around names, roles, labels, headings, contrast, landmarks, and keyboard-accessible controls.
What failed
Several basic browser protection headers were not visible.
Evidence
Detected 2 of 5 common public security headers. Present: x-content-type-options, referrer-policy. Missing: strict-transport-security, content-security-policy, x-frame-options.
Priority
Priority 5: fix before sharing the page publicly.
Why it matters
These headers reduce avoidable browser-side risk and show a baseline of care before launch.
How to fix it
Configure headers such as Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
What failed
The page appears to tell crawlers not to index it.
Evidence
A noindex directive was detected.
Priority
Priority 2: fix before sharing the page publicly.
Why it matters
A noindex directive can prevent the launch page from appearing in search results.
How to fix it
Remove noindex from meta robots or X-Robots-Tag headers once the page is ready to be public.
What failed
One or more images are missing alt text.
Evidence
Detected 2 image(s) missing alt text out of 23.
Priority
Priority 11: fix during launch polish.
Why it matters
People using screen readers may miss product context, trust signals, or calls to action.
How to fix it
Add concise alt text for informative images and use empty alt text only for decorative images.
What failed
No JSON-LD schema was detected on the page.
Evidence
Detected 0 JSON-LD schema block(s).
Priority
Priority 12: fix during launch polish.
Why it matters
Structured data gives search and answer engines explicit facts about your product.
How to fix it
Add JSON-LD for SoftwareApplication, Product, Organization, or WebSite using only accurate public facts.
This scan did not produce unknown checks. If a future page has partial public data, the report will show those checks here instead of guessing.
Severity mix: 0 critical, 6 high, 3 medium, 2 low.
Detected 0 JSON-LD schema block(s).
A noindex directive was detected.
Severity mix: 2 critical, 3 high, 0 medium, 0 low.
Detected 2 of 5 common public security headers. Present: x-content-type-options, referrer-policy. Missing: strict-transport-security, content-security-policy, x-frame-options.
Severity mix: 0 critical, 3 high, 5 medium, 0 low.
axe found 3 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (8), region (29), aria-allowed-role (1).
Detected 2 image(s) missing alt text out of 23.
28 of 100 rendered text color sample(s) missed WCAG contrast targets. Worst rendered ratio: 1.1.
Severity mix: 0 critical, 3 high, 6 medium, 2 low.
Detected about 8038 visible word(s).
Detected 0 trust-signal keyword occurrence(s).
Horizontal overflow: 0px. Small tap targets: 27.
Showing failed checks.
These checks need attention.
Detected 0 JSON-LD schema block(s).
Failed: earned 0 of 10 points.
Priority: Priority 12: fix during launch polish.
Why it matters: Structured data gives search and answer engines explicit facts about your product.
Fix: Add JSON-LD for SoftwareApplication, Product, Organization, or WebSite using only accurate public facts.
A noindex directive was detected.
Failed: earned 0 of 9 points.
Priority: Priority 2: fix before sharing the page publicly.
Why it matters: A noindex directive can prevent the launch page from appearing in search results.
Fix: Remove noindex from meta robots or X-Robots-Tag headers once the page is ready to be public.
Detected 2 of 5 common public security headers. Present: x-content-type-options, referrer-policy. Missing: strict-transport-security, content-security-policy, x-frame-options.
Failed: earned 5 of 18 points from partial coverage.
Priority: Priority 5: fix before sharing the page publicly.
Why it matters: These headers reduce avoidable browser-side risk and show a baseline of care before launch.
Fix: Configure headers such as Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
Detected 2 image(s) missing alt text out of 23.
Failed: earned 0 of 14 points.
Priority: Priority 11: fix during launch polish.
Why it matters: People using screen readers may miss product context, trust signals, or calls to action.
Fix: Add concise alt text for informative images and use empty alt text only for decorative images.
28 of 100 rendered text color sample(s) missed WCAG contrast targets. Worst rendered ratio: 1.1.
Failed: earned 0 of 8 points.
Priority: Priority 20: lower-risk cleanup after urgent launch blockers.
Why it matters: Low contrast makes a launch page feel less polished and can exclude users with low vision.
Fix: Review key text, buttons, and links against a 4.5:1 contrast target for normal text.
axe found 3 violation rule(s), including 1 serious or critical rule(s). Top rules: color-contrast (8), region (29), aria-allowed-role (1).
Failed: earned 0 of 18 points.
Priority: Priority 5: fix before sharing the page publicly.
Why it matters: axe checks the actual browser-rendered page, so these issues can affect people using keyboards, screen readers, or other assistive technology.
Fix: Fix the top axe rule IDs first, especially critical and serious violations around names, roles, labels, headings, contrast, landmarks, and keyboard-accessible controls.
Detected about 8038 visible word(s).
Failed: earned 0 of 10 points.
Priority: Priority 21: lower-risk cleanup after urgent launch blockers.
Why it matters: Too little copy can leave visitors confused; too much copy can bury the value proposition.
Fix: Add concise sections for value, proof, how it works, and next steps, then remove repetitive copy.
Detected 0 trust-signal keyword occurrence(s).
Failed: earned 0 of 10 points.
Priority: Priority 16: lower-risk cleanup after urgent launch blockers.
Why it matters: Trust signals reduce hesitation when strangers see the product for the first time.
Fix: Add honest proof such as customer quotes, usage stats, founder credibility, security notes, or relevant logos.
Horizontal overflow: 0px. Small tap targets: 27.
Failed: earned 0 of 9 points.
Priority: Priority 13: fix during launch polish.
Why it matters: Horizontal overflow and tiny tap targets make the page feel broken on real devices, especially for mobile visitors.
Fix: Remove elements wider than the viewport, add responsive constraints, and make important links, buttons, inputs, and controls at least 40px tall and wide where possible.
Security and accessibility checks are basic automated public checks. They are not a complete security audit, penetration test, privacy review, or WCAG certification.
Checked: https://studenten.campusmap24.de
Next/final: https://studenten.campusmap24.de
Content type: text/html; charset=utf-8
Checked: https://studenten.campusmap24.de
Next/final: https://studenten.campusmap24.de
Content type: text/html; charset=utf-8
Content hash: 01103c22a3bba27b1637c0f53511fb2cd2b81b26477efa74d8136bfd0d7411ed
Checked: https://studenten.campusmap24.de/robots.txt
Next/final: https://studenten.campusmap24.de/robots.txt
Content type: text/plain; charset=utf-8
Content hash: 7942ce27675a47404ae772156b8542efef910b8786ef4b746052598840cff37d
Checked: https://studenten.campusmap24.de/sitemap.xml
Next/final: https://studenten.campusmap24.de/sitemap.xml
Content type: text/html; charset=utf-8
Content hash: a2d042bf8bd1713d74ab804ebd699ac069f7708f0978c62c0449edd5020f2773
Checked: https://studenten.campusmap24.de/llms.txt
Next/final: https://studenten.campusmap24.de/llms.txt
Content type: text/html; charset=utf-8
Content hash: a2d042bf8bd1713d74ab804ebd699ac069f7708f0978c62c0449edd5020f2773
Checked: https://studenten.campusmap24.de/.env
Next/final: https://studenten.campusmap24.de/.env
Content type: text/html; charset=UTF-8
Fetch result: HTTP 403 returned for security_probe.
Checked: https://studenten.campusmap24.de/.git/config
Next/final: https://studenten.campusmap24.de/.git/config
Content type: text/html; charset=UTF-8
Fetch result: HTTP 403 returned for security_probe.
Checked: https://studenten.campusmap24.de/wp-config.php
Next/final: https://studenten.campusmap24.de/wp-config.php
Content type: text/html; charset=UTF-8
Fetch result: HTTP 403 returned for security_probe.
Checked: https://studenten.campusmap24.de/backup.zip
Next/final: https://studenten.campusmap24.de/backup.zip
Content type: text/html; charset=UTF-8
Fetch result: HTTP 403 returned for security_probe.
Captured public headers
content-type
text/html; charset=utf-8
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
Share preview
studenten.campusmap24.de website audit report
Close to ready: 73/100 overall, with prioritized fixes for SEO, security, accessibility, and design.
Public reports expose the scanned public URL, safe scores, sanitized public evidence, and fix guidance. They do not include credentials, cookies, hidden form values, or sensitive response bodies.