Website audit scorecard for uisquares.com
The scanner fetched the public page, extracted deterministic facts, and stored scored results across SEO / AEO, security, accessibility, and design.
Submitted
https://uisquares.com
Final URL
https://uisquares.com
Created
Jul 11, 2026, 9:08 PM
Safe fetch
181 ms
69
out of 100
82
out of 100
94/114 rule points
47
out of 100
36/76 rule points
61
out of 100
57/94 rule points
85
out of 100
94/110 rule points
Category point breakdown
Biggest score-losing checks
axe found 8 violation rule(s), including 5 serious or critical rule(s). Top rules: aria-allowed-attr (1), aria-required-children (1), aria-required-parent (1), button-name (1), link-name (3).
A small allowlist probe returned a public success response.
sitemap.xml returned HTTP success but did not contain a urlset or sitemapindex root.
Detected 1 insecure asset or link reference(s).
Remove exposed sensitive files
-16 rule ptsWhat failed
A small public allowlist probe found a sensitive-looking file path.
Evidence
A small allowlist probe returned a public success response.
Priority
Priority 1: fix before sharing the page publicly.
Why it matters
Publicly exposed config or backup files can leak implementation details or secrets.
How to fix it
Remove the exposed file, block public access to that path, and rotate any secrets that may have been exposed.
Copyable agent prompt
Fix rendered axe accessibility violations
-18 rule ptsWhat failed
The rendered page has accessibility rule violations detected by axe-core.
Evidence
axe found 8 violation rule(s), including 5 serious or critical rule(s). Top rules: aria-allowed-attr (1), aria-required-children (1), aria-required-parent (1), button-name (1), link-name (3).
Priority
Priority 5: fix before sharing the page publicly.
Why it matters
axe checks the actual browser-rendered page, so these issues can affect people using keyboards, screen readers, or other assistive technology.
How to fix it
Fix the top axe rule IDs first, especially critical and serious violations around names, roles, labels, headings, contrast, landmarks, and keyboard-accessible controls.
Copyable agent prompt
Remove insecure page resources
-12 rule ptsWhat failed
The page references insecure HTTP assets or links from an HTTPS page.
Evidence
Detected 1 insecure asset or link reference(s).
Priority
Priority 4: fix before sharing the page publicly.
Why it matters
Mixed content can cause browser warnings, broken assets, and lower visitor trust.
How to fix it
Change public asset, link, and form URLs from http:// to https:// where the destination supports it.
Copyable agent prompt
Add common public security headers
-12 rule ptsWhat failed
Several basic browser protection headers were not visible.
Evidence
Detected 1 of 5 common public security headers. Present: content-security-policy. Missing: strict-transport-security, x-content-type-options, x-frame-options, referrer-policy.
Priority
Priority 5: fix before sharing the page publicly.
Why it matters
These headers reduce avoidable browser-side risk and show a baseline of care before launch.
How to fix it
Configure headers such as Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
Copyable agent prompt
Publish a valid sitemap.xml
-12 rule ptsWhat failed
The sitemap file was not reachable or did not look like valid sitemap XML.
Evidence
sitemap.xml returned HTTP success but did not contain a urlset or sitemapindex root.
Priority
Priority 7: fix during launch polish.
Why it matters
A sitemap helps search engines discover the landing page and related public pages sooner.
How to fix it
Add a static sitemap file or dynamic /sitemap.xml route with valid urlset or sitemapindex XML, include your public canonical URLs, and confirm it returns HTTP 200.
Copyable agent prompt
SEO / AEO
Severity mix: 1 critical, 7 high, 3 medium, 2 low.
sitemap.xml validity
-12 rule ptssitemap.xml returned HTTP success but did not contain a urlset or sitemapindex root.
Heading structure
-8 rule ptsDetected 1 H1 heading(s) and 20 total headings.
Security
Severity mix: 2 critical, 3 high, 0 medium, 0 low.
Sensitive file probes
-16 rule ptsA small allowlist probe returned a public success response.
Mixed content indicators
-12 rule ptsDetected 1 insecure asset or link reference(s).
Common security headers
-12 rule ptsDetected 1 of 5 common public security headers. Present: content-security-policy. Missing: strict-transport-security, x-content-type-options, x-frame-options, referrer-policy.
Accessibility
Severity mix: 0 critical, 3 high, 5 medium, 0 low.
Rendered axe accessibility violations
-18 rule ptsaxe found 8 violation rule(s), including 5 serious or critical rule(s). Top rules: aria-allowed-attr (1), aria-required-children (1), aria-required-parent (1), button-name (1), link-name (3).
Heading order
-11 rule ptsHeading levels found: 1, 2, 5, 5, 5, 5, 5, 5, 2, 2, 5, 4, 2, 4, 4, 4, 4, 2, 2, 6.
Basic contrast
-8 rule pts5 of 100 rendered text color sample(s) missed WCAG contrast targets. Worst rendered ratio: 1.05.
Design
Severity mix: 0 critical, 3 high, 6 medium, 2 low.
Rendered layout ergonomics
-9 rule ptsHorizontal overflow: 0px. Small tap targets: 25.
Spacing consistency
-7 rule ptsDetected 0 spacing class/style signal(s).
Showing failed checks.
Failed checks
These checks need attention.
Heading structure
0/8Detected 1 H1 heading(s) and 20 total headings.
Failed: earned 0 of 8 points.
Priority: Priority 9: fix during launch polish.
Why it matters: Clear headings help visitors, search engines, and assistive technology understand the page quickly.
Fix: Keep one H1 for the main promise, then use H2 and H3 headings in order for sections below it.
Copyable agent prompt
sitemap.xml validity
0/12sitemap.xml returned HTTP success but did not contain a urlset or sitemapindex root.
Failed: earned 0 of 12 points.
Priority: Priority 7: fix during launch polish.
Why it matters: A sitemap helps search engines discover the landing page and related public pages sooner.
Fix: Add a static sitemap file or dynamic /sitemap.xml route with valid urlset or sitemapindex XML, include your public canonical URLs, and confirm it returns HTTP 200.
Copyable agent prompt
Mixed content indicators
0/12Detected 1 insecure asset or link reference(s).
Failed: earned 0 of 12 points.
Priority: Priority 4: fix before sharing the page publicly.
Why it matters: Mixed content can cause browser warnings, broken assets, and lower visitor trust.
Fix: Change public asset, link, and form URLs from http:// to https:// where the destination supports it.
Copyable agent prompt
Common security headers
6/18Detected 1 of 5 common public security headers. Present: content-security-policy. Missing: strict-transport-security, x-content-type-options, x-frame-options, referrer-policy.
Failed: earned 6 of 18 points from partial coverage.
Priority: Priority 5: fix before sharing the page publicly.
Why it matters: These headers reduce avoidable browser-side risk and show a baseline of care before launch.
Fix: Configure headers such as Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
Copyable agent prompt
Sensitive file probes
0/16A small allowlist probe returned a public success response.
Failed: earned 0 of 16 points.
Priority: Priority 1: fix before sharing the page publicly.
Why it matters: Publicly exposed config or backup files can leak implementation details or secrets.
Fix: Remove the exposed file, block public access to that path, and rotate any secrets that may have been exposed.
Copyable agent prompt
Heading order
0/11Heading levels found: 1, 2, 5, 5, 5, 5, 5, 5, 2, 2, 5, 4, 2, 4, 4, 4, 4, 2, 2, 6.
Failed: earned 0 of 11 points.
Priority: Priority 13: fix during launch polish.
Why it matters: A clean heading outline helps visitors scan the page and helps assistive technology navigate it.
Fix: Use headings in order: one H1, then H2 for major sections, then H3 for subsections.
Copyable agent prompt
Basic contrast
0/85 of 100 rendered text color sample(s) missed WCAG contrast targets. Worst rendered ratio: 1.05.
Failed: earned 0 of 8 points.
Priority: Priority 20: lower-risk cleanup after urgent launch blockers.
Why it matters: Low contrast makes a launch page feel less polished and can exclude users with low vision.
Fix: Review key text, buttons, and links against a 4.5:1 contrast target for normal text.
Copyable agent prompt
Rendered axe accessibility violations
0/18axe found 8 violation rule(s), including 5 serious or critical rule(s). Top rules: aria-allowed-attr (1), aria-required-children (1), aria-required-parent (1), button-name (1), link-name (3).
Failed: earned 0 of 18 points.
Priority: Priority 5: fix before sharing the page publicly.
Why it matters: axe checks the actual browser-rendered page, so these issues can affect people using keyboards, screen readers, or other assistive technology.
Fix: Fix the top axe rule IDs first, especially critical and serious violations around names, roles, labels, headings, contrast, landmarks, and keyboard-accessible controls.
Copyable agent prompt
Spacing consistency
0/7Detected 0 spacing class/style signal(s).
Failed: earned 0 of 7 points.
Priority: Priority 25: lower-risk cleanup after urgent launch blockers.
Why it matters: Consistent spacing helps the page feel deliberate and easier to scan.
Fix: Use consistent section padding, gaps, and margins across repeated content blocks.
Copyable agent prompt
Rendered layout ergonomics
0/9Horizontal overflow: 0px. Small tap targets: 25.
Failed: earned 0 of 9 points.
Priority: Priority 13: fix during launch polish.
Why it matters: Horizontal overflow and tiny tap targets make the page feel broken on real devices, especially for mobile visitors.
Fix: Remove elements wider than the viewport, add responsive constraints, and make important links, buttons, inputs, and controls at least 40px tall and wide where possible.
Copyable agent prompt
Share preview
uisquares.com website audit report
Needs fixes before launch: 69/100 overall, with prioritized fixes for SEO, security, accessibility, and design.
Public reports expose the scanned public URL, safe scores, sanitized public evidence, and fix guidance. They do not include credentials, cookies, hidden form values, or sensitive response bodies.