Site audit · 4/22/2026, 10:49:19 AM

rca-poc.vercel.app

Free SEO, performance and security audit for rca-poc.vercel.app. Score 59 of 100.

Run a new audit →

Score

needs work

Audited

https://rca-poc.vercel.app/

Status

200

Load

322ms

Size

5kb

Links

0+0

AI summary

Top 3 wins, ranked by impact and time-to-ship. 3 generations per day.

Recommendations

15 to improve

Title is short (18 chars)SEO

Aim for 30–60 chars with a keyword + benefit.

Meta description is shortSEO

Currently 56 chars. Aim for 120–160.

No canonical URLSEO

Helps search engines pick the right URL when duplicates exist. Add <link rel="canonical" href="…">.

No <h1> on the pageStructure

An H1 anchors the page topically. Add one descriptive H1.

Open Graph missing 4 tagsSocial

Missing: og:title, og:description, og:image, og:url. These control how the page looks when shared.

No twitter:card metaSocial

Add <meta name="twitter:card" content="summary_large_image">.

No structured data (JSON-LD)SEO

Schema.org markup unlocks rich results. Start with Organization or WebSite.

No /robots.txtSEO

Crawlers expect this file. Even an empty one is fine.

No /sitemap.xmlSEO

Submit a sitemap to help search engines discover your pages.

No favicon linkStructure

Add <link rel="icon" href="/favicon.ico">.

Missing Content-Security-PolicySecurity

The single biggest XSS mitigation. Start with a permissive default-src and tighten over time.

Missing X-Content-Type-OptionsSecurity

Prevents MIME-sniffing attacks. Add: X-Content-Type-Options: nosniff

Missing Referrer-PolicySecurity

Controls how much URL info leaks to third parties. Try: strict-origin-when-cross-origin

Missing Permissions-PolicySecurity

Restricts powerful APIs (camera, geolocation, etc.). Set a tight allow-list.

Missing X-Frame-OptionsSecurity

Prevents clickjacking. Use frame-ancestors in CSP, or X-Frame-Options: SAMEORIGIN.

What's working

4 ✓

Viewport meta setSEO

Mobile rendering is enabled.

HTTPS enabledSecurity

Connection is encrypted.

Compression: brPerformance

HTML is compressed in transit.

Fast first responsePerformance

322ms — feels instant.

Security headers

HTTP response

Strict-Transport-Security	set
Content-Security-Policy	missing
X-Content-Type-Options	missing
Referrer-Policy	missing
Permissions-Policy	missing
X-Frame-Options	missing

Want this every week?

Track it live with vibestat.

Add one script to your site. See real visitors, Core Web Vitals, and weekly recommendations — all without cookies.

Get the snippet