vibestat

Site audit · 4/20/2026, 11:31:05 AM

coolform.co

Free SEO, performance and security audit for coolform.co. Score 94 of 100.

Run a new audit →

Score

94
excellent

Audited

https://www.coolform.co/

Status
200
Load
37ms
Size
68kb
Links
13+0

AI summary

Top 3 wins, ranked by impact and time-to-ship. 3 generations per day.

Recommendations

5 to improve
Missing Content-Security-PolicySecurity
The single biggest XSS mitigation. Start with a permissive default-src and tighten over time.
Missing X-Content-Type-OptionsSecurity
Prevents MIME-sniffing attacks. Add: X-Content-Type-Options: nosniff
Missing Referrer-PolicySecurity
Controls how much URL info leaks to third parties. Try: strict-origin-when-cross-origin
Missing Permissions-PolicySecurity
Restricts powerful APIs (camera, geolocation, etc.). Set a tight allow-list.
Missing X-Frame-OptionsSecurity
Prevents clickjacking. Use frame-ancestors in CSP, or X-Frame-Options: SAMEORIGIN.

What's working

9 ✓
Title looks goodSEO
coolform — AI form builder & Typeform alternative
Meta description setSEO
171 chars
Viewport meta setSEO
Mobile rendering is enabled.
Single H1 presentStructure
Forms, but actually good.
Open Graph completeSocial
Looks great in Facebook, LinkedIn, Slack previews.
Structured data: Organization, WebSite, SoftwareApplicationSEO
Eligible for rich results in search.
HTTPS enabledSecurity
Connection is encrypted.
Compression: brPerformance
HTML is compressed in transit.
Fast first responsePerformance
37ms — feels instant.

Heading outline

12 found
  • H1  Forms, but actually good.
  • H3  What should we call you?
  • H2  Everything a modern brand needs.
  • H3  AI that drafts the questions, so you don't have to.
  • H3  300+ question types.
  • H3  Logic that actually branches.
  • H3  Designs you won't be embarrassed by.
  • H3  Analytics without the noise.
  • H3  Embed anywhere, integrate everything.
  • H2  Three steps. That's it.
  • H3  Describe it
  • H3  Design it

Security headers

HTTP response
Strict-Transport-Securityset
Content-Security-Policymissing
X-Content-Type-Optionsmissing
Referrer-Policymissing
Permissions-Policymissing
X-Frame-Optionsmissing

Want this every week?

Track it live with vibestat.

Add one script to your site. See real visitors, Core Web Vitals, and weekly recommendations — all without cookies.

Get the snippet