Site audit · 4/23/2026, 6:36:18 PM
matwenger.design
Free SEO, performance and security audit for matwenger.design. Score 88 of 100.
Score
88
excellent
Audited
https://matwenger.design/
Status
200
Load
85ms
Size
55kb
Links
8+0
AI summary
Top 3 wins, ranked by impact and time-to-ship. 3 generations per day.
Recommendations
6 to improveNo <h1> on the pageStructure
An H1 anchors the page topically. Add one descriptive H1.
Missing Content-Security-PolicySecurity
The single biggest XSS mitigation. Start with a permissive default-src and tighten over time.
Missing X-Content-Type-OptionsSecurity
Prevents MIME-sniffing attacks. Add: X-Content-Type-Options: nosniff
Missing Referrer-PolicySecurity
Controls how much URL info leaks to third parties. Try: strict-origin-when-cross-origin
Missing Permissions-PolicySecurity
Restricts powerful APIs (camera, geolocation, etc.). Set a tight allow-list.
Missing X-Frame-OptionsSecurity
Prevents clickjacking. Use frame-ancestors in CSP, or X-Frame-Options: SAMEORIGIN.
What's working
8 ✓Title looks goodSEO
Mathias Wendlinger - Principal Design Manager at Microsoft
Meta description setSEO
215 chars
Viewport meta setSEO
Mobile rendering is enabled.
Open Graph completeSocial
Looks great in Facebook, LinkedIn, Slack previews.
Structured data: PersonSEO
Eligible for rich results in search.
HTTPS enabledSecurity
Connection is encrypted.
Compression: gzipPerformance
HTML is compressed in transit.
Fast first responsePerformance
85ms — feels instant.
Heading outline
8 found- H3 My Story
- H3 Experience
- H3 Skills
- H2 Featured Projects
- H3 Xbox Music
- H3 Your Groove
- H3 RPA Self-healing with Copilot
- H2 What People Say
Security headers
HTTP response| Strict-Transport-Security | set |
| Content-Security-Policy | missing |
| X-Content-Type-Options | missing |
| Referrer-Policy | missing |
| Permissions-Policy | missing |
| X-Frame-Options | missing |
Want this every week?
Track it live with vibestat.
Add one script to your site. See real visitors, Core Web Vitals, and weekly recommendations — all without cookies.