Site audit · 4/22/2026, 6:42:08 AM

finlyticz.com

Free SEO, performance and security audit for finlyticz.com. Score 81 of 100.

Run a new audit →

Score

good

Audited

https://www.finlyticz.com/

Status

200

Load

238ms

Size

5kb

Links

0+0

AI summary

Top 3 wins, ranked by impact and time-to-ship. 3 generations per day.

Recommendations

9 to improve

No <h1> on the pageStructure

An H1 anchors the page topically. Add one descriptive H1.

Missing Strict-Transport-SecuritySecurity

Forces browsers onto HTTPS. Add: Strict-Transport-Security: max-age=31536000; includeSubDomains

Missing Content-Security-PolicySecurity

The single biggest XSS mitigation. Start with a permissive default-src and tighten over time.

Missing X-Content-Type-OptionsSecurity

Prevents MIME-sniffing attacks. Add: X-Content-Type-Options: nosniff

Missing Referrer-PolicySecurity

Controls how much URL info leaks to third parties. Try: strict-origin-when-cross-origin

Missing Permissions-PolicySecurity

Restricts powerful APIs (camera, geolocation, etc.). Set a tight allow-list.

Missing X-Frame-OptionsSecurity

Prevents clickjacking. Use frame-ancestors in CSP, or X-Frame-Options: SAMEORIGIN.

No HTTP compressionPerformance

Enable gzip or Brotli on the server — typically cuts HTML transfer 60–80%.

No Cache-Control headerPerformance

Even a short max-age helps repeat visits.

What's working

7 ✓

Title looks goodSEO

FinlyticZ - Unlock Real-Time Tally Insights on Your Mobile Device

Meta description setSEO

153 chars

Viewport meta setSEO

Mobile rendering is enabled.

Open Graph completeSocial

Looks great in Facebook, LinkedIn, Slack previews.

Structured data: Organization, WebSiteSEO

Eligible for rich results in search.

HTTPS enabledSecurity

Connection is encrypted.

Fast first responsePerformance

238ms — feels instant.

Security headers

HTTP response

Strict-Transport-Security	missing
Content-Security-Policy	missing
X-Content-Type-Options	missing
Referrer-Policy	missing
Permissions-Policy	missing
X-Frame-Options	missing

Want this every week?

Track it live with vibestat.

Add one script to your site. See real visitors, Core Web Vitals, and weekly recommendations — all without cookies.

Get the snippet