Site audit · 4/22/2026, 5:03:08 AM
pubbles.app
Free SEO, performance and security audit for pubbles.app. Score 85 of 100.
Score
85
excellent
Audited
https://pubbles.app/
Status
200
Load
113ms
Size
23kb
Links
0+8
AI summary
Top 3 wins, ranked by impact and time-to-ship. 3 generations per day.
Recommendations
7 to improveNo <h1> on the pageStructure
An H1 anchors the page topically. Add one descriptive H1.
No /sitemap.xmlSEO
Submit a sitemap to help search engines discover your pages.
Missing Content-Security-PolicySecurity
The single biggest XSS mitigation. Start with a permissive default-src and tighten over time.
Missing X-Content-Type-OptionsSecurity
Prevents MIME-sniffing attacks. Add: X-Content-Type-Options: nosniff
Missing Referrer-PolicySecurity
Controls how much URL info leaks to third parties. Try: strict-origin-when-cross-origin
Missing Permissions-PolicySecurity
Restricts powerful APIs (camera, geolocation, etc.). Set a tight allow-list.
Missing X-Frame-OptionsSecurity
Prevents clickjacking. Use frame-ancestors in CSP, or X-Frame-Options: SAMEORIGIN.
What's working
8 ✓Title looks goodSEO
Pubbles - Subtitle bubbles for your pointer
Meta description setSEO
194 chars
Viewport meta setSEO
Mobile rendering is enabled.
Open Graph completeSocial
Looks great in Facebook, LinkedIn, Slack previews.
Structured data: SoftwareApplicationSEO
Eligible for rich results in search.
HTTPS enabledSecurity
Connection is encrypted.
Compression: brPerformance
HTML is compressed in transit.
Fast first responsePerformance
113ms — feels instant.
Heading outline
6 found- H2 Text bubbles that follow your cursor
- H2 Customize to your hearts content
- H2 Annotate anything on screen!
- H2 Too lazy to type?
- H2 Add pointers that stick around
- H2 A word before you download...
Security headers
HTTP response| Strict-Transport-Security | set |
| Content-Security-Policy | missing |
| X-Content-Type-Options | missing |
| Referrer-Policy | missing |
| Permissions-Policy | missing |
| X-Frame-Options | missing |
Want this every week?
Track it live with vibestat.
Add one script to your site. See real visitors, Core Web Vitals, and weekly recommendations — all without cookies.