vibestat

Site audit · 6/22/2026, 3:05:26 PM

google.com

Free SEO, performance and security audit for google.com. Score 52 of 100.

Run a new audit →

Score

52
needs work

Audited

https://www.google.com/

Status
200
Load
54ms
Size
79kb
Links
8+2

AI summary

Top 3 wins, ranked by impact and time-to-ship. 3 generations per day.

Critical

1 blocker
No viewport meta tagSEO
Mobile rendering breaks without it. Add <meta name="viewport" content="width=device-width, initial-scale=1">.

Recommendations

13 to improve
Title is short (6 chars)SEO
Aim for 30–60 chars with a keyword + benefit.
Meta description is shortSEO
Currently 16 chars. Aim for 120–160.
No canonical URLSEO
Helps search engines pick the right URL when duplicates exist. Add <link rel="canonical" href="…">.
No <h1> on the pageStructure
An H1 anchors the page topically. Add one descriptive H1.
Open Graph missing 4 tagsSocial
Missing: og:title, og:description, og:image, og:url. These control how the page looks when shared.
No twitter:card metaSocial
Add <meta name="twitter:card" content="summary_large_image">.
No structured data (JSON-LD)SEO
Schema.org markup unlocks rich results. Start with Organization or WebSite.
No favicon linkStructure
Add <link rel="icon" href="/favicon.ico">.
Missing Strict-Transport-SecuritySecurity
Forces browsers onto HTTPS. Add: Strict-Transport-Security: max-age=31536000; includeSubDomains
Missing Content-Security-PolicySecurity
The single biggest XSS mitigation. Start with a permissive default-src and tighten over time.
Missing X-Content-Type-OptionsSecurity
Prevents MIME-sniffing attacks. Add: X-Content-Type-Options: nosniff
Missing Referrer-PolicySecurity
Controls how much URL info leaks to third parties. Try: strict-origin-when-cross-origin
Missing Permissions-PolicySecurity
Restricts powerful APIs (camera, geolocation, etc.). Set a tight allow-list.

What's working

3 ✓
HTTPS enabledSecurity
Connection is encrypted.
Compression: gzipPerformance
HTML is compressed in transit.
Fast first responsePerformance
54ms — feels instant.

Security headers

HTTP response
Strict-Transport-Securitymissing
Content-Security-Policymissing
X-Content-Type-Optionsmissing
Referrer-Policymissing
Permissions-Policymissing
X-Frame-Optionsset

Want this every week?

Track it live with vibestat.

Add one script to your site. See real visitors, Core Web Vitals, and weekly recommendations — all without cookies.

Get the snippet
google.com — SEO, performance & security audit (score 52) · Vibestat