sample-preview.example
Fix before launch
Work the launch plan first
Sample reports become a developer handoff, client summary, and PR gate artifact from the same audit data.
Fix These First
1. Content Security Policy
Security · HIGH · Confirmed
No Content-Security-Policy header was detected.
Evidence: Response headers did not include content-security-policy.
Fix: Add a restrictive CSP in your framework middleware or hosting config, then relax only the domains your app actually needs.
2. Authenticated pass login
Authentication · HIGH · Likely
Login completed, but account settings exposed client-side authorization hints.
Evidence: The logged-in page included admin route names in the client bundle.
Fix: Move route authorization to the server and keep admin-only route metadata out of public bundles.
3. Largest Contentful Paint
Performance · MEDIUM · Likely
Hero content loaded slower than expected on a mobile viewport.
Evidence: LCP estimate: 3.8s on the sample mobile pass.
Fix: Preload the hero image, compress oversized assets, and defer non-critical scripts.
Score by category
Developer detail
Content Security Policy
No Content-Security-Policy header was detected.
Authenticated pass login
Login completed, but account settings exposed client-side authorization hints.
Largest Contentful Paint
Hero content loaded slower than expected on a mobile viewport.
Page title
A specific title was found.