Report loading
aplyr.io
Preparing the full page inventory and screenshots.
Report loading
Preparing the full page inventory and screenshots.
Poor
Health Score
Score by category
The headline health score combines page-level quality and site-wide repeat patterns, then stays anchored to the weakest visible category so it never looks worse than every category beneath it.
Section 01
The Aplyr digital presence is built on a foundation of exceptional performance and sophisticated brand identity, yet it faces critical security vulnerabilities that threaten user trust.
The site demonstrates industry-leading technical performance, with Largest Contentful Paint (LCP) metrics consistently under 800ms on both desktop and mobile. This speed is paired with a premium design system utilizing high-contrast typography and a cohesive dark theme that establishes immediate professional credibility. Furthermore, the implementation of semantic HTML and comprehensive Open Graph meta tags ensures that the brand is well-positioned for search engine crawling and rich social media previews.
However, the absence of a Content-Security-Policy (CSP) header represents a high-impact security weakness, leaving the platform vulnerable to cross-site scripting (XSS) and injection attacks. This technical debt is compounded by secondary configuration gaps, such as missing X-Frame-Options, which exposes the site to clickjacking risks. On mobile, the user experience is further hindered by high content density in the hero section, which pushes primary conversion elements too far down the viewport, and excessively small text within feature cards that compromises readability.
The greatest opportunity lies in optimizing the conversion funnel through refined visual hierarchy and SEO precision. Shortening page titles to prevent truncation in search results will improve click-through rates, while increasing the visual prominence of secondary CTAs—such as "See sample results"—will better guide users through the product's value proposition. Strengthening the subheadline with more action-oriented language can further bridge the gap between initial interest and active tool usage.
First 30 days recommendation:
5 highest-impact findings, ranked.
No CSP header found. The site is vulnerable to XSS and injection attacks.
How to fix: Add a Content-Security-Policy header. Start restrictive: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
On /
Ensure the contrast between foreground and background colors meets WCAG 2 AA minimum contrast ratio thresholds. Fix any of the following: Element has insufficient color contrast of 3.77 (foreground color: #c2410c, background color: #0d0c0a, font size: 9.8pt (13px), font weight: normal). Expected contrast ratio of 4.5:1
How to fix: Element matching `.blog-nav-brand` has contrast ratio 3.77; WCAG AA requires 4.5:1. Increase the contrast between foreground and background colours (the Tailwind hint below proposes the next darker step in the same family if the offending class is a recognised palette utility). Reference: https://dequeuniversity.com/rules/axe/4.11/color-contrast?application=playwright
On /blog
Browsers may MIME-sniff responses without this header.
How to fix: Add: X-Content-Type-Options: nosniff
On /
The page can be embedded in iframes, risking clickjacking.
How to fix: Add: X-Frame-Options: DENY (or SAMEORIGIN if embedding is needed). Alternatively, set CSP frame-ancestors.
On /
The hero headline and subheadline are quite large, which pushes the primary CTA 'Try it free' further down the viewport on smaller mobile screens. This can increase friction for users to take action.
How to fix: Consider reducing the font size of the H1 (e.g., `font-size: 2.5rem` instead of `3rem`) or slightly tightening the line-height on mobile to bring the primary CTA higher into the viewport.
On /
