Report loading
zelarahealth.com
Preparing the full page inventory and screenshots.
Score
49
Issues
Analyzed
Report loading
Preparing the full page inventory and screenshots.
Poor
Health Score
Here's the simple version
49/100 - poor. Start with the fixes below before reading the full report. The absence of a **Content-Security-Policy (CSP)** represents a high-priority security concern that leaves _Zelara Health_ vulnerable to cross-site scripting (XSS) and injection attacks. The _Zelara Health_ digital presence excels in technical performance and brand positioning. The site demonstrates exceptional Core Web Vitals, specifically a rapid Largest Contentful Paint (LCP) of 516ms, and maintains a premium, clinical aesthetic through sophisticated typography and color palettes. Furthermore, the site is well-prepared for modern email security, with correctly configured SPF, DMARC, and DKIM records. The highest-impact weakness is the lack of fundamental security headers. Beyond the missing CSP, the site lacks `X-Frame-Options` and `X-Content-Type-Options`, which increases the risk of clickjacking and MIME-sniffing attacks. These omissions, combined with the presence of inline event handlers, create an unnecessarily large attack surface for malicious actors. The most significant growth opportunity lies in optimizing for the emerging AI-search economy. While the site is technically accessible to AI crawlers, it lacks the structured content necessary to dominate answer engines. By implementing specific `Service` or `MedicalBusiness` schema, creating dedicated FAQ/product pages, and publishing an `llms.txt` file, the brand can ensure its clinical expertise is accurately cited by AI agents and retrieval-augmented generation (RAG) systems. To stabilize the platform, the following actions must be prioritized in the next 30 days: - Implement a robust **Content-Security-Policy** to mitigate injection risks. - Deploy missing security headers, including `X-Frame-Options` and `X-Content-Type-Options`. - Resolve accessibility gaps by associating explicit `<label>` tags with all form inputs.
Poor
Health score
Launch blockers
No major launch blockers found.
The rest of the report is a fix queue, not a reason to panic.
Fix first
Start with the top 3.
These are the items most likely to improve trust, speed, or conversion.
Best next step
Hand the fix list to your builder or AI agent.
The technical detail is still here when they need evidence.
Biggest area to improve: Security Headers, which mostly means visitor safety and trust.
The full report has all the proof. This is the owner-friendly version of what to do first.
Plain-English reason
This affects visitor safety and trust. PageLens marked it as important so you know where it belongs in the queue.
What to ask your builder or AI agent to do
Add a Content-Security-Policy header. Start restrictive: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
No CSP header found. The site is vulnerable to XSS and injection attacks.
Plain-English reason
This affects whether everyone can use the site. PageLens marked it as worth fixing so you know where it belongs in the queue.
What to ask your builder or AI agent to do
Add descriptive alt text to all informational images. For purely decorative images, use alt="" to mark them as presentation-only.
1 <img> element(s) lack an alt attribute. Screen readers cannot describe these images to visually impaired users.
Plain-English reason
This affects whether everyone can use the site. PageLens marked it as worth fixing so you know where it belongs in the queue.
What to ask your builder or AI agent to do
Ensure every `<label>` element has a `for` attribute that matches the `id` of its corresponding input. For example: `<label class='input-label' for='heroEmail'>Email</label><input type='email' class='input-field' id='heroEmail' ...>`.
While visual labels exist (e.g., 'Email', 'Primary interest'), the HTML uses a pattern where the label is a separate <div> or <span> rather than being programmatically linked to the input via the 'for' attribute and matching 'id'. This can prevent screen readers from correctly announcing the purpose of the field when it gains focus.
Same data as the full report, grouped by what a non-technical owner should do with it.
High-impact fixes that should usually be tackled before anything else.
Important fixes that may need more development time or a design decision.
Nothing in this bucket.
Polish and lower-priority work. Useful, but not where to start.
Need the detail?
The full report still has every finding, evidence, rule ID, filters, screenshots, and technical panels.
