Report loading
voyageotravel.com
Preparing the full page inventory and screenshots.
Score
94
Issues
Analyzed
Report loading
Preparing the full page inventory and screenshots.
Excellent
Health Score
The short version
The _Voyageo_ platform demonstrates strong foundational security and compliance signals, but requires immediate remediation of accessibility and header configurations to meet CASA readiness standards. The application exhibits high-quality technical hygiene in several key areas. Security headers including **HSTS**, **X-Frame-Options**, and **X-Content-Type-Options** are correctly implemented, and the absence of cross-domain JavaScript sources reduces the client-side supply-chain attack surface. Furthermore, the presence of a visible privacy policy and Google OAuth disclosure language provides the necessary evidence trail for an upcoming formal assessor review. A serious security concern exists regarding the **Content-Security-Policy (CSP)**, which contains insecure directives such as `script-src 'unsafe-hashes'`. This weakens XSS protections and must be hardened before a formal audit. Additionally, the site presents a high-priority accessibility issue where several touch targets fail to meet the minimum 24px size requirement, potentially impacting mobile user interaction and compliance. The most significant opportunity lies in optimizing the site for AI-driven discovery and agentic workflows. While the `llms.txt` file is present, it currently lacks the structural depth—specifically H1 headings and contact sections—required for effective machine-readable summaries. Strengthening the semantic hierarchy and expanding the `SoftwareApplication` schema will improve how answer engines interpret and cite the product. To prepare for formal certification, the following actions must be completed within the next 30 days: - Harden the **Content-Security-Policy** by removing `unsafe-hashes` and tightening `img-src` directives. - Remediate all touch targets to meet the minimum **24px** dimension or spacing requirement. - Resolve the **404 Page Not Found** broken route and fix the canonical link errors to ensure crawler stability.
This is framed for CASA readiness: Assessor-visible security and evidence gaps
Excellent
Your site is in strong shape. The report is mostly polish and protection against future surprises.
Biggest area to improve: Security Headers
This area scored 94/100 and has 1 finding. In plain English, this is about visitor safety and trust.
CASA readiness note
This report helps prepare for a Google OAuth CASA review by surfacing public frontend evidence and likely assessor questions. It is not certification, a penetration test, or a Letter of Validation. Use the full technical report for the evidence pack.
The three findings most likely to matter first. Send these to your builder before the full report.
What we found
The requested URL `/privacy-policy` is returning a 404 error. This is a critical failure as legal compliance pages must be accessible to users and search engines.
Why it matters
This is important because it affects things that are broken or failing.
What to ask your builder to do
Verify the routing configuration in your application (e.g., Next.js file-based routing or React Router configuration) to ensure the `/privacy-policy` path is correctly mapped to a valid component.
What we found
The `<link rel='canonical' href='https://voyageotravel.com/'>` element points to the root domain rather than the specific page. This can cause search engines to de-index the privacy policy or incorrectly attribute its authority to the homepage.
Why it matters
This is important because it affects things that are broken or failing.
What to ask your builder to do
Update the canonical tag on the privacy policy page to match its actual URL: `<link rel='canonical' href='https://voyageotravel.com/privacy-policy'>`.
What we found
Ensure touch targets have sufficient size and space. Fix any of the following: Target has insufficient size (204.7px by 16px, should be at least 24px by 24px) Target has insufficient space to its closest neighbors. Safe clickable space has a diameter of 22px instead of at least 24px.
Why it matters
This is important because it affects whether everyone can use the site.
What to ask your builder to do
Element matching `small > a[rel="noopener"][target="_blank"]` is rendered at 204.7x16 px; touch targets must be >=24x24 px (WCAG 2.5.8). Add padding (e.g. `min-h-[24px] min-w-[24px]` in Tailwind, or `padding` so the bounding box reaches 24 px in both dimensions). Reference: https://dequeuniversity.com/rules/axe/4.11/target-size?application=playwright
Same data as the full report, grouped by what a non-technical owner should do with it.
High-impact fixes that should usually be tackled before anything else.
Important fixes that may need more development time or a design decision.
Nothing in this bucket.
Polish and lower-priority work. Useful, but not where to start.
Need the detail?
The full report still has every finding, evidence, rule ID, filters, screenshots, and technical panels.
