Report loading
tictactoetwo.vercel.app
Preparing the full page inventory and screenshots.
Report loading
Preparing the full page inventory and screenshots.
Poor
Health Score
Score by category
The headline health score combines page-level quality and site-wide repeat patterns, then stays anchored to the weakest visible category so it never looks worse than every category beneath it.
Section 01
The absence of a Content-Security-Policy (CSP) combined with 39 inline event handlers leaves Tic Tac Toe Two critically vulnerable to cross-site scripting (XSS) attacks.
Tic Tac Toe Two delivers an exceptionally fast initial experience, maintaining a Largest Contentful Paint (LCP) of 904ms. The platform establishes a memorable visual character through a distinct typographic hierarchy using 'Bebas Neue' and 'Space Mono'. On both desktop and mobile, the primary call-to-action remains prominent above the fold, and the site provides clear visible feedback for keyboard users via consistent focus styling.
Severe structural deficiencies currently limit the product's reach and usability. The landing page lacks an H1 heading and contains thin content, making it difficult for search engines to establish context. On both desktop and mobile, form inputs—specifically username and password fields—rely solely on placeholders, which creates cognitive load and accessibility barriers once the user begins typing. Additionally, heavy third-party loads of 948 KB introduce significant network overhead that threatens performance stability.
A major opportunity exists to drive organic growth and social virality through metadata optimization. Implementing comprehensive Open Graph and Twitter Card tags will transform bare URLs into rich, engaging previews during social sharing on platforms like WhatsApp or X/Twitter. Strengthening SEO fundamentals—specifically adding a descriptive meta description, a canonical URL, and an optimized page title—will significantly improve search engine visibility and click-through rates.
<label> elements to all form inputs for improved accessibility.5 highest-impact findings, ranked.
The initial viewport contains very little meaningful text beyond labels and inputs. This can make it difficult for search engines to understand the context of the importance of this page, though it is expected for a game lobby.
How to fix: Consider adding a small 'About' or 'Features' section below the fold that provides more depth and keyword-rich content to improve SEO and brand trust.
On /
Third-party scripts (analytics, embeds, ad pixels, font CDNs, chat widgets) are hosted outside your control and often render-block, INP-block, or both. Each adds DNS resolution + TLS overhead and can fail independently of your own infrastructure.
How to fix: Audit every third-party tag: drop ones you're no longer measuring, switch from <script> to async/defer, route analytics through a single tag manager, and self-host fonts as woff2 (most font CDNs add 50-150 KB per family).
On /
No CSP header found. The site is vulnerable to XSS and injection attacks.
How to fix: Add a Content-Security-Policy header. Start restrictive: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'
On /
Google typically displays 50–60 characters of the title in search results. A title under 30 chars usually fails to set context.
How to fix: Expand the title to 30–60 characters with the page topic and a brand suffix, e.g. <title>Page topic — Brand</title>.
On /
No <meta name="description"> on this page. Google may auto-generate snippet text from page content, which is usually less compelling than a hand-written description.
How to fix: Add: <meta name="description" content="Compelling 120-160 char summary of this page."> — front-load the value proposition.
On /