Services Case Study Blog About Contact
What We Test: 100+ Checks in Our Website Audits

What We Test: 100+ Checks in Our Website Audits

SEO · March 4, 2026 · 3 min read · Torbjörn Reidarsson

When we audit a website, we don't settle for surface-level tests. We run 100+ checks spread across five areas: SEO, Schema.org, site health, performance and security. Here is the complete list — the same checklist we use for our clients.

1. SEO audit

Basic and advanced SEO checks that affect how search engines index and rank the site.

  • Title tag — present, correct length, unique per page
  • Meta description — present and correct length
  • H1 tag — present, only one per page, contains keywords
  • Heading hierarchy — logical order H1→H2→H3
  • Alt attributes on images — missing or not descriptive
  • Canonical URL — present and pointing correctly
  • Hreflang tags — for multilingual sites
  • Open Graph tags — og:title, og:description, og:image
  • Twitter Card tags
  • Robots meta — checking for noindex/nofollow
  • URL structure — readable and SEO-friendly slugs
  • Internal linking — orphan pages, broken links
  • External links — broken and nofollow handling
  • Sitemap.xml — present, validates, complete
  • Robots.txt — present with correct directives
  • Mobile-friendliness — viewport, responsive design
  • Keyword density — placement and balance
  • Content length — quality signals
  • Duplicate content — detection
  • Redirect chains — 301/302 redirect chains

2. Schema.org audit

Structured data that gives search engines extra context — and can result in rich snippets in search results.

  • JSON-LD syntax — valid JSON-LD
  • Schema type correctness — Organization, LocalBusiness, Product, Article etc.
  • Required properties — per schema type
  • Google Rich Results — eligible for enhanced search results
  • Breadcrumb markup
  • FAQ markup
  • HowTo markup
  • Review/Rating markup
  • Product markup — price, availability, SKU
  • Article markup — headline, datePublished, author
  • Event markup
  • Video markup
  • Sitelinks Searchbox markup
  • Logo and contact markup
  • Social profile links
  • Nested entities — @id referencing
  • Deprecated properties
  • Google Search Console warnings — matching

3. Site health

Basic quality checks that affect usability, crawling and overall impression.

  • Broken links — 4xx errors
  • Server errors — 5xx
  • Redirect chains and loops
  • Mixed content — HTTP resources on HTTPS pages
  • Favicon — missing
  • Custom 404 page
  • Sitemap vs actual pages — discrepancies
  • Orphan pages — no internal links pointing to them
  • Crawl depth — pages more than 3 clicks from homepage
  • Duplicate titles and descriptions
  • Thin content — pages with <300 words
  • HTML validation — W3C standard
  • CSS validation
  • Viewport configured
  • Language declaration — html lang attribute
  • Character encoding — UTF-8
  • Print stylesheet
  • DNS resolution time

4. Performance audit

Fast sites rank better and convert more. We test everything that affects loading time and perceived speed.

  • Loading times — TTFB, FCP, LCP
  • Core Web Vitals — LCP, INP, CLS
  • Total page size — KB/MB
  • Number of HTTP requests
  • Image optimization — format, compression, dimensions
  • Modern image formats — WebP/AVIF
  • Lazy loading
  • CSS minification
  • JavaScript minification
  • Unused CSS/JS — detection
  • Render-blocking resources
  • Browser caching — Cache-Control, Expires
  • Gzip/Brotli compression
  • CDN usage
  • Font loading strategy — font-display
  • Third-party script impact
  • DOM size
  • Server response time
  • HTTP/2 or HTTP/3
  • Preconnect/prefetch hints

5. Security audit

Security protects both you and your visitors. We test headers, encryption and common vulnerabilities.

  • HTTPS — valid SSL/TLS certificate
  • Certificate expiration date
  • TLS version — minimum 1.2
  • HSTS header — Strict-Transport-Security
  • Content-Security-Policy
  • X-Content-Type-Options
  • X-Frame-Options / frame-ancestors
  • Referrer-Policy
  • Permissions-Policy
  • Cross-Origin headers — CORS, COEP, COOP
  • Cookie security — Secure, HttpOnly, SameSite
  • Mixed content warnings
  • Open redirects
  • Information leakage — server version, powered-by headers
  • Directory listing
  • Exposed config files — .env, credentials
  • SQL injection — surface scanning
  • XSS — reflection scanning
  • CSRF token handling — on forms
  • Subresource Integrity (SRI) — on CDN scripts

Want to know how your site performs?

We run all these tests and compile the results into a clear report with prioritized action items. Contact us for a free initial analysis.

#Performance #Security #SEO #SEO Audit #Technical SEO #Web Development

Related articles