# SEO + Security + Performance Audit — 51 Checks

> Complete list of all 51 checks in the Be1st.ai SSP Audit tool.

51 checks total (8 CDP)

> Checks marked [CDP] require Chrome DevTools Protocol (PRO tier).

## SEO Health

*30 checks — S1 to S30*

### S1 — Title tag existence

Checks if the page has a <title> tag in the <head> section.

### S2 — Title — length

Optimal length of 50-60 characters for proper display in search results.

### S3 — H1 heading

The page should have exactly one <h1> heading.

### S4 — Heading hierarchy

Checks that headings (H1-H6) don't skip levels.

### S5 — Canonical URL

Verifies <link rel='canonical'> to prevent duplicate content.

### S6 — Viewport meta tag

Meta viewport tag for proper display on mobile devices.

### S7 — Robots meta tag

Checks meta robots — whether 'noindex' or 'nofollow' is set.

### S8 — Open Graph tags

og:title, og:description, og:image for proper sharing on social networks.

### S9 — Twitter Card tags

Checks twitter:card, twitter:title and twitter:description tags.

### S10 — Structured data

Verifies JSON-LD, microdata or RDFa structured data.

### S11 — Image ALT texts

Every image should have an alt attribute for accessibility and SEO.

### S12 — Internal links

Minimum of 3 internal links for proper navigation and PageRank distribution.

### S13 — External links

Checks for the existence of links to relevant external resources.

### S14 — Anchor text quality

Verifies that anchor texts describe target pages (not 'click here').

### S15 — Clean URLs

URLs without query parameters, hashbangs and unnecessary fragments.

### S16 — HTML lang attribute

Correct language attribute on the <html> tag (e.g. lang='en').

### S17 — Favicon

Verifies that the website has a defined favicon icon.

### S18 — Status code & broken links

HTTP status code of the checked URL + verification of all <a href> links on the page via HEAD requests.

### S19 — Robots.txt

Verifies the existence and correctness of the robots.txt file.

### S20 — Sitemap.xml

Checks if the website has an accessible and valid sitemap.xml.

### S21 — HTTPS redirect

Automatic redirect from HTTP to HTTPS.

### S22 — WWW consistency

Consistent use of www/non-www version of the domain.

### S23 — Trailing slash consistency

Consistent use/non-use of trailing slash in URLs.

### S24 — HTML size

HTML document size — ideally under 100 KB.

### S25 — Mobile-friendly indicators

Checks responsive design and mobile accessibility.

### S26 — Content length

Minimum of 300 words for sufficient content relevance.

### S27 — Keyword density

Keyword density — checks whether it is overstuffed or insufficient.

### S28 — Hreflang tags

Checks hreflang tags for multilingual websites.

### S29 — Pagination

Verifies rel='prev' and rel='next' for paginated pages.

### S30 — Breadcrumb navigation

Checks breadcrumb navigation for better orientation.

## Security

*11 checks — SEC1 to SEC11*

### SEC1 — HTTPS

Verifies that the website runs on HTTPS with a valid certificate.

### SEC2 — HSTS

Strict-Transport-Security header — max-age >= 31536000, includeSubDomains.

### SEC3 — CSP

Content-Security-Policy — no unsafe-inline, unsafe-eval or wildcards.

### SEC4 — X-Frame-Options

Clickjacking protection — DENY or SAMEORIGIN.

### SEC5 — X-Content-Type-Options

Header 'nosniff' to prevent MIME-type sniffing.

### SEC6 — Referrer-Policy

Checks referrer policy — recommended strict-origin-when-cross-origin.

### SEC7 — Permissions-Policy

Denying access to camera, microphone and geolocation.

### SEC8 — Mixed Content [CDP]

Detection of HTTP resources on an HTTPS page (images, scripts, styles).

### SEC9 — Security Warnings [CDP]

Captures security warnings in the browser console.

### SEC10 — Insecure Cookies [CDP]

Checks SameSite, Secure and HttpOnly flags on cookies.

### SEC11 — Deprecated APIs [CDP]

Detection of deprecated browser API usage.

## Performance

*10 checks — P1 to P10*

### P1 — Response Time

Server response time — ideally under 1 second, warning under 3s.

### P2 — HTML Size

HTML document size — pass under 100 KB, warning under 500 KB.

### P3 — External Resources

Number of external scripts, styles and images — ideally under 20.

### P4 — Inline CSS

Amount of inline CSS — pass under 10 KB, warning under 50 KB.

### P5 — Inline JS

Amount of inline JavaScript — pass under 10 KB, warning under 50 KB.

### P6 — Image Optimization

Lazy loading, srcset and proper image formats (WebP, AVIF).

### P7 — Total Page Weight [CDP]

Total page size — pass under 2 MB, warning under 5 MB.

### P8 — Request Count [CDP]

Total number of HTTP requests — pass under 50, warning under 100.

### P9 — CSS Coverage [CDP]

How much of the CSS code is actually used on the page.

### P10 — JS Coverage [CDP]

How much of the JavaScript code is actually used on the page.