Netherlands · Amsterdam Completed: Apr 17, 2026 03:52 UTCScore: 60 / 100
Based on 4 categories, 27 sections
Several missing protections leave your users and data exposed.
Major barriers for users with disabilities — up to 15% of your audience.
Solid infrastructure — fast server responses across the board.
Several regulatory requirements are not yet met.
The overall score is a weighted average of individual category scores. Categories with more impact on user experience and security carry more weight.
Weights reflect general web best practices. Individual needs may differ.
Content-Security-Policy header is missing
Security gaps expose your site and users to attacks, eroding trust.
No Content-Security-Policy header found
Security gaps expose your site and users to attacks, eroding trust.
Cross-Origin-Embedder-Policy header is missing
Security gaps expose your site and users to attacks, eroding trust.
Cross-Origin-Opener-Policy header is missing
Security gaps expose your site and users to attacks, eroding trust.
HSTS is missing includeSubDomains
Security gaps expose your site and users to attacks, eroding trust.
High impact, low effort — start here.
High impact, requires investment.
Nothing in this quadrant — good news.
Small gains, minimal effort.
Nothing in this quadrant — good news.
Low impact, high effort — do last.
Nothing in this quadrant — good news.
[](https://beavercheck.com/results/10ed841b-abd5-4cf4-bb47-e0c0264eeba3)<a href="https://beavercheck.com/results/10ed841b-abd5-4cf4-bb47-e0c0264eeba3"><img src="https://beavercheck.com/badge?url=https%3A%2F%2Fshotprep.io" alt="BeaverCheck Score"></a>https://beavercheck.com/badge?url=https%3A%2F%2Fshotprep.ioThis badge auto-updates with your latest scan result.
Your site has several issues that may be affecting user experience and business outcomes. Addressing the critical issues below would have the most immediate impact on your user trust.
3 barrier(s) likely increasing bounce by ~22%.
No HSTS header
+1% bounceReturning visitors are briefly exposed to downgrade attacks on first request
Fix: Set Strict-Transport-Security: max-age=31536000; includeSubDomains
No Content-Security-Policy header
+1% bounceHigher XSS blast radius — one compromised script can exfiltrate the checkout form
Fix: Ship a reporting-only CSP first, then enforce once violations are clean
No viewport meta tag
+15% bounceMobile browsers render at desktop width and shrink — text unreadable, tap targets miniature
Fix: Add <meta name="viewport" content="width=device-width, initial-scale=1">
Preliminary CRO audit — each barrier links to the tab with detailed analysis.
$250 investment → $0.00/month returns + USD 7,500 risk avoided
$250
2h · 5 findings
$0.00 /mo
~$0.00 / year
USD 7,500
if kept compliant
Figures combine localized regulatory fine ceilings, search/conversion value priced against local CPC, and bandwidth waste estimates. Results depend on implementation quality and audience composition. Not legal or financial advice.
2.5 developer hours at $100/hr
Based on United States rates ($100/hr)
Start here for the best return on investment
$625 / month at risk
~$7,500 / year if left unfixed
$7,500
Compliance figures represent the statutory maximum fine for the most severe triggered category, capped per regulation — not the sum of per-finding penalties. Based on published regulatory fine ranges. This is not legal advice.
Thanks for your feedback!
We'll use a cached audit if available, or offer to scan.
Industry-standard audits powered by Google Lighthouse.
Key metrics that affect user experience.
Desktop audit not available for this result.
Send Feedback