Skip to content
https://improvingliteracy.org

Compliance

· 23 checks — WCAG, consent & privacy, language, viewport, cookie inventory, and legal pages rolled into one auditable list.
SCORE
77
GRADE
C
FIX
1
REVIEW
4
PASS
15
INFO
3
Checks
23
15 PASS 4 REVIEW 1 FIX
F
GDPR Article 13 Disclosures
Action
0 / 8 Art. 13 categories matched in homepage body
FIX
0 / 8 Art. 13 categories matched in homepage body
Warning::
GDPR Article 13 disclosure coverage: 0 / 8 categories
Scanned the homepage body text AND the linked /privacy page for GDPR Article 13 disclosures. Matched 0 of 8 categories: . Missing: Data Protection Officer contact (where applicable), Data retention period, Data subject rights (access, erasure, rectification, etc.), Identity / contact details of the data controller, International data transfers, Legal basis for processing, Recipients of personal data, Right to lodge a complaint with a supervisory authority. Note: only the FIRST same-origin privacy-policy link is followed; deeper sub-pages (e.g. /legal/data-subject-rights) are not fetched.
Got: 0/8
B
Cross-Site Cookies (SameSite=None)
1 cross-site cookie(s) (1 tracking-shaped, 0 essential)
REVIEW
1 cross-site cookie(s) (1 tracking-shaped, 0 essential)
Info::
1 tracking-shaped cross-site cookie(s): __cf_bm
Cookies with SameSite=None travel in cross-site contexts (third-party iframes, cross-origin POSTs, embedded widgets). With third-party cookies dying in Chrome/Firefox, the legitimate use cases narrowed to SSO + payment widgets + federated auth. Each tracking-shaped cookie surfaced here is a cross-site analytics or ad-tech surface that needs explicit privacy-policy disclosure beyond basic cookie banner consent. Audit each: is it conditional on consent? Does the privacy policy name the recipient + purpose? Switching to SameSite=Lax disables the cross-site travel without breaking same-site analytics.
C
Compliance Badges
Action
0 compliance badge(s) detected
REVIEW
0 compliance badge(s) detected
Info::
No compliance badges detected
No recognized compliance certification badges or seals were found. This is common — many sites do not display compliance badges.
SOC 2
ISO 27001
PCI DSS
GDPR Certified
HIPAA Compliant
Better Business Bureau
TRUSTe / TrustArc
Privacy Shield
McAfee SECURE / TrustedSite
Norton Secured
Badge detection is based on image alt text, link URLs, and page content. Detection does not verify that certifications are current or valid.
A+
WCAG Compliance
No testable criteria
PASS
No testable criteria
Level A
Level AA

0

Passed

0

Failed

0

Partial

0

Manual review

0

Not tested

Key accessibility barriers

Links with unclear purpose

5 link(s) have empty or generic text

Screen reader users navigating by link list

Automated testing covers ~30–40% of WCAG criteria. Manual review is recommended for full conformance.

Full WCAG 2.1 AA compliance checklist — paste into a client deliverable or ticket

A+
Tracker Inventory
1 known tracker(s) detected
PASS
1 known tracker(s) detected
Info::
1 known tracker(s) detected
Inventory of trackers loaded by the page (matched against a curated SDK URL registry): analytics: Google Analytics 4 Each entry maps a script URL pattern to a known vendor SDK. This is purely informational -- consent posture / pre-consent firing is graded by the consent analyzer.
A
Language & i18n
Lang attribute present
PASS
Lang attribute present
Info::
<html lang> attribute is present
Info::
<html lang> value is valid
Info::
No Content-Language HTTP header
Info::
Language signals are inconsistent
The <html lang> attribute and Content-Language header should agree.
Page Language DetectedContent-Language Header Consistent No

The <html lang> attribute and Content-Language header should agree.

Why this matters

<html lang>, Content-Language, or og:locale disagree — pick one source of truth and align the others.

Learn more

Browsers and assistive tech use different sources for language. When they disagree, behavior is undefined: some pronounce by <html lang>, some by Content-Language. Decide on the canonical language for the page and set all signals to match.

Source: WCAG 2.1 SC 3.1.1

A+
Hreflang Configuration
No hreflang tags on this page
PASS
No hreflang tags on this page
Info::
No hreflang tags found (single-language site)
A+
Internationalization Extras
No additional i18n signals detected
PASS
No additional i18n signals detected
Info::
No additional i18n signals detected
A+
Readability & Typography
Font sizes and tap targets checked
PASS
Font sizes and tap targets checked
A+
Viewport Configuration
Viewport properly configured
PASS
Viewport properly configured
Info::
Viewport meta tag is present
Info::
width=device-width is set
Info::
User zooming is allowed
Viewport Configuration Good
Content
width=device-width, initial-scale=1
width=device-width

Responsive layout enabled

initial-scale=1

Correct initial zoom level

User zooming allowed

Accessibility-friendly — users can zoom

A
Accessibility Statement
Statement found, no conformance level
PASS
Statement found, no conformance level
Info::
Accessibility statement found but lacks WCAG conformance level
Mature accessibility statements declare a target conformance level (e.g., WCAG 2.1 AA). Without a stated level, users and reviewers cannot tell what the statement actually commits to.
Got: https://improvingliteracy.org/terms-conditions#accessibility
A+
Third-Party Trackers
5 trackers detected
PASS
5 trackers detected
Info::
5 third-party trackers detected
Found 3 analytics, 0 advertising, 1 marketing, 1 tag manager, 0 session-replay, 0 heatmap trackers.
Got: 5 trackers
A+
Tracking Pixel Inventory
No tracking pixels detected
PASS
No tracking pixels detected
Info::
No tracking pixels detected
A+
Browser Fingerprinting
No browser-fingerprinting libraries detected
PASS
No browser-fingerprinting libraries detected
Info::
No browser-fingerprinting libraries detected
A+
Beacon Tracking (sendBeacon)
No navigator.sendBeacon usage detected in inline scripts
PASS
No navigator.sendBeacon usage detected in inline scripts
Info::
No navigator.sendBeacon usage detected in inline scripts
Regulatory Indicators
2 regulatory indicator(s) detected
INFO
2 regulatory indicator(s) detected
Info::
This is a technical scan, not a legal assessment
BeaverCheck detects technical indicators that may suggest regulatory relevance. This is not a compliance audit and should not be relied upon for legal decisions. Consult qualified legal counsel for compliance assessments.
Info::
ADA indicators detected (moderate confidence)
Indicators suggesting ADA may be relevant: Accessibility link found: Accessibility. Americans with Disabilities Act / Section 508 — requires digital accessibility for people with disabilities.
Got: 1 indicators: Accessibility link found: Accessibility
Info::
HIPAA indicators detected (weak confidence)
Indicators suggesting HIPAA may be relevant: Text mentions: phi. Health Insurance Portability and Accountability Act — protects sensitive patient health information.
Got: 1 indicators: Text mentions: phi

This is a technical scan, not a legal assessment.

BeaverCheck detects technical indicators that may suggest regulatory relevance. This should not be relied upon for legal decisions. Consult qualified legal counsel.

ADA Moderate

Americans with Disabilities Act / Section 508 — requires digital accessibility for people with disabilities.

Indicators detected

  • Accessibility link found: Accessibility
HIPAA Weak

Health Insurance Portability and Accountability Act — protects sensitive patient health information.

Indicators detected

  • Text mentions: phi
Third-Party Data Sharing
2 third-party service(s) detected
INFO
2 third-party service(s) detected
Info::
Data inventory for transparency purposes
This inventory identifies third-party services that receive data from your site visitors. Under regulations like GDPR (Article 30), maintaining records of data processing activities is commonly considered a best practice. This automated scan provides a starting point — it may not capture all data flows.
Info::
2 third-party services across 2 categories
2 third-party services detected across 2 categories: Analytics (1), CDN (1). Each of these services receives some user data from your site visitors.
Info::
Google Analytics (Analytics)
Detected via script URL. Typically collects: Page views, User behavior, Demographics, Device info, IP address. Privacy policy: https://policies.google.com/privacy. Data Processing Agreement available.
Got: Category: Analytics | Data types: Page views, User behavior, Demographics, Device info, IP address
Info::
Cloudflare (CDN)
Detected via script URL. Typically collects: IP address (transient), Request metadata. Privacy policy: https://www.cloudflare.com/privacypolicy/. Data Processing Agreement available.
Got: Category: CDN | Data types: IP address (transient), Request metadata
Analytics (1)
CDN (1)
Google Analytics Analytics
Detected by: script URL
Data typically collected:
Page viewsUser behaviorDemographicsDevice infoIP address
Privacy policy → DPA available ✓
Cloudflare CDN
Detected by: script URL
Data typically collected:
IP address (transient)Request metadata
Privacy policy → DPA available ✓

This inventory identifies services receiving visitor data.

Under regulations like GDPR Article 30, maintaining records of data processing is commonly considered a best practice. This scan provides a starting point.

Readability Scores
622 words, Flesch-Kincaid grade 20.1
INFO

Readability Analysis (Flesch-Kincaid)

Grade Level

20.1

Grade 20 (college+)

Reading Ease

4

Very Difficult

Words

622

Sentences

21

All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback