Skip to content
Audit Complete

Results for https://surfshark.com

Visit site
Corporate / Enterprise · estimated Tracking: leads
Brazil Brazil · Sao Paulo Completed: Apr 22, 2026 23:13 UTC
Share card preview
Share on X Share on LinkedIn Share on Reddit Share on Hacker News Share via Email Download share image Embed Badge
Download JSON Download Markdown Report

Mobile 375 × 812

Screenshot of the audited page (Mobile 375×812)

Desktop 1440 × 900

Screenshot of the audited page (Desktop 1440×900)
B81

Site Health

Score: 81 / 100

Based on 8 categories, 0 sections

Decent speed, but optimizing further could improve engagement.

Several missing protections leave your users and data exposed.

Several issues make your site difficult for assistive technology users.

Well-optimized for search — your content is discoverable.

Solid infrastructure — fast server responses across the board.

Strong compliance posture across regulations.

Rich content metadata — your pages look great everywhere.

Lean and efficient — low environmental impact per visit.

How is this calculated?

The overall score is a weighted average of individual category scores. Categories with more impact on user experience and security carry more weight.

Performance 25%Security 25%Accessibility 15%SEO 10%Infrastructure 10%Compliance 8%Content 5%Sustainability 2%

Weights reflect general web best practices. Individual needs may differ.

How the composite score is calculated

How you compare

Cloudflare Bot Management · 437 peers
You 81
·
Avg 74
+7 above average
0 50 100
Better than 96% of Cloudflare Bot Management sites See full Cloudflare Bot Management benchmark →
Facebook · 1367 peers
You 81
·
Avg 72
+9 above average
0 50 100
Better than 99% of Facebook sites See full Facebook benchmark →

Top Priorities (5)

1

Content-Security-Policy header is missing

Security gaps expose your site and users to attacks, eroding trust.

Security › Security Headers
2

No Content-Security-Policy header found

Security gaps expose your site and users to attacks, eroding trust.

Security › Content Security Policy
3

5 button(s) with no accessible text

Accessibility issues exclude users with disabilities — up to 15% of your potential audience.

Accessibility › Link & Button Quality
4

45 third-party resources (52% of weight)

Performance issues directly impact user engagement and conversion rates.

Performance › Page Weight Inventory
5

Cookie '__cf_bm' has no SameSite attribute

Security gaps expose your site and users to attacks, eroding trust.

Security › Cookie Security
View fix priority matrix

Fix Priority Matrix

5 findings

Quick Wins

3

High impact, low effort — start here.

Strategic

2

High impact, requires investment.

Easy Improvements

0

Small gains, minimal effort.

Nothing in this quadrant — good news.

Deprioritize

0

Low impact, high effort — do last.

Nothing in this quadrant — good news.

← Low effort High effort →
BeaverCheck badge
Embed this badge
[![BeaverCheck](https://beavercheck.com/badge?url=https%3A%2F%2Fsurfshark.com)](https://beavercheck.com/results/59d4265b-cade-4877-a2bf-385ff7f9ac47)
<a href="https://beavercheck.com/results/59d4265b-cade-4877-a2bf-385ff7f9ac47"><img src="https://beavercheck.com/badge?url=https%3A%2F%2Fsurfshark.com" alt="BeaverCheck Score"></a>
https://beavercheck.com/badge?url=https%3A%2F%2Fsurfshark.com

This badge auto-updates with your latest scan result.

What fixing these means

Your site performs reasonably well, but a few targeted fixes could meaningfully improve results. Your LCP of 3.8s exceeds Google's 2.5s 'Good' threshold and the 1 performance issue below directly contributes to it. Addressing the critical issues below would have the most immediate impact on your user trust.

3 security gaps detected — browsers may warn visitors about your site.
1 accessibility issue excludes users who rely on assistive technology.
Your LCP is 3.8s — fixing the 1 performance critical could bring it under Google's 2.5s 'Good' threshold.

Conversion Barriers

1 critical 4 warning

5 barrier(s) likely increasing bounce by ~18%.

Speed (2)

Page loads in 3.8s

+5% bounce

Every additional 100ms above 2.5s costs conversions — you're 1.3s over

Fix: Target <2.5s LCP: defer non-critical scripts and optimize the hero image

Page feels frozen for 1.6s

+5% bounce

Clicks on the primary CTA are ignored while JavaScript runs

Fix: Break up long tasks; defer non-critical JavaScript to post-hydration

Trust (2)

No HSTS header

+1% bounce

Returning visitors are briefly exposed to downgrade attacks on first request

Fix: Set Strict-Transport-Security: max-age=31536000; includeSubDomains

No Content-Security-Policy header

+1% bounce

Higher XSS blast radius — one compromised script can exfiltrate the checkout form

Fix: Ship a reporting-only CSP first, then enforce once violations are clean

Navigation (1)

1 broken link(s) on the page

+2% bounce

Clicks land on 404s — trust drops and the session often ends

Fix: Fix or remove the broken destinations surfaced on the Content tab

Preliminary CRO audit — each barrier links to the tab with detailed analysis.

Return on Investment

€425 investment → €1,987/month returns + EUR 120,000,000 risk avoided

Payback period: < 1 month First-year ROI: +5510%

Investment

€425

5h · 5 findings

Monthly returns

€1,987 /mo

~€23,841 / year

  • Conversions recovered €1,986
  • Bandwidth savings €0.30

Regulatory risk avoided

EUR 120,000,000

if kept compliant

  • ePrivacy Directive EUR 100,000,000
  • GDPR EUR 20,000,000

Payback period

0 12mo 24mo

€128 — in quick wins — start here for the fastest payback

Figures combine localized regulatory fine ceilings, search/conversion value priced against local CPC, and bandwidth waste estimates. Results depend on implementation quality and audience composition. Not legal or financial advice.

Full methodology & sources

Estimated Remediation Cost

€425

5.0 developer hours at €85/hr

Based on European Union rates (€85/hr)

Quick wins
€128 3 fixes in ~90 minutes

Start here for the best return on investment

Cost by category

Cost by effort level

Adjust assumptions
/hr

Rates reflect fully-loaded developer cost including overhead

How developer rates are sourced

What Inaction Is Costing You

€10,000,000 / month at risk

~€120,000,004 / year if left unfixed

Compliance Risk

€120,000,000

ePrivacy DirectiveGDPR
  • No privacy policy link detected
    GDPR: EUR 10,000 – EUR 20,000,000
  • Trackers detected but no cookie policy found
    GDPR: EUR 5,000 – EUR 10,000,000
  • Trackers detected but no cookie policy found
    GDPR: EUR 10,000 – EUR 20,000,000

+2 more

Bandwidth Waste

€0.30 /mo

4049.5 MB/mo × 0.074 EUR/GB

  • Optimize transfer: save ~405 KB per page load
    Saves €0.30/mo

Compliance figures represent the statutory maximum fine for the most severe triggered category, capped per regulation — not the sum of per-finding penalties. Based on published regulatory fine ranges. This is not legal advice.

Compliance methodology · SEO assumptions · Bandwidth model

Your performance is already good — improvements may show diminishing returns

Unique monthly visitors from your analytics

Purchases, signups, or key actions

Optional — for revenue estimation

additional conversions/month

more engaged visitors from reduced bounce

potential monthly revenue
Current bounce (est.)
After fixes (est.)
Estimated bounce reduction

Fix 3 critical issues to capture this value

How this is calculated

Based on Google/Deloitte research ("Milliseconds Make Millions") showing a ~7% bounce rate increase per additional second of LCP above the 2.5s "Good" threshold.

Your site's LCP: → estimated after fixes.

These are estimates based on industry research — actual results vary

Bounce-rate model & assumptions

Your data stays in your browser — nothing is sent to our servers

Was this report useful?

Thanks for your feedback!

We'll use a cached audit if available, or offer to scan.

Checking for existing audit...

Lighthouse Scores

Industry-standard audits powered by Google Lighthouse.

61
Performance Overall performance score (0–100) based on Core Web Vitals and other metrics. 90+ is good.
84
Accessibility Measures how accessible the page is for users with disabilities. Checks color contrast, ARIA labels, and semantic HTML.
77
Best Practices Checks for modern web development best practices including HTTPS, no console errors, and secure JavaScript.
100
SEO Measures basic SEO optimizations: meta tags, crawlability, link text, and mobile friendliness.

Core Web Vitals

Key metrics that affect user experience.

First Contentful Paint First Contentful Paint — how long until the browser renders the first piece of content. Under 1.8s is good.

1.45 s

Largest Contentful Paint Largest Contentful Paint — how long until the largest visible element loads. Under 2.5s is good.

3.79 s

Total Blocking Time Total Blocking Time — total time the main thread was blocked, preventing user input. Under 200ms is good.

1.60 s

Cumulative Layout Shift Cumulative Layout Shift — measures visual stability. How much the page layout shifts during loading. Under 0.1 is good.

0.056

Speed Index Speed Index — how quickly content is visually displayed during load. Under 3.4s is good.

1.45 s

Time to Interactive Time to Interactive — how long until the page is fully interactive and responds to user input. Under 3.8s is good.

13.44 s

Detailed Report

Audit breakdown by category with detailed findings.

61

Performance

Insights

Remove large, duplicate JavaScript modules from bundles to reduce unnecessary bytes consumed by network activity.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Polyfills and transforms enable older browsers to use new JavaScript features. However, many aren't necessary for modern browsers. Consider modifying your JavaScript build process to not transpile Baseline features, unless you know you must support older browsers. Learn why most sites can deploy ES6+ code without transpiling

Why this matters

Shipping ES5 transpiled code to modern browsers wastes bytes — every user with an evergreen browser pays for compatibility you don't need.

Learn more

Most users today run browsers that natively support ES6+, async/await, optional chaining, and the rest of modern JavaScript. Transpiling to ES5 'just in case' adds 20-40% to your bundle for no benefit. Configure your build to target a modern browserslist, or ship a differential bundle pair (modern + legacy) with the module/nomodule pattern.

Source: Google web.dev / Lighthouse

3rd party code can significantly impact load performance. Reduce and defer loading of 3rd party code to prioritize your page's content.

Why this matters

Performance issues directly impact user engagement and conversion rates.

A forced reflow occurs when JavaScript queries geometric properties (such as offsetWidth) after styles have been invalidated by a change to the DOM state. This can result in poor performance. Learn more about forced reflows and possible mitigations.

Why this matters

Performance issues directly impact user engagement and conversion rates.

headings: [map[key:source label:Source valueType:source-location] map[granularity:1 key:reflowTime label:Total reflow time valueType:ms]]
items: [map[reflowTime:52.96 source:map[type:text value:[unattributed]]]]

Optimize LCP by making the LCP image discoverable from the HTML immediately, and avoiding lazy-loading

Why this matters

Performance issues directly impact user engagement and conversion rates.

lhId: page-0-IMG
nodeLabel: A smartphone with a Surfshark logo inside a teal jelly cake, with raspberries a…
path: 1,HTML,1,BODY,6,DIV,0,DIV,1,MAIN,0,SECTION,0,DIV,0,DIV,1,DIV,0,IMG
selector: div._8BkFQ > div._pet5f > div._eEmo9 > img._47ff0
snippet: <img alt="A smartphone with a Surfshark logo inside a teal jelly cake, with raspberr…" loading="eager" width="568" height="568" decoding="async" data-nimg="1" class="_47ff0" style="color:transparent" srcset="/website/_next/image?url=/website/_next/public/_shared/images/birthday/her…" src="https://surfshark.com/website/_next/image?url=/website/_next/public/_share…">

A long cache lifetime can speed up repeat visits to your page. Learn more about caching.

Why this matters

Performance issues directly impact user engagement and conversion rates.

RequestCache TTLTransfer Size
connect.facebook.net/en_US/fbevents.js1200.0 s96.6 KiB
/signals/config/1690077554448261?v=2.9.303&r=stable&domai...1200.0 s59.8 KiB
collector-52277.us.tvsquared.com/tv2track.js600.0 s8.7 KiB
/d/latest/e/index.js?cu=https://d.surfshark.com/internal/...604800.0 s7.8 KiB
/tv2track.php?action_name=Surfshark%20VPN%20%26%20all-in-...0.0 ms276 B
/tr/?id=1690077554448261&ev=PageView&dl=https%3A%2F%2Fsur...0.0 ms19 B

Reducing the download time of images can improve the perceived load time of the page and LCP. Learn more about optimizing image size

Why this matters

Performance issues directly impact user engagement and conversion rates.

URLResource SizeEst Savings
A smiling woman with glasses and curly hair looking down at her tablet div._WReJg > div._MOSY0 > div._uChkQ > img._SJjOb
/website/_next/image?url=/website/_next/public/_shared/im...128.5 KiB101.7 KiB
A smartphone with a Surfshark logo inside a teal jelly cake, with raspberries a… div._8BkFQ > div._pet5f > div._eEmo9 > img._47ff0
/website/_next/image?url=/website/_next/public/_shared/im...70.2 KiB57.0 KiB

These insights are also available in the Chrome DevTools Performance Panel - record a trace to view more detailed information.

The maximum potential First Input Delay that your users could experience is the duration of the longest task. Learn more about the Maximum Potential First Input Delay metric.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Time to Interactive is the amount of time it takes for the page to become fully interactive. Learn more about the Time to Interactive metric.

Why this matters

Performance issues directly impact user engagement and conversion rates.

TTI

Diagnostics

Reduce unused JavaScript and defer loading scripts until they are required to decrease bytes consumed by network activity. Learn how to reduce unused JavaScript.

Why this matters

Multi-megabyte JavaScript bundles delay every interactive feature on the page.

Learn more

This is the Lighthouse audit fired when too much JS is shipped relative to what executes. The fix isn't a config flag — it requires bundle analysis (webpack-bundle-analyzer, rollup-plugin-visualizer), splitting routes into chunks, lazy-loading off-screen components, and removing unused dependencies. Fundamentally different from minification: minifying reduces byte count, this reduces what's downloaded at all.

Source: Google web.dev / Lighthouse

Estimated savings: 190 ms 271.5 KiB
URLTransfer SizeEst Savings
www.googletagmanager.com/gtm.js?id=GTM-N9ZV87V160.4 KiB59.8 KiB
analytics.tiktok.com/i18n/pixel/static/main.MWE0ZWQ3ZWQwMA.js105.4 KiB57.0 KiB
www.googletagmanager.com/gtag/js?id=AW-800656454&cx=c&gtm=4e64k1155.7 KiB52.9 KiB
connect.facebook.net/en_US/fbevents.js96.5 KiB34.8 KiB
/signals/config/1690077554448261?v=2.9.303&r=stable&domai...59.6 KiB23.5 KiB
surfshark.com/website/_next/static/chunks/framework-45926255fd5ae142.js58.3 KiB22.5 KiB
surfshark.com/website/_next/static/chunks/main-5cfc65f1b268bf47.js39.7 KiB20.9 KiB

Consider reducing the time spent parsing, compiling, and executing JS. You may find delivering smaller JS payloads helps with this. Learn how to reduce Javascript execution time.

Why this matters

Performance issues directly impact user engagement and conversion rates.

URLTotal CPU TimeScript EvaluationScript Parse
surfshark.com/website/_next/static/chunks/framework-45926255fd5ae142.js1.2 s1.1 s32 ms
www.googletagmanager.com/gtm.js?id=GTM-N9ZV87V752 ms617 ms88 ms
Unattributable684 ms109 ms0.0 ms
surfshark.com/569 ms33 ms2.2 ms
www.googletagmanager.com/gtag/js?id=AW-800656454&cx=c&gtm=4e64k1458 ms392 ms59 ms
analytics.tiktok.com/i18n/pixel/static/main.MWE0ZWQ3ZWQwMA.js260 ms197 ms57 ms
connect.facebook.net/en_US/fbevents.js169 ms123 ms44 ms
surfshark.com/website/_next/static/chunks/main-5cfc65f1b268bf47.js148 ms120 ms18 ms
/d/latest/e/index.js?cu=https://d.surfshark.com/internal/...148 ms112 ms29 ms
/signals/config/1690077554448261?v=2.9.303&r=stable&domai...139 ms110 ms28 ms
surfshark.com/website/_next/static/chunks/pages/_app-2eebe5ec80bc3605.js108 ms76 ms26 ms
surfshark.com/website/_next/static/chunks/pages/index-2eb90134a0a99182.js87 ms84 ms2.3 ms
cdn.surfshark.com/npm/@snowplow/javascript-tracker/dist/sp.min.js82 ms63 ms10 ms
analytics.tiktok.com/i18n/pixel/static/identify_5cff1caf.js54 ms34 ms19 ms

Consider reducing the time spent parsing, compiling and executing JS. You may find delivering smaller JS payloads helps with this. Learn how to minimize main-thread work

Why this matters

Performance issues directly impact user engagement and conversion rates.

CategoryTime Spent
Script Evaluation3.2 s
Other742 ms
Script Parsing & Compilation472 ms
Style & Layout261 ms
Rendering167 ms
Parse HTML & CSS87 ms
Garbage Collection75 ms

Many navigations are performed by going back to a previous page, or forwards again. The back/forward cache (bfcache) can speed up these return navigations. Learn more about the bfcache

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failure reasonFailure type
Pages with cache-control:no-store header cannot enter back/forward cache.Actionable
Pages whose main resource has cache-control:no-store cannot enter back/forward cache.Not actionable
Back/forward cache is disabled because some JavaScript network request received resource with Cache-Control: no-store header.Not actionable

More information about the performance of your application. These numbers don't directly affect the Performance score.

Layout shift culprits
Document request latency
Optimize DOM size
Font display
LCP breakdown
Modern HTTP
Network dependency tree
Render blocking requests
Optimize viewport for mobile
Minify CSS
Minify JavaScript
Reduce unused CSS
Avoids enormous network payloads Total size was 1,318 KiB
User Timing marks and measures 13 user timings
Avoid long main-thread tasks 19 long tasks found
Image elements have explicit `width` and `height`
Network Requests
Network Round Trip Times 130 ms
Server Backend Latencies 190 ms
Tasks
Diagnostics
Metrics
Screenshot Thumbnails
Final Screenshot
Script Treemap Data
Resources Summary
Avoid multiple page redirects
Initial server response time was short Root document took 220 ms
Avoid large layout shifts 2 layout shifts found
INP breakdown
Avoid non-composited animations
84

Accessibility

These checks highlight opportunities to improve the accessibility of your web app. Automatic detection can only detect a subset of issues and does not guarantee the accessibility of your web app, so manual testing is also encouraged.

ARIA

Some ARIA parent roles must contain specific child roles to perform their intended accessibility functions. Learn more about roles and required children elements.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
We love Surfshark because it is an easy-to-use app that you can download on all… div._pet5f > div._eEmo9 > div._0FMH1 > div._6BvVF

Using ARIA attributes in roles where they are prohibited can mean that important information is not communicated to users of assistive technologies. Learn more about prohibited ARIA roles.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
Rating: 4.5 out of 5 div._6tMnV > div._UTQWE > div._uCQHE > div._cJz65
Rating: 4.5 out of 5 div._6tMnV > div._UTQWE > div._uCQHE > div._cJz65

These are opportunities to improve the usage of ARIA in your application which may enhance the experience for users of assistive technology, like a screen reader.

Names and labels

When a button doesn't have an accessible name, screen readers announce it as "button", making it unusable for users who rely on screen readers. Learn how to make buttons more accessible.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
MAX & OCCY div._eEmo9 > div._0FMH1 > div._6BvVF > button#influencer-MAX & OCCY
MRWHOSETHEBOSS div._eEmo9 > div._0FMH1 > div._6BvVF > button#influencer-MRWHOSETHEBOSS
THE TECH CHAP div._eEmo9 > div._0FMH1 > div._6BvVF > button#influencer-THE TECH CHAP
ROSE AND ROSIE div._eEmo9 > div._0FMH1 > div._6BvVF > button#influencer-ROSE AND ROSIE
MARCUS HOUSE div._eEmo9 > div._0FMH1 > div._6BvVF > button#influencer-MARCUS HOUSE

These are opportunities to improve the semantics of the controls in your application. This may enhance the experience for users of assistive technology, like a screen reader.

Contrast

Low-contrast text is difficult or impossible for many users to read. Learn how to provide sufficient color contrast.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
Get Surfshark div._XIYxa > div._7Rqyj > a._fZX0c > span._SzDTn
Get Surfshark VPN div._eEmo9 > div._TOdK4 > a._fZX0c > span._SzDTn

These are opportunities to improve the legibility of your content.

Interactive controls are keyboard focusable
Interactive elements indicate their purpose and state
The page has a logical tab order
Visual order on the page follows DOM order
User focus is not accidentally trapped in a region
The user's focus is directed to new content added to the page
HTML5 landmark elements are used to improve navigation
Offscreen content is hidden from assistive technology
Custom controls have associated labels
Custom controls have ARIA roles
`[aria-*]` attributes match their roles
`[aria-hidden="true"]` is not present on the document `<body>`
`[role]`s have all required `[aria-*]` attributes
`[role]`s are contained by their required parent element
`[role]` values are valid
`[aria-*]` attributes have valid values
`[aria-*]` attributes are valid and not misspelled
Image elements have `[alt]` attributes
`[user-scalable="no"]` is not used in the `<meta name="viewport">` element and the `[maximum-scale]` attribute is not less than 5.
Select elements have associated label elements.
ARIA attributes are used as specified for the element's role
`[aria-hidden="true"]` elements do not contain focusable descendents
Document has a `<title>` element
`<html>` element has a `[lang]` attribute
`<html>` element has a valid value for its `[lang]` attribute
Links have a discernible name
Lists contain only `<li>` elements and script supporting elements (`<script>` and `<template>`).
List items (`<li>`) are contained within `<ul>`, `<ol>` or `<menu>` parent elements
No element has a `[tabindex]` value greater than 0
Touch targets have sufficient size and spacing.
Heading elements appear in a sequentially-descending order
Skip links are focusable.
Document has a main landmark.
Deprecated ARIA roles were not used
ARIA IDs are unique
`[accesskey]` values are unique
`button`, `link`, and `menuitem` elements have accessible names
Elements with `role="dialog"` or `role="alertdialog"` have accessible names.
ARIA input fields have accessible names
ARIA `meter` elements have accessible names
ARIA `progressbar` elements have accessible names
Elements with the `role=text` attribute do not have focusable descendents.
ARIA toggle fields have accessible names
ARIA `tooltip` elements have accessible names
ARIA `treeitem` elements have accessible names
The page contains a heading, skip link, or landmark region
`<dl>`'s contain only properly-ordered `<dt>` and `<dd>` groups, `<script>`, `<template>` or `<div>` elements.
Definition list items are wrapped in `<dl>` elements
No form fields have multiple labels
`<frame>` or `<iframe>` elements have a title
`<html>` element has an `[xml:lang]` attribute with the same base language as the `[lang]` attribute.
Input buttons have discernible text.
`<input type="image">` elements have `[alt]` text
Form elements have associated labels
Links are distinguishable without relying on color.
The document does not use `<meta http-equiv="refresh">`
`<object>` elements have alternate text
Cells in a `<table>` element that use the `[headers]` attribute refer to table cells within the same table.
`<th>` elements and elements with `[role="columnheader"/"rowheader"]` have data cells they describe.
`[lang]` attributes have a valid value
`<video>` elements contain a `<track>` element with `[kind="captions"]`
Tables have different content in the summary attribute and `<caption>`.
All heading elements contain content.
Uses ARIA roles only on compatible elements
Image elements do not have `[alt]` attributes that are redundant text.
Identical links have the same purpose.
Elements with visible text labels have matching accessible names.
Tables use `<caption>` instead of cells with the `[colspan]` attribute to indicate a caption.
`<td>` elements in a large `<table>` have one or more table headers.
77

Best Practices

General

Deprecated APIs will eventually be removed from the browser. Learn more about deprecated APIs.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Deprecation / WarningSource
AttributionReporting
www.googletagmanager.com/gtag/js?id=AW-800656454&cx=c&gtm=4e64k1 line 594, col 244

Errors logged to the console indicate unresolved problems. They can come from network request failures and other browser concerns. Learn more about this errors in console diagnostic audit

Why this matters

Performance issues directly impact user engagement and conversion rates.

SourceDescription
surfshark.com/api/v1/product/campaigns/active/countries/BR?coupon=undefined
Failed to load resource: the server responded with a status of 404 ()
Uses HTTPS
Avoids third-party cookies
Allows users to paste into input fields
Avoids requesting the geolocation permission on page load
Avoids requesting the notification permission on page load
Displays images with correct aspect ratio
Serves images with appropriate resolution
Page has the HTML doctype
Properly defines charset
No issues in the `Issues` panel in Chrome Devtools
Ensure CSP is effective against XSS attacks
Use a strong HSTS policy
Ensure proper origin isolation with COOP
Mitigate clickjacking with XFO or CSP
Mitigate DOM-based XSS with Trusted Types
Detected JavaScript libraries
Page has valid source maps
Redirects HTTP traffic to HTTPS
100

SEO

These checks ensure that your page is following basic search engine optimization advice. There are many additional factors Lighthouse does not score here that may affect your search ranking, including performance on Core Web Vitals. Learn more about Google Search Essentials.

Structured data is valid
Page isn’t blocked from indexing
Document has a `<title>` element
Document has a meta description
Page has successful HTTP status code
Links have descriptive text
Links are crawlable
robots.txt is valid
Image elements have `[alt]` attributes
Document has a valid `hreflang`
Document has a valid `rel=canonical`

Lighthouse Scores

Industry-standard audits powered by Google Lighthouse. — Desktop

94
Performance Overall performance score (0–100) based on Core Web Vitals and other metrics. 90+ is good.
76
Accessibility Measures how accessible the page is for users with disabilities. Checks color contrast, ARIA labels, and semantic HTML.
77
Best Practices Checks for modern web development best practices including HTTPS, no console errors, and secure JavaScript.
100
SEO Measures basic SEO optimizations: meta tags, crawlability, link text, and mobile friendliness.

Core Web Vitals

Key metrics that affect user experience. — Desktop

First Contentful Paint First Contentful Paint — how long until the browser renders the first piece of content. Under 1.8s is good.

477 ms

Largest Contentful Paint Largest Contentful Paint — how long until the largest visible element loads. Under 2.5s is good.

882 ms

Total Blocking Time Total Blocking Time — total time the main thread was blocked, preventing user input. Under 200ms is good.

182 ms

Cumulative Layout Shift Cumulative Layout Shift — measures visual stability. How much the page layout shifts during loading. Under 0.1 is good.

0.040

Speed Index Speed Index — how quickly content is visually displayed during load. Under 3.4s is good.

715 ms

Time to Interactive Time to Interactive — how long until the page is fully interactive and responds to user input. Under 3.8s is good.

3.23 s

Detailed Report

Audit breakdown by category with detailed findings.

94

Performance

Insights

Remove large, duplicate JavaScript modules from bundles to reduce unnecessary bytes consumed by network activity.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Polyfills and transforms enable older browsers to use new JavaScript features. However, many aren't necessary for modern browsers. Consider modifying your JavaScript build process to not transpile Baseline features, unless you know you must support older browsers. Learn why most sites can deploy ES6+ code without transpiling

Why this matters

Shipping ES5 transpiled code to modern browsers wastes bytes — every user with an evergreen browser pays for compatibility you don't need.

Learn more

Most users today run browsers that natively support ES6+, async/await, optional chaining, and the rest of modern JavaScript. Transpiling to ES5 'just in case' adds 20-40% to your bundle for no benefit. Configure your build to target a modern browserslist, or ship a differential bundle pair (modern + legacy) with the module/nomodule pattern.

Source: Google web.dev / Lighthouse

3rd party code can significantly impact load performance. Reduce and defer loading of 3rd party code to prioritize your page's content.

Why this matters

Performance issues directly impact user engagement and conversion rates.

A forced reflow occurs when JavaScript queries geometric properties (such as offsetWidth) after styles have been invalidated by a change to the DOM state. This can result in poor performance. Learn more about forced reflows and possible mitigations.

Why this matters

Performance issues directly impact user engagement and conversion rates.

headings: [map[key:source label:Source valueType:source-location] map[granularity:1 key:reflowTime label:Total reflow time valueType:ms]]
items: [map[reflowTime:40.871 source:map[type:text value:[unattributed]]]]

Optimize LCP by making the LCP image discoverable from the HTML immediately, and avoiding lazy-loading

Why this matters

Performance issues directly impact user engagement and conversion rates.

lhId: page-0-IMG
nodeLabel: A smartphone with a Surfshark logo inside a teal jelly cake, with raspberries a…
path: 1,HTML,1,BODY,6,DIV,0,DIV,1,MAIN,0,SECTION,0,DIV,0,DIV,1,DIV,0,IMG
selector: div._8BkFQ > div._pet5f > div._eEmo9 > img._47ff0
snippet: <img alt="A smartphone with a Surfshark logo inside a teal jelly cake, with raspberr…" loading="eager" width="568" height="568" decoding="async" data-nimg="1" class="_47ff0" style="color:transparent" srcset="/website/_next/image?url=/website/_next/public/_shared/images/birthday/her…" src="https://surfshark.com/website/_next/image?url=/website/_next/public/_share…">

A long cache lifetime can speed up repeat visits to your page. Learn more about caching.

Why this matters

Performance issues directly impact user engagement and conversion rates.

RequestCache TTLTransfer Size
connect.facebook.net/en_US/fbevents.js1200.0 s96.6 KiB
/signals/config/1690077554448261?v=2.9.303&r=stable&domai...1200.0 s59.8 KiB
collector-52277.us.tvsquared.com/tv2track.js600.0 s8.7 KiB
/d/latest/e/index.js?cu=https://d.surfshark.com/internal/...604800.0 s7.8 KiB
/tv2track.php?action_name=Surfshark%20VPN%20%26%20all-in-...0.0 ms276 B
/tr/?id=1690077554448261&ev=PageView&dl=https%3A%2F%2Fsur...0.0 ms16 B

Reducing the download time of images can improve the perceived load time of the page and LCP. Learn more about optimizing image size

Why this matters

Performance issues directly impact user engagement and conversion rates.

URLResource SizeEst Savings
A smiling woman with glasses and curly hair looking down at her tablet div._WReJg > div._MOSY0 > div._uChkQ > img._SJjOb
/website/_next/image?url=/website/_next/public/_shared/im...128.5 KiB110.2 KiB
Antivirus that works backstage div._bHx0V > div._G3nog > div._kTS0B > img._rXeRp
/website/_next/image?url=/website/_next/public/home/image...41.4 KiB13.7 KiB

These insights are also available in the Chrome DevTools Performance Panel - record a trace to view more detailed information.

The maximum potential First Input Delay that your users could experience is the duration of the longest task. Learn more about the Maximum Potential First Input Delay metric.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Time to Interactive is the amount of time it takes for the page to become fully interactive. Learn more about the Time to Interactive metric.

Why this matters

Performance issues directly impact user engagement and conversion rates.

TTI

Diagnostics

Reduce unused JavaScript and defer loading scripts until they are required to decrease bytes consumed by network activity. Learn how to reduce unused JavaScript.

Why this matters

Multi-megabyte JavaScript bundles delay every interactive feature on the page.

Learn more

This is the Lighthouse audit fired when too much JS is shipped relative to what executes. The fix isn't a config flag — it requires bundle analysis (webpack-bundle-analyzer, rollup-plugin-visualizer), splitting routes into chunks, lazy-loading off-screen components, and removing unused dependencies. Fundamentally different from minification: minifying reduces byte count, this reduces what's downloaded at all.

Source: Google web.dev / Lighthouse

Estimated savings: 30 ms 271.8 KiB
URLTransfer SizeEst Savings
www.googletagmanager.com/gtm.js?id=GTM-N9ZV87V160.4 KiB59.8 KiB
analytics.tiktok.com/i18n/pixel/static/main.MWE0ZWQ3ZWQwMA.js105.3 KiB57.1 KiB
www.googletagmanager.com/gtag/js?id=AW-800656454&cx=c&gtm=4e64k1155.7 KiB52.9 KiB
connect.facebook.net/en_US/fbevents.js96.5 KiB35.2 KiB
/signals/config/1690077554448261?v=2.9.303&r=stable&domai...59.6 KiB23.5 KiB
surfshark.com/website/_next/static/chunks/framework-45926255fd5ae142.js58.2 KiB22.4 KiB
surfshark.com/website/_next/static/chunks/main-5cfc65f1b268bf47.js39.6 KiB20.8 KiB

Many navigations are performed by going back to a previous page, or forwards again. The back/forward cache (bfcache) can speed up these return navigations. Learn more about the bfcache

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failure reasonFailure type
Pages with cache-control:no-store header cannot enter back/forward cache.Actionable
Pages whose main resource has cache-control:no-store cannot enter back/forward cache.Not actionable
Back/forward cache is disabled because some JavaScript network request received resource with Cache-Control: no-store header.Not actionable

More information about the performance of your application. These numbers don't directly affect the Performance score.

Layout shift culprits
Document request latency
Optimize DOM size
Font display
LCP breakdown
Modern HTTP
Network dependency tree
Render blocking requests
Optimize viewport for mobile
Minify CSS
Minify JavaScript
Reduce unused CSS
Avoids enormous network payloads Total size was 1,313 KiB
User Timing marks and measures 13 user timings
JavaScript execution time 0.7 s
Minimizes main-thread work 1.4 s
Avoid long main-thread tasks 4 long tasks found
Image elements have explicit `width` and `height`
Network Requests
Network Round Trip Times 130 ms
Server Backend Latencies 300 ms
Tasks
Diagnostics
Metrics
Screenshot Thumbnails
Final Screenshot
Script Treemap Data
Resources Summary
Avoid multiple page redirects
Initial server response time was short Root document took 50 ms
Avoid large layout shifts 2 layout shifts found
INP breakdown
Avoid non-composited animations
76

Accessibility

These checks highlight opportunities to improve the accessibility of your web app. Automatic detection can only detect a subset of issues and does not guarantee the accessibility of your web app, so manual testing is also encouraged.

ARIA

Some ARIA parent roles must contain specific child roles to perform their intended accessibility functions. Learn more about roles and required children elements.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
Money-back guarantee Unlimited devices No-logs policy 24/7 support High-tech div._8BkFQ > div._pet5f > div._eEmo9 > ul._fOYDg
We love Surfshark because it is an easy-to-use app that you can download on all… div._pet5f > div._eEmo9 > div._0FMH1 > div._6BvVF

Some ARIA child roles must be contained by specific parent roles to properly perform their intended accessibility functions. Learn more about ARIA roles and required parent element.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
Money-back guarantee div._eEmo9 > ul._fOYDg > li._uGwE6 > button#guarantee
Unlimited devices div._eEmo9 > ul._fOYDg > li._uGwE6 > button#devices
No-logs policy div._eEmo9 > ul._fOYDg > li._uGwE6 > button#policy
24/7 support div._eEmo9 > ul._fOYDg > li._uGwE6 > button#support
High-tech div._eEmo9 > ul._fOYDg > li._uGwE6 > button#tech

Using ARIA attributes in roles where they are prohibited can mean that important information is not communicated to users of assistive technologies. Learn more about prohibited ARIA roles.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
Rating: 4.5 out of 5 div._6tMnV > div._UTQWE > div._uCQHE > div._cJz65
Rating: 4.5 out of 5 div._6tMnV > div._UTQWE > div._uCQHE > div._cJz65

These are opportunities to improve the usage of ARIA in your application which may enhance the experience for users of assistive technology, like a screen reader.

Names and labels

When a button doesn't have an accessible name, screen readers announce it as "button", making it unusable for users who rely on screen readers. Learn how to make buttons more accessible.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
MAX & OCCY div._eEmo9 > div._0FMH1 > div._6BvVF > button#influencer-MAX & OCCY
MRWHOSETHEBOSS div._eEmo9 > div._0FMH1 > div._6BvVF > button#influencer-MRWHOSETHEBOSS
THE TECH CHAP div._eEmo9 > div._0FMH1 > div._6BvVF > button#influencer-THE TECH CHAP
ROSE AND ROSIE div._eEmo9 > div._0FMH1 > div._6BvVF > button#influencer-ROSE AND ROSIE
MARCUS HOUSE div._eEmo9 > div._0FMH1 > div._6BvVF > button#influencer-MARCUS HOUSE

These are opportunities to improve the semantics of the controls in your application. This may enhance the experience for users of assistive technology, like a screen reader.

Contrast

Low-contrast text is difficult or impossible for many users to read. Learn how to provide sufficient color contrast.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
Get Surfshark div._XIYxa > div._7Rqyj > a._fZX0c > span._SzDTn
Get Surfshark VPN div._eEmo9 > div._TOdK4 > a._fZX0c > span._SzDTn

These are opportunities to improve the legibility of your content.

Tables and lists

Screen readers require list items (`<li>`) to be contained within a parent `<ul>`, `<ol>` or `<menu>` to be announced properly. Learn more about proper list structure.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
Money-back guarantee div._pet5f > div._eEmo9 > ul._fOYDg > li._uGwE6
Unlimited devices div._pet5f > div._eEmo9 > ul._fOYDg > li._uGwE6
No-logs policy div._pet5f > div._eEmo9 > ul._fOYDg > li._uGwE6
24/7 support div._pet5f > div._eEmo9 > ul._fOYDg > li._uGwE6
High-tech div._pet5f > div._eEmo9 > ul._fOYDg > li._uGwE6

These are opportunities to improve the experience of reading tabular or list data using assistive technology, like a screen reader.

Interactive controls are keyboard focusable
Interactive elements indicate their purpose and state
The page has a logical tab order
Visual order on the page follows DOM order
User focus is not accidentally trapped in a region
The user's focus is directed to new content added to the page
HTML5 landmark elements are used to improve navigation
Offscreen content is hidden from assistive technology
Custom controls have associated labels
Custom controls have ARIA roles
`[aria-*]` attributes match their roles
`[aria-hidden="true"]` is not present on the document `<body>`
`[role]`s have all required `[aria-*]` attributes
`[role]` values are valid
`[aria-*]` attributes have valid values
`[aria-*]` attributes are valid and not misspelled
Image elements have `[alt]` attributes
`[user-scalable="no"]` is not used in the `<meta name="viewport">` element and the `[maximum-scale]` attribute is not less than 5.
Select elements have associated label elements.
ARIA attributes are used as specified for the element's role
`[aria-hidden="true"]` elements do not contain focusable descendents
Document has a `<title>` element
`<html>` element has a `[lang]` attribute
`<html>` element has a valid value for its `[lang]` attribute
Links have a discernible name
Lists contain only `<li>` elements and script supporting elements (`<script>` and `<template>`).
No element has a `[tabindex]` value greater than 0
Touch targets have sufficient size and spacing.
Heading elements appear in a sequentially-descending order
Skip links are focusable.
Document has a main landmark.
Deprecated ARIA roles were not used
ARIA IDs are unique
Elements with visible text labels have matching accessible names.
`[accesskey]` values are unique
`button`, `link`, and `menuitem` elements have accessible names
Elements with `role="dialog"` or `role="alertdialog"` have accessible names.
ARIA input fields have accessible names
ARIA `meter` elements have accessible names
ARIA `progressbar` elements have accessible names
Elements with the `role=text` attribute do not have focusable descendents.
ARIA toggle fields have accessible names
ARIA `tooltip` elements have accessible names
ARIA `treeitem` elements have accessible names
The page contains a heading, skip link, or landmark region
`<dl>`'s contain only properly-ordered `<dt>` and `<dd>` groups, `<script>`, `<template>` or `<div>` elements.
Definition list items are wrapped in `<dl>` elements
No form fields have multiple labels
`<frame>` or `<iframe>` elements have a title
`<html>` element has an `[xml:lang]` attribute with the same base language as the `[lang]` attribute.
Input buttons have discernible text.
`<input type="image">` elements have `[alt]` text
Form elements have associated labels
Links are distinguishable without relying on color.
The document does not use `<meta http-equiv="refresh">`
`<object>` elements have alternate text
Cells in a `<table>` element that use the `[headers]` attribute refer to table cells within the same table.
`<th>` elements and elements with `[role="columnheader"/"rowheader"]` have data cells they describe.
`[lang]` attributes have a valid value
`<video>` elements contain a `<track>` element with `[kind="captions"]`
Tables have different content in the summary attribute and `<caption>`.
All heading elements contain content.
Uses ARIA roles only on compatible elements
Image elements do not have `[alt]` attributes that are redundant text.
Identical links have the same purpose.
Tables use `<caption>` instead of cells with the `[colspan]` attribute to indicate a caption.
`<td>` elements in a large `<table>` have one or more table headers.
77

Best Practices

General

Deprecated APIs will eventually be removed from the browser. Learn more about deprecated APIs.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Deprecation / WarningSource
AttributionReporting
www.googletagmanager.com/gtag/js?id=AW-800656454&cx=c&gtm=4e64k1 line 594, col 244

Errors logged to the console indicate unresolved problems. They can come from network request failures and other browser concerns. Learn more about this errors in console diagnostic audit

Why this matters

Performance issues directly impact user engagement and conversion rates.

SourceDescription
surfshark.com/api/v1/product/campaigns/active/countries/BR?coupon=undefined
Failed to load resource: the server responded with a status of 404 ()
Uses HTTPS
Avoids third-party cookies
Allows users to paste into input fields
Avoids requesting the geolocation permission on page load
Avoids requesting the notification permission on page load
Displays images with correct aspect ratio
Serves images with appropriate resolution
Page has the HTML doctype
Properly defines charset
No issues in the `Issues` panel in Chrome Devtools
Ensure CSP is effective against XSS attacks
Use a strong HSTS policy
Ensure proper origin isolation with COOP
Mitigate clickjacking with XFO or CSP
Mitigate DOM-based XSS with Trusted Types
Detected JavaScript libraries
Page has valid source maps
Redirects HTTP traffic to HTTPS
100

SEO

These checks ensure that your page is following basic search engine optimization advice. There are many additional factors Lighthouse does not score here that may affect your search ranking, including performance on Core Web Vitals. Learn more about Google Search Essentials.

Structured data is valid
Page isn’t blocked from indexing
Document has a `<title>` element
Document has a meta description
Page has successful HTTP status code
Links have descriptive text
Links are crawlable
robots.txt is valid
Image elements have `[alt]` attributes
Document has a valid `hreflang`
Document has a valid `rel=canonical`

Send Feedback