C — https://beavercheck.com/

Site Health

Score: 75 / 100 17

Based on 4 categories, 27 sections

How is this calculated?

The overall score is a weighted average of individual category scores. Categories with more impact on user experience and security carry more weight.

Security 25%Accessibility 15%Infrastructure 10%Compliance 8%

Weights reflect general web best practices. Individual needs may differ.

Top Priorities (3)

No viewport meta tag found

Compliance › Viewport Configuration

<html lang> attribute is missing

Compliance › Language & i18n

No privacy policy link detected

Compliance › Cookie Consent & Privacy

Embed this badge

Markdown

[![BeaverCheck](https://beavercheck.com/badge?url=https%3A%2F%2Fbeavercheck.com%2F)](https://beavercheck.com/results/ad30dc5b-79fc-407c-8dcb-95765d405831)

HTML

<a href="https://beavercheck.com/results/ad30dc5b-79fc-407c-8dcb-95765d405831"><img src="https://beavercheck.com/badge?url=https%3A%2F%2Fbeavercheck.com%2F" alt="BeaverCheck Score"></a>

Image URL

https://beavercheck.com/badge?url=https%3A%2F%2Fbeavercheck.com%2F

This badge auto-updates with your latest scan result.

Was this report useful?

Thanks for your feedback!

Global Performance 5/5 locations ✓

UN Santa Clara

Full audit

779ms

DNS 163ms · TLS 157ms

UN New York

396ms

DNS 74ms · TLS 83ms

NL Amsterdam

40ms

DNS 10ms · TLS 10ms

SG Singapore

916ms

DNS 270ms · TLS 164ms

BR Sao Paulo

968ms

DNS 190ms · TLS 197ms

CDN: No CDN · Avg TTFB: 620ms · Cache: No cache headers

Recent Trends

Performance stable →

TTFB improving ↑

379ms

FCP stable →

916ms

LCP degrading ↓

1.4s

Press ? for shortcuts

Lighthouse Scores

Industry-standard audits powered by Google Lighthouse.

Core Web Vitals

Key metrics that affect user experience.

Desktop audit not available for this result.

Results are identical for mobile and desktop.

HTTP Timing

Connection-level performance breakdown.

200 OK

DNS Lookup

190 ms

TCP Connect

193 ms

TLS Handshake

197 ms

Time to First Byte

968 ms

Total Time

969 ms

Connection waterfall

DNS Lookup 190 ms TCP Connect 193 ms TLS Handshake 197 ms Server Processing 387 ms Content Transfer 1 ms

Results are identical for mobile and desktop.

A+ Security Headers

A+ Content Security Policy

A+ TLS & Certificates

A+ Cookie Security

Parsed Policy

default-src 'self'

script-src 'self''nonce-VyKUyB5rdeyiMKcnxAJ2ZQ==''sha256-HEEHOpXHE8BTh9dRb9M7PatEeATDO5ZEGlSwTknAV7k='

style-src 'self''unsafe-inline'

font-src 'self'

img-src 'self'data:https:

connect-src 'self'

base-uri 'self'

form-action 'self'

frame-ancestors 'none'

upgrade-insecure-requests

HTTP/2 provides multiplexing and header compression for better performance.

Connection

Protocol

TLS 1.3

Cipher Suite

TLS_CHACHA20_POLY1305_SHA256

HTTP Version

HTTP/1.1

Certificate Chain

Leaf Certificate

Subject CN=beavercheck.comIssuer CN=E8,O=Let's Encrypt,C=USValid 2026-04-01T07:28:53Z → 2026-06-30T07:28:52ZExpires in 89 days SANs beavercheck.com, www.beavercheck.comSignature ECDSA-SHA384Serial 6bdf96c8e1e79333d5967c7efe425d5dd35

Intermediate (CA Certificate)

Subject CN=E8,O=Let's Encrypt,C=USIssuer CN=ISRG Root X1,O=Internet Security Research Group,C=USValid 2024-03-13T00:00:00Z → 2027-03-12T23:59:59ZExpires in 345 days Signature SHA256-RSASerial 63959363c24e7082715918bfc3d7ed56

2 cookies analyzed

Name	Secure	HttpOnly	SameSite	Size	Issues
bc_csrf	✓	✓	Lax	39 B	—
bc_csrf	✓	✓	Lax	39 B	—

Deep Analysis

Extended security checks beyond standard header analysis

A+ Subresource Integrity

A+ JS Library Vulnerabilities

A+ Information Leakage

A+ Email Security

B Permissions-Policy

B CORS Configuration

SRI Coverage No external resources — SRI not applicable

No known JavaScript library vulnerabilities detected.

No sensitive files exposed — all paths returned 404.

Path	Status	Category	Risk
/.git/HEAD	✓ Not found	Version Control	—
/.git/config	✓ Not found	Version Control	—
/.svn/entries	✓ Not found	Version Control	—
/.env	✓ Not found	Configuration	—
/.env.local	✓ Not found	Configuration	—
/.env.production	✓ Not found	Configuration	—
/wp-config.php	✓ Not found	Configuration	—
/.htaccess	✓ Not found	Configuration	—
/phpinfo.php	✓ Not found	Debug	—
/server-status	✓ Not found	Debug	—
/server-info	✓ Not found	Debug	—
/.well-known/security.txt	✓ Not found	Security Policy	—

DMARC

Policy reject — strongest protection Record v=DMARC1;p=reject;pct=100;rua=info@beavercheck.com;

Raw Header

camera=() microphone=() geolocation=() interest-cohort=()

Feature Permissions

Blocked Self Only Unrestricted Not Set

camera Blocked

microphone Blocked

geolocation Blocked

interest-cohort Blocked

payment Not Set

usb Not Set

CORS Configuration ✓ Secure

No CORS headers detected.

Cross-origin requests are blocked by browser same-origin policy.

Origin reflection test

Some servers mirror the request Origin header, which can be exploited. Test manually:

curl -sI -H "Origin: https://evil.com" <url> | grep -i access-control

security.txt

No security.txt found at /.well-known/security.txt

Results are identical for mobile and desktop.

Content quality analysis not available for this result.

Performance analysis not available for this result.

Desktop audit not available for this result.

Results are identical for mobile and desktop.

Probed from Sao Paulo, Brazil

A+ DNS Records

A+ Redirect Chain

C IPv6 Readiness

A+ Crawlability

A+ URL Variants

A+ Domain Intelligence

A	51.210.209.19
AAAA	—
CNAME	—
NS	dns14.ovh.net, ns14.ovh.net
MX	0 mail.appscyborg.com
TXT	SPF v=spf1 mx -all
CAA	Lookup not available with standard resolver

Resolved in 200 ms

Multiple A records provide failover if one server goes down.

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

https://beavercheck.com/

955 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://beavercheck.com/	200	955 ms	HTTP/1.1	nginx

No IPv6 Support

About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

robots.txt 200 OK

Size 274 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed

User-agent: *
Allow: /
Disallow: /rate-limited
Disallow: /results/*/pdf
Disallow: /submit

Sitemap: https://beavercheck.com/sitemap.xml

# AI model context
# See https://beavercheck.com/llms.txt for a summary
# See https://beavercheck.com/llms-full.txt for detailed context

sitemap.xml 200 OK

Type URL Set URLs 39 entries Valid XML Yes

Sample URLs:

www / non-www

301https://www.beavercheck.com/

200https://beavercheck.com/

Preferred variant: non-www

HTTP → HTTPS

301http://beavercheck.com/ → https://beavercheck.com/

Consistent

Registrar OVH sas

Created March 23, 2026 (9 days ago)

Expires March 23, 2027 (11 months)

Last Updated March 23, 2026

Name Servers dns14.ovh.net, ns14.ovh.net

DNSSEC Enabled

Hosting

IP Address 51.210.209.19

ASN AS16276 (OVH, FR)

Provider OVH

Data source: rdap (1.4s)

Newly registered domains may face SEO trust challenges. Search engines generally give more authority to older domains. This is informational — not a problem to fix.

Results are identical for mobile and desktop.

A+ WCAG Compliance

B Cookie Consent & Privacy

F Language & i18n

A+ Readability & Typography

F Viewport Configuration

Level A

Level AA

Consent Banner Not detected Privacy Policy Not found Terms of Service —

Pre-consent Cookies

bc_csrf Functional

This is an automated check, not legal advice. Consult a privacy professional for GDPR/CCPA compliance.

A privacy policy page is recommended for transparency and may be legally required.

BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.

Page Language ——Content-Language Header enConsistent No—

The lang attribute on <html> is required for screen readers and WCAG 3.1.1 compliance.

The <html lang> attribute and Content-Language header should agree.

Viewport Configuration Missing

No viewport meta tag found. Mobile devices will render at desktop width.

Suggested viewport tag <meta name="viewport" content="width=device-width, initial-scale=1">

Without a viewport meta tag, the page will not render correctly on mobile devices.

Learn how to fix

Results are identical for mobile and desktop.

D CDN & Delivery

F HTTP Caching

A Multi-Location Performance

No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.

No Cache-Control header

Adding a Cache-Control header can significantly improve repeat-visit performance.

Browsers will use heuristic caching, which can be unpredictable. Set explicit cache headers.

Location	Status	TTFB	DNS	Connect	TLS	Total
NL Amsterdam	200 ✓	40ms	10ms	6ms	10ms	41ms
UN New York	200 ✓	396ms	74ms	80ms	83ms	396ms
UN Santa Clara (Full audit)	200 ✓	779ms	163ms	153ms	157ms	780ms
SG Singapore	200 ✓	916ms	270ms	161ms	164ms	916ms
BR Sao Paulo	200 ✓	968ms	190ms	193ms	197ms	969ms
Average		620ms	141ms	119ms	122ms	620ms

Amsterdam

40ms

New York

396ms

Santa Clara

779ms

Singapore

916ms

Sao Paulo

968ms

Results are identical for mobile and desktop.

SEO analysis not available for this result.

HSTS, with Nginx CDN

2 technologies detected 2 stack layers 1 with CPE identifier Minimal

Stack Architecture

Framework

HSTS

CDN

Nginx

All Detected Technologies (2)

Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.

Categories Web servers, Reverse proxies Website https://nginx.org/en Detected by BeaverCheck Evidence Server header: nginx

This technology has a CPE identifier — check for known vulnerabilities Search NVD →

HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.

Categories Security Website https://www.rfc-editor.org/rfc/rfc6797#section-6.1 Detected by BeaverCheck

Observations (2)

No build tool detected

A framework (HSTS) was detected but no bundler was identified. The build tool may not be detectable from output patterns, or the site may use the framework's built-in bundler.

Minimal technology footprint

Only 2 technologies detected. This suggests a simple setup with minimal dependencies — excellent for performance and security.

Compared to previous audit · 2 minutes ago View previous audit

Sao Paulo, Brazil → New York, United Stated

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Metric	Previous	Current	Change
TTFB †	469 ms	968 ms	+499 ms
DNS †	157 ms	190 ms	+33 ms
TLS †	81 ms	197 ms	+116 ms
Connect †	76 ms	193 ms	+117 ms
Total †	470 ms	969 ms	+499 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL No viewport meta tag found compliance

WARNING No privacy policy link detected compliance

WARNING <html lang> attribute is missing compliance

WARNING https://beavercheck.com/: 566ms CPU time performance

set-cookie

bc_csrf=f0bac427b06f62388fa8776cc29c5b6d; Path=/; Max-Age=3600; HttpOnly; Sec... → bc_csrf=61bc37e90c0b624b4583075002d8947a; Path=/; Max-Age=3600; HttpOnly; Sec...

content-security-policy

default-src 'self'; script-src 'self' 'nonce-zSX+4rj3jroN013pHPrgXg==' 'sha25... → default-src 'self'; script-src 'self' 'nonce-VyKUyB5rdeyiMKcnxAJ2ZQ==' 'sha25...

12 headers unchanged

− Alpine.js JavaScript frameworks

2 technologies unchanged

Results for https://beavercheck.com/

Site Health

Top Priorities (3)

Lighthouse Scores

Core Web Vitals

HTTP Timing

Connection waterfall

Parsed Policy

Certificate Chain

Raw Header

Feature Permissions

security.txt

URL Variants

Pre-consent Cookies

Stack Architecture

All Detected Technologies (2)

Observations (2)

Keyboard Shortcuts