Skip to content
https://helmi.fm

Compliance

· 23 checks — WCAG, consent & privacy, language, viewport, cookie inventory, and legal pages rolled into one auditable list.
SCORE
59
GRADE
D
FIX
4
REVIEW
5
PASS
11
INFO
3
Checks
23
11 PASS 5 REVIEW 4 FIX
F
Language & i18n
Action
Missing <html lang>
FIX
Missing <html lang>
Warning::
<html lang> attribute is missing
The lang attribute on <html> is required for screen readers and WCAG 3.1.1 compliance.
Info::
No Content-Language HTTP header
Info::
Language signals are consistent
Page Language Content-Language Header Consistent Yes

The lang attribute on <html> is required for screen readers and WCAG 3.1.1 compliance.

Why this matters

Without a lang attribute, screen readers mispronounce every word on the page.

Learn more

An HTML element without lang="..." causes screen readers to fall back to the user's default voice — a French page read in English sounds like nonsense. Setting lang on the <html> element is a one-character fix that lets every assistive tool pronounce content correctly.

Source: W3C WCAG 2.1

F
GDPR Article 13 Disclosures
Action
0 / 8 Art. 13 categories matched in homepage body
FIX
0 / 8 Art. 13 categories matched in homepage body
Warning::
GDPR Article 13 disclosure coverage: 0 / 8 categories
Scanned the homepage body text AND the linked /privacy page for GDPR Article 13 disclosures. Matched 0 of 8 categories: . Missing: Data Protection Officer contact (where applicable), Data retention period, Data subject rights (access, erasure, rectification, etc.), Identity / contact details of the data controller, International data transfers, Legal basis for processing, Recipients of personal data, Right to lodge a complaint with a supervisory authority. Note: only the FIRST same-origin privacy-policy link is followed; deeper sub-pages (e.g. /legal/data-subject-rights) are not fetched.
Got: 0/8
D
Third-Party Trackers
Action
5 trackers detected
FIX
5 trackers detected
Info::
5 third-party trackers detected
Found 2 analytics, 2 advertising, 0 marketing, 1 tag manager, 0 session-replay, 0 heatmap trackers.
Got: 5 trackers
Warning::
2 advertising/retargeting trackers detected
Advertising trackers collect user data for ad targeting. Under GDPR, these typically require explicit consent.
Warning::
Trackers detected but no cookie policy found
This page loads 5 trackers but no cookie policy was detected. GDPR requires disclosure when using tracking cookies.
Warning::
Trackers detected but no privacy policy found
Most data protection regulations require a privacy policy when collecting user data via trackers.
C
Viewport Configuration
Action
Viewport prevents zooming
REVIEW
Viewport prevents zooming
Info::
Viewport meta tag is present
Info::
width=device-width is set
Critical::
Viewport prevents user zooming
user-scalable=no or maximum-scale < 2 prevents users from zooming. This is a WCAG 1.4.4 (Level AA) failure and an accessibility barrier for users with low vision.
Got: width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no Expected: width=device-width, initial-scale=1 (without zoom restrictions)
Viewport Configuration Problem
Content
width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no
width=device-width

Responsive layout enabled

initial-scale=1

Correct initial zoom level

user-scalable=no

User zooming BLOCKED

maximum-scale=1.0

Restricts zoom — set to 5.0 or higher, or remove entirely

User zooming BLOCKED

WCAG 1.4.4 violation — users with low vision cannot zoom. Remove user-scalable=no and set maximum-scale to at least 5.0.

user-scalable=no or maximum-scale < 2 prevents users from zooming. This is a WCAG 1.4.4 (Level AA) failure and an accessibility barrier for users with low vision.

Why this matters

user-scalable=no is a WCAG 1.4.4 failure and creates ADA/EAA legal exposure — low-vision users rely on pinch-zoom every day.

Learn more

Setting user-scalable=no (or maximum-scale=1) in the viewport meta blocks pinch-zoom. WCAG 2.1 success criterion 1.4.4 (Resize Text) requires zoom up to 200%. ADA lawsuits against inaccessible US sites have risen sharply; the EU Accessibility Act adds another enforcement layer in 2025. Remove user-scalable and maximum-scale from the viewport meta.

Source: WCAG 2.1 SC 1.4.4 / ADA / EAA

B
Accessibility Statement
No accessibility statement detected
REVIEW
No accessibility statement detected
Warning::
No accessibility statement detected
Sites are increasingly expected to publish an accessibility statement. Required by EU Web Accessibility Directive 2016/2102 for public-sector bodies; recommended best practice elsewhere. Common URLs: /accessibility, /accessibility-statement, /a11y.
C
Compliance Badges
Action
0 compliance badge(s) detected
REVIEW
0 compliance badge(s) detected
Info::
No compliance badges detected
No recognized compliance certification badges or seals were found. This is common — many sites do not display compliance badges.
SOC 2
ISO 27001
PCI DSS
GDPR Certified
HIPAA Compliant
Better Business Bureau
TRUSTe / TrustArc
Privacy Shield
McAfee SECURE / TrustedSite
Norton Secured
Badge detection is based on image alt text, link URLs, and page content. Detection does not verify that certifications are current or valid.
A+
WCAG Compliance
No testable criteria
PASS
No testable criteria
Level A
Level AA

0

Passed

0

Failed

0

Partial

0

Manual review

0

Not tested

Key accessibility barriers

Links with unclear purpose

29 link(s) have empty or generic text

Screen reader users navigating by link list

Images without alt text

Screen reader users cannot understand 1 image(s)

~8M screen reader users in the US

Automated testing covers ~30–40% of WCAG criteria. Manual review is recommended for full conformance.

Full WCAG 2.1 AA compliance checklist — paste into a client deliverable or ticket

A+
Tracker Inventory
1 known tracker(s) detected
PASS
1 known tracker(s) detected
Info::
1 known tracker(s) detected
Inventory of trackers loaded by the page (matched against a curated SDK URL registry): analytics: Google Analytics (UA) Each entry maps a script URL pattern to a known vendor SDK. This is purely informational -- consent posture / pre-consent firing is graded by the consent analyzer.
A+
Hreflang Configuration
No hreflang tags on this page
PASS
No hreflang tags on this page
Info::
No hreflang tags found (single-language site)
A+
Internationalization Extras
No additional i18n signals detected
PASS
No additional i18n signals detected
Info::
No additional i18n signals detected
A+
Readability & Typography
Font sizes and tap targets checked
PASS
Font sizes and tap targets checked
A+
Tracking Pixel Inventory
No tracking pixels detected
PASS
No tracking pixels detected
Info::
No tracking pixels detected
A+
Browser Fingerprinting
No browser-fingerprinting libraries detected
PASS
No browser-fingerprinting libraries detected
Info::
No browser-fingerprinting libraries detected
A+
Cross-Site Cookies (SameSite=None)
No cookies on the page
PASS
No cookies on the page
Info::
No cookies set on the page response
A+
Beacon Tracking (sendBeacon)
No navigator.sendBeacon usage detected in inline scripts
PASS
No navigator.sendBeacon usage detected in inline scripts
Info::
No navigator.sendBeacon usage detected in inline scripts
Regulatory Indicators
1 regulatory indicator(s) detected
INFO
1 regulatory indicator(s) detected
Info::
This is a technical scan, not a legal assessment
BeaverCheck detects technical indicators that may suggest regulatory relevance. This is not a compliance audit and should not be relied upon for legal decisions. Consult qualified legal counsel for compliance assessments.
Info::
GDPR indicators detected (moderate confidence)
Indicators suggesting GDPR may be relevant: European TLD detected: .de. EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.
Got: 1 indicators: European TLD detected: .de

This is a technical scan, not a legal assessment.

BeaverCheck detects technical indicators that may suggest regulatory relevance. This should not be relied upon for legal decisions. Consult qualified legal counsel.

GDPR Moderate

EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.

Indicators detected

  • European TLD detected: .de
Third-Party Data Sharing
1 third-party service(s) detected
INFO
1 third-party service(s) detected
Info::
Data inventory for transparency purposes
This inventory identifies third-party services that receive data from your site visitors. Under regulations like GDPR (Article 30), maintaining records of data processing activities is commonly considered a best practice. This automated scan provides a starting point — it may not capture all data flows.
Info::
1 third-party services across 1 categories
1 third-party services detected across 1 categories: Analytics (1). Each of these services receives some user data from your site visitors.
Info::
Google Analytics (Analytics)
Detected via script URL. Typically collects: Page views, User behavior, Demographics, Device info, IP address. Privacy policy: https://policies.google.com/privacy. Data Processing Agreement available.
Got: Category: Analytics | Data types: Page views, User behavior, Demographics, Device info, IP address
Analytics (1)
Google Analytics Analytics
Detected by: script URL
Data typically collected:
Page viewsUser behaviorDemographicsDevice infoIP address
Privacy policy → DPA available ✓

This inventory identifies services receiving visitor data.

Under regulations like GDPR Article 30, maintaining records of data processing is commonly considered a best practice. This scan provides a starting point.

Readability Scores
440 words, Flesch-Kincaid grade 13.3
INFO

Readability Analysis (Flesch-Kincaid)

Grade Level

13.3

Grade 13 (college+)

Reading Ease

39

Difficult

Words

440

Sentences

20

All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback