65+ Checks Across 12 Categories: What SiteGrader Actually Looks At
SiteGrader runs over 65 individual checks on your website, organized into 12 categories. Every check is passive and read-only — we never modify your site, submit forms, or test credentials. Here is exactly what we look at and why it matters.
1. Performance
How fast your site loads and how efficiently it delivers content.
- Time to first byte (TTFB) — how fast your server responds
- Total page load time
- HTML page size
- Image count and optimization
- Render-blocking resources (CSS/JS that delay display)
- Compression (gzip/brotli enabled)
- Google Lighthouse performance score via PageSpeed Insights API
- Core Web Vitals: Largest Contentful Paint (LCP), Cumulative Layout Shift (CLS), Total Blocking Time (TBT), First Contentful Paint (FCP)
2. Email Security
Whether anyone can send emails pretending to be from your domain. Full guide →
- SPF record presence and policy strength (soft fail vs hard fail)
- DKIM record detection across 9 common selectors
- DMARC record and enforcement policy (none/quarantine/reject)
- MX records and email provider identification
- Overall email authentication score (SPF + DKIM + DMARC)
3. Security
Server-level protections that keep your visitors and your data safe.
- HTTPS enabled and SSL certificate validity
- SSL certificate expiry countdown, issuer, and TLS version
- HTTP Strict Transport Security (HSTS)
- Security headers: X-Frame-Options, X-Content-Type-Options, Content-Security-Policy, Referrer-Policy, Permissions-Policy, X-XSS-Protection
- Mixed content detection (HTTP resources on HTTPS pages)
- DNSSEC and CAA record checks
4. Threat Exposure
Whether your site is leaking information that attackers can use.
- Known data breaches associated with your domain
- Email addresses exposed in page source
- Server version information leaked in headers
- Sensitive files publicly accessible (.env, wp-config, backups)
- Admin panels publicly reachable (/admin, /wp-admin, /cpanel, /phpmyadmin)
- Directory listing enabled
5. SEO (Search Engine Optimization)
Whether Google can find, understand, and rank your pages.
- Title tag length and quality
- Meta description length
- H1 tag presence and count
- Heading hierarchy (H2/H3 structure)
- Image alt text coverage
- Canonical URL
- Open Graph tags for social sharing
- JSON-LD structured data presence
- Sitemap.xml accessibility
- Robots.txt accessibility
- Multi-page crawl: duplicate titles, missing meta descriptions, thin content pages
6. AEO (Answer Engine Optimization)
Whether Google can use your content for featured snippets and AI Overviews. Full guide →
- Answer near the top — does your first paragraph directly answer a question?
- Question-style headings that match how people search
- Statistics and specific numbers in your content
- FAQPage structured data
- Article/WebPage schema with dateModified freshness signal
7. GEO (Generative Engine Optimization)
Whether ChatGPT, Claude, Perplexity, and Gemini can find and cite you. Full guide →
- Robots.txt access for 11 AI crawlers: GPTBot, OAI-SearchBot, ChatGPT-User, ClaudeBot, Claude-SearchBot, PerplexityBot, Perplexity-User, Google-Extended, Applebot-Extended, Meta-ExternalAgent, CCBot
- /llms.txt file presence and structure (what is /llms.txt? →)
- /llms-full.txt availability
- Author byline and expertise signals (E-E-A-T)
- Server-side rendered content check (AI crawlers do not execute JavaScript)
8. Mobile
Whether your site works properly on phones and tablets.
- Viewport meta tag
- Apple touch icon
- Responsive CSS patterns (media queries, flexbox, grid)
- Small font size detection (under 12px)
- Favicon presence
9. Local Presence
Whether your site has the signals local customers and Google Maps need.
- Phone number detection (text and tel: links)
- Physical address detection
- Google Maps embed
- LocalBusiness schema
- Business hours
- Mailto: link
- Social media profile links
- Privacy policy link
10. Accessibility (ADA / WCAG)
Whether your site is usable by people with disabilities — and whether you are exposed to lawsuits. ADA lawsuit guide →
- WCAG 1.1.1: Image alt text
- WCAG 1.3.1: ARIA landmarks and semantic HTML elements
- WCAG 1.4.3: Color contrast patterns
- WCAG 1.4.4: Fixed pixel font sizes (should be rem/em)
- WCAG 2.1.1: Keyboard accessibility
- WCAG 2.4.1: Skip navigation link
- WCAG 2.4.2: Page title
- WCAG 2.4.6: Heading hierarchy
- WCAG 3.1.1: Page language declaration
- WCAG 4.1.1: Unique element IDs
- HTML language attribute
- Form label association
11. Content Quality
Whether your page has enough substance for search engines and AI to work with. Full guide →
- Word count (thin content detection)
- Content-to-code ratio
- Internal link count
- Heading structure for long content
- Readability (average sentence length)
- Generic vs descriptive title detection
12. Site Health
Technical fundamentals that affect everything else.
- Broken internal links
- Redirect detection
- Page weight (HTML size)
- Canonical URL consistency
- Favicon presence
- Proper 404 response for missing pages (soft 404 detection)
Every check runs automatically when you enter your URL. The free preview shows your scores and top issues. The full report shows every individual finding with explanations and suggested fixes.
Related
What are AEO and GEO? — Deep dive into the AI search categories.
Email Security explained — Why SPF, DKIM, and DMARC matter for every business.
See all 65+ checks on your own site.
Scan your site free →