Site Health Brief

Site Health Score

Measures technical site quality across 7 domains. The overall SEO signal score appears in the full report.

Security

54

Weight 25%

Accessibility

100

Weight 20%

Privacy & Legal

77

Weight 15%

Infrastructure

92

Weight 15%

Mobile UX

100

Weight 10%

Code Quality

100

Weight 10%

Error Handling

92

Weight 5%

Priority actions

SecuritySeverityHighEffortQuick win↗

Missing HSTS header

What to do

Add header: Strict-Transport-Security: max-age=15552000; includeSubDomains
Verify with curl -I https://yourdomain/ | grep -i strict

What this prevents

security

SecuritySeverityHighEffortQuick win↗

Missing Content-Security-Policy header

What to do

Define CSP that covers your legitimate sources
Start with report-only mode: Content-Security-Policy-Report-Only
Monitor violations, then promote to enforcing

What this prevents

security

Privacy & LegalSeverityHighEffortModerate↗

No privacy policy page

What to do

Publish a privacy policy at /privacy-policy or /privacy
Link it from the site footer and cookie banner
Include data categories collected, retention periods, and contact details

What this prevents

legal

Findings by domain

Security

SeverityHighEffortQuick win↗

Missing HSTS header

What to do

Add header: Strict-Transport-Security: max-age=15552000; includeSubDomains
Verify with curl -I https://yourdomain/ | grep -i strict

What this prevents

security

SeverityHighEffortQuick win↗

Missing Content-Security-Policy header

What to do

Define CSP that covers your legitimate sources
Start with report-only mode: Content-Security-Policy-Report-Only
Monitor violations, then promote to enforcing

What this prevents

security

SeverityMediumEffortQuick win↗

Missing X-Content-Type-Options header

What to do

Add header: X-Content-Type-Options: nosniff

What this prevents

security

SeverityMediumEffortQuick win↗

Missing Referrer-Policy header

What to do

Add header: Referrer-Policy: strict-origin-when-cross-origin

What this prevents

security

Privacy & Legal

SeverityHighEffortModerate↗

No privacy policy page

What to do

Publish a privacy policy at /privacy-policy or /privacy
Link it from the site footer and cookie banner
Include data categories collected, retention periods, and contact details

What this prevents

legal

SeverityMediumEffortModerate↗

Third-party trackers active without consent

What to do

Gate all non-essential tracker scripts behind consent
Use tag manager consent mode or server-side conditional loading
Audit third-party scripts quarterly

What this prevents

legal

Infrastructure

SeverityMediumEffortModerate↗

Email authentication records missing: DKIM

What to do

Publish missing DNS records: DKIM
SPF: TXT record listing authorised mail servers
DKIM: TXT record with public key matching your mail server signing key
DMARC: TXT record at _dmarc.yourdomain with p=quarantine minimum

What this prevents

resilience

Error Handling

SeverityMediumEffortModerate↗

8 broken internal link(s) detected

What to do

Fix or redirect each broken URL
Set up 301 redirects for pages that have moved
Audit broken links monthly using a crawler
Priority URLs to fix: https://www.thebelroyhotel.com.au/contact, https://www.thebelroyhotel.com.au/book-a-table, https://www.thebelroyhotel.com.au/sports-bar, https://www.thebelroyhotel.com.au/whats-on-2, https://www.thebelroyhotel.com.au/gallery

What this prevents

user_experience

Methodology

Prepared by: Taussig Research

Pages tested: 6

Standards referenced: WCAG 2.2 · Google QRG (Quality Rater Guidelines)→ · Schema.org · W3C

Each finding links directly to its evidence - timestamped captures stored in the raw/evidence/ folder of this delivery package.