Skip to main content
Free · No signup · Shareable

The website audit that PageSpeed wishes it was.

Performance, SEO, security, hosting, tech stack, accessibility and carbon. One shareable report in 30 to 90 seconds.

Start an audit

Enter any public URL. We will follow redirects.
Scan depth Standard scan Just the entered page · ~30 seconds Are you sure? Deeper scan Up to 25 pages · ~90 seconds

Same checks on both modes. Standard scans only the URL you entered. Deeper goes up to 25 pages (about 90 seconds).

Password or maintenance mode?

Use this for a basic HTTP auth popup, a Shopify password page, WordPress maintenance mode, or similar gates. Username is optional (leave blank for screens that only ask for a password). We send the credentials only for this scan, then forget them.

No login. Your report lives at a private link only you can share.

What we look at

Lighthouse is just the starting point.

See the full methodology
  1. Performance

  2. SEO and meta

  3. Accessibility

  4. Security

  5. Hosting and infra

  6. Tech stack

  7. Carbon

How it works

Three steps. No account, no install, no waiting on email.

  1. Paste any URL

    Public sites only. We accept http(s):// and follow redirects, so http(s)://example.com or just example.com all work.

  2. We scan it end to end

    Lighthouse runs on mobile and desktop, plus our own checks for security, hosting, tech stack, and carbon. Standard mode finishes in about 30 seconds.

  3. You get a shareable report

    Live at a private URL only you can share. Download as PDF. The link works for a hand-off to a client, a developer, or a hosting provider.

What's in the report

Score rings up top, every finding clickable, with a fix recommendation. Nothing inflated, nothing buried.

high

No Content-Security-Policy header

A CSP header tells the browser exactly which scripts, styles, and frames may run. Without it, an XSS bug can run anything.

Add a Content-Security-Policy response header. Start with default-src 'self' and tighten from there.

Questions before you start

How long does an audit take?

Standard mode runs in about 30 seconds. Deeper mode (up to 25 internal pages) finishes in 60 to 90 seconds. Leave the tab open or come back to the report URL later.

Is the audit private?

Every report lives at an unguessable URL with 32 random hex characters (about 10³⁸ possibilities). We do not log the IP of report viewers, and we never share a report with anyone but you.

Why is it free?

crocky.host is a hosting company in Romania, and the audit is how we introduce ourselves. If the report leads you to consider us for hosting, a rebuild, or a migration, that is what keeps the tool running. Whether or not you ever talk to us, the report is yours.

Can I run it on a staging site?

Often, yes. Open Advanced options on the form and paste the password. We handle HTTP basic auth, Shopify password pages, Netlify password protection, Cloudflare Access, and Vercel preview deployments. WordPress maintenance pages are detected but cannot be bypassed from outside; we will tell you what we saw. If your staging sits behind a VPN or an IP allow-list, contact us about a private deploy.

Do you store the data?

We keep the findings and the underlying Lighthouse JSON for as long as the report URL exists. Email audit@crocky.host with the URL to have it deleted any time.

Audited by Crocky