Product case study

A website audit that knows the difference between observation and proof.

SiteGuard Lite was designed for small teams that need a useful first review without the fear, noise, and false certainty common in automated security reports.

78Sample score
Sample resultnorthline.example

The site has a sound foundation, with a small number of issues worth addressing before they become expensive.

01The problem

Site owners often receive either a technical dump or a sales pitch.

A WordPress owner may know that a site feels slow or has not been maintained, but the usual tools speak in lab metrics, generic grades, or alarming vulnerability language.

The product brief was to create a calm first-pass report that helps an owner and a developer discuss the same issues. It had to cover visible security posture, search basics, content structure, crawl signals, and delivery clues without crossing into penetration testing.

02Product decisions

Designed around decisions, not a wall of checks.

Show evidence, not verdicts

Each result states what was observed, what it means, and what the owner can do next. Browser-only and professional-review tasks remain clearly labeled.

Protect the service and the target

The backend rejects local and reserved networks, validates redirect destinations, limits response sizes, uses timeouts, caps link and image samples, and rate-limits repeated audits.

Build for maintenance

Audit checks are typed, grouped by category, scored from weighted findings, and returned as a stable report model that supports the dashboard, JSON export, and PDF output.

CapabilityBusiness valueImplementation choice
Public URL audit

Starts from the page a customer actually sees

Server-side fetch with URL normalization, DNS checks, manual redirect validation, timeouts, and body limits

Security posture

Makes missing browser protections understandable

HTTPS, certificate metadata, mixed content, CSP, HSTS, framing, MIME, referrer, and permissions checks

WordPress clues

Flags avoidable platform disclosure without overstating certainty

Generator, REST link, wp-content, wp-includes, and version query observations

SEO and content

Gives marketing and development teams one shared backlog

Title, description, canonical, H1, alt coverage, internal link sample, robots.txt, and sitemap checks

Delivery basics

Surfaces expensive page-builder and media habits early

HTML timing and weight, markup resource counts, image header sample, intrinsic image dimensions, and viewport signals

Portable report

Lets an agency or owner keep a client-ready record

Browser-generated PDF plus complete JSON export from the same typed report object

03Product screenshots

The same information hierarchy holds from desktop to a narrow phone.

siteguard.local

SiteGuard Lite desktop landing page
Desktop product entry and audit workspace
SiteGuard Lite mobile landing page
Mobile layout with the same product narrative

siteguard.local/sample-report

SiteGuard Lite complete sample audit dashboard
Full sample report with priorities, category scores, evidence, recommendations, and scope
04Sample audit report

One glance for the owner. Enough detail for the developer.

northline.exampleHealthy foundation
78Site health

The public basics are mostly sound. The largest gains come from browser protections, image accessibility, and media delivery.

Transport100
Headers0
WordPress50
SEO79
Content53
Priority actions
01
Content Security Policy

Deploy a site-specific policy in report-only mode, validate it, then enforce it.

02
Public WordPress version disclosure

Keep WordPress updated and remove unnecessary generator output. Version hiding is not a substitute for patching.

03
Meta description

Write a specific summary that helps a prospective client understand the practice, location, and project focus.

04
Image alternative text coverage

Describe informative project images and use an empty alt attribute for purely decorative images.

Open the complete sample report

Review every finding, filter the checks, and test the PDF and JSON export experience.

05What a business owner can understand

Every technical observation is translated into consequence and action.

What is working

Passing checks are visible, so the report does not manufacture urgency.

What needs attention

Failed and review items are ranked by impact instead of presented as an undifferentiated checklist.

What to do next

Each finding includes a specific recommendation written for a real maintenance backlog.

What remains unknown

The scope panel names the areas that require browser testing, a full crawl, authenticated review, or professional assessment.

06Architecture

A small surface area with production-minded boundaries.

01
Next.js App Router

Server-rendered product pages, typed API routes, responsive dashboard, and metadata routes.

02
Node audit service

Cheerio parsing, DNS-pinned Undici requests, TLS inspection, bounded concurrency, and deterministic scoring.

03
Portable report model

One typed structure feeds the UI, filters, priorities, PDF export, and JSON download.

04
Deployment controls

Security headers, health endpoint, Docker build, CI checks, strict TypeScript, rate limiting, and no required third-party service.

Intentionally not included

Ethical limits are product requirements, not a disclaimer added later.