← Back to Blog

The Complete Website Audit Checklist for 2026

By Claros Team 6 min read

A website that looks good on the surface can still be bleeding traffic, losing customers, and exposing your business to unnecessary risk. A proper website audit goes beyond aesthetics. It examines the five dimensions that determine whether your site is actually working for you: performance, SEO, security, accessibility, and mobile experience.

This checklist breaks each dimension into specific, actionable items. Work through it yourself, hand it to your development team, or let Claros do it for you in 30 seconds.

1. Performance Audit

Website speed directly impacts revenue. Google research shows that as page load time increases from 1 second to 3 seconds, the probability of a visitor bouncing increases by 32%. At 5 seconds, that number jumps to 90%.

Core Web Vitals

  • Largest Contentful Paint (LCP): Your main content should load in under 2.5 seconds. Test on both mobile and desktop.
  • Interaction to Next Paint (INP): User interactions should respond in under 200 milliseconds. Click buttons, open menus, and submit forms to check.
  • Cumulative Layout Shift (CLS): Visual elements should not shift unexpectedly. A score under 0.1 is the target. Watch for images without defined dimensions and late-loading fonts.

Resource Optimization

  • Compress all images. Use WebP or AVIF formats where browser support allows.
  • Minify CSS, JavaScript, and HTML.
  • Enable GZIP or Brotli compression on the server.
  • Audit third-party scripts. Each external script (analytics, chat widgets, tracking pixels) adds load time. Remove any that are not actively providing value.
  • Implement lazy loading for images and videos below the fold.
  • Use a Content Delivery Network (CDN) to serve assets from locations closer to your visitors.

Server Response

  • Time to First Byte (TTFB) should be under 200 milliseconds.
  • Verify that HTTP/2 or HTTP/3 is enabled.
  • Check that browser caching headers are set correctly for static assets.

2. SEO Audit

Search engine optimization determines whether potential customers can find you. Technical SEO issues can undermine even the best content strategy.

On-Page Essentials

  • Every page has a unique, descriptive title tag under 60 characters.
  • Every page has a meta description under 160 characters that includes the target keyword.
  • Headings follow a logical hierarchy: one H1 per page, H2s for sections, H3s for subsections.
  • URLs are clean, readable, and include relevant keywords (no ?id=12345 strings).
  • Images have descriptive alt text.

Technical SEO

  • Submit an XML sitemap to Google Search Console and Bing Webmaster Tools.
  • Verify your robots.txt file is not accidentally blocking important pages.
  • Check for broken links (404 errors) across the site.
  • Ensure canonical tags are set correctly to avoid duplicate content issues.
  • Implement structured data (Schema.org markup) for your business type, products, or articles.
  • Confirm that the site is indexed. Search site:yourdomain.com in Google to verify.

Content Quality

  • Each page targets a specific keyword or topic.
  • Content is original, substantive, and genuinely useful to the reader.
  • Internal links connect related pages naturally.

3. Security Audit

Security is no longer optional. Browsers flag HTTP sites as "Not Secure," and a single breach can destroy customer trust overnight.

SSL/TLS

  • HTTPS is enforced on every page. HTTP requests redirect to HTTPS automatically.
  • The SSL certificate is valid, not expired, and covers all subdomains in use.
  • TLS 1.2 or higher is required. Older protocols (TLS 1.0, 1.1, SSL 3.0) should be disabled.

Security Headers

  • Strict-Transport-Security (HSTS): Forces browsers to use HTTPS.
  • Content-Security-Policy (CSP): Prevents cross-site scripting attacks.
  • X-Content-Type-Options: Stops browsers from guessing file types.
  • X-Frame-Options: Prevents your site from being embedded in malicious iframes.
  • Referrer-Policy: Controls what information is sent when users click outbound links.

Additional Security Checks

  • Software, plugins, and CMS platforms are up to date.
  • Admin login pages are not publicly accessible or are protected by two-factor authentication.
  • Forms include CSRF protection.
  • File upload functionality (if any) validates file types and scans for malware.

4. Accessibility Audit

Web accessibility is both a legal requirement and a business opportunity. Over 1 billion people worldwide live with some form of disability, and accessible websites serve everyone better — including users on slow connections, small screens, or in bright sunlight.

WCAG 2.1 Level AA Essentials

  • All images have meaningful alt text (or empty alt attributes for decorative images).
  • Color contrast ratios meet 4.5:1 for normal text and 3:1 for large text.
  • The entire site is navigable by keyboard alone. Tab through every page and verify that focus indicators are visible.
  • Form inputs have associated labels. Placeholder text is not a substitute for labels.
  • Error messages are clear and specific, not just "Invalid input."
  • ARIA landmarks are used appropriately (navigation, main, footer, etc.).
  • Video content includes captions. Audio content includes transcripts.

Quick Accessibility Tests

  • Zoom to 200% and verify that the layout remains usable.
  • Navigate the site using only a screen reader (VoiceOver on Mac, NVDA on Windows).
  • Disable CSS and check that the content still makes logical sense.
  • Verify that no information is conveyed by color alone.

5. Mobile Experience Audit

Mobile devices account for over 60% of global web traffic. Google uses mobile-first indexing, meaning the mobile version of your site is what gets evaluated for search rankings.

Responsive Design

  • The site renders correctly on screens from 320px to 2560px wide.
  • Touch targets (buttons, links) are at least 44x44 pixels.
  • No horizontal scrolling is required on any standard device.
  • Text is readable without zooming (minimum 16px body text).

Mobile-Specific Issues

  • Popups and interstitials do not block content on mobile (Google penalizes intrusive interstitials).
  • Phone numbers are tap-to-call links.
  • Forms are optimized for mobile input (appropriate keyboard types, autofill support).
  • Navigation works smoothly on touch devices.

Mobile Performance

  • Test on a real device with a throttled 3G connection, not just desktop Chrome DevTools.
  • Total page weight should be under 3 MB for the initial load.
  • Fonts are loaded efficiently with font-display: swap to prevent invisible text.

Putting It All Together

A complete website audit is not a one-time event. Run through this checklist quarterly at minimum — more frequently if you are actively making changes to your site. Priorities shift, new vulnerabilities emerge, and search engine algorithms evolve.

The five dimensions are interconnected. A slow site hurts SEO. Poor accessibility limits your audience. Missing security headers erode trust. Treating each dimension in isolation leaves gaps.

If working through this checklist manually feels overwhelming, that is exactly why we built Claros. Run a free scan and get a comprehensive report across all five dimensions in under 30 seconds — no signup required.

Get Your Free Website Grade

Claros analyzes your website across performance, SEO, security, accessibility, and more — in under 30 seconds.

Scan Your Website Free