The complete website audit checklist
A website audit that only checks SEO misses most of what decides whether the site works. This is the nine-area checklist AuditHQ’s engine is built around - usable manually, even if you never run our scan.
1. Technical health
Core Web Vitals (LCP under 2.5 s, CLS under 0.1, INP under 200 ms), mobile responsiveness, no broken links or redirect chains, valid sitemap submitted to Search Console, robots.txt not blocking anything important, HTTPS everywhere.
2. Marketing and conversion
A headline that says what you do in plain words, one clear primary call to action per page, visible contact details, trust signals (reviews, credentials, guarantees), analytics actually installed, and no dead ends - every page should lead somewhere.
3. AI visibility
The newest area and the most commonly empty: structured data (Organization, FAQ, Product schema), an llms.txt file, AI crawlers permitted in robots.txt, content present in raw HTML rather than rendered only by JavaScript, and clear entity signals linking your site to your profiles. This decides whether ChatGPT, Perplexity and Google AI Overviews can find and cite you.
4. Security signals
Valid SSL/TLS with no mixed content, security headers (HSTS, CSP, X-Frame-Options), SPF, DKIM and DMARC on your domain, no exposed software versions, clean Google Safe Browsing status.
5. Privacy compliance
A findable, current privacy policy; cookie consent that actually blocks trackers until accepted where law requires it; a way for users to exercise data rights; and third-party trackers you can name and justify. Regulators and enterprise procurement both read this layer.
6-9. Reputation, social, employer brand, AI readiness
Reputation: review presence, ratings, and whether you respond. Social footprint: profiles complete, consistent, and alive. Employer brand: careers page, roles, and team pages that do not scare candidates away. AI readiness: signals of how automated and data-mature the business behind the site is. Individually small, together these decide how the business reads to a stranger doing five minutes of homework.
Frequently asked questions
How long does a manual website audit take with this checklist?
A diligent manual pass over all nine areas takes the better part of a day for a typical small site. The automated version - AuditHQ runs hundreds of checks across all nine suites - takes about 5 to 8 minutes, which is the argument for automating the finding and spending your day on the fixing.
What is the most commonly failed area?
AI visibility, by a wide margin - most sites predate the checklist item entirely. Among traditional areas, email authentication (SPF/DKIM/DMARC) and privacy compliance are the most frequently incomplete.
Do I need to audit all nine areas?
Not equally. Ecommerce weighs security and technical health heaviest; local services weigh reputation and marketing; B2B weighs privacy and employer brand more than most. But skipping an area entirely is how blind spots persist for years.