Public sample

Anatomy of a Dokven report

This is what a real Full Stack Scan looks like, including the cross-tool AI crosswalk that connects findings instead of just paraphrasing them.

Sample target

https://demo.acme-shop.com

Score 79/100 · C

AI Overview

Strong baseline a11y and copy scores, but the hero image is doing damage in three tools at once. Security headers need a single config pass: currently your CSP is undefined, which is the single highest-impact fix you can ship today.

Priority actions

Compress + serve modern formats for the hero image (one fix improves Performance, SEO, and a11y).
Add a CSP nonce + Permissions-Policy via the Next.js middleware.
Mark all session cookies Secure + SameSite=Lax.

Module breakdown

SEO82B

Security64D

Performance71C

Accessibility88B

Copy92A

Cross-tool insights

AI Crosswalk

Only Dokven connects findings across tools: one root cause, one fix.

Hero image dominates LCP and SEO

high

Root cause: Unoptimized 2.3 MB hero JPEG: drives LCP regression in Performance and triggers SEO image-size + missing alt-text warnings.

Fix: Serve AVIF/WEBP at 1× and 2× DPR, add explicit width/height, and write a descriptive alt.

performanceseoaccessibility

Missing security headers double-count

medium

Root cause: CSP and Permissions-Policy are absent, which fails Security and trips an SEO trust-signal warning.

Fix: Add a CSP via Next.js proxy.ts; emit Permissions-Policy with camera/microphone/payment denied by default.

securityseo

Security findings

HTTPS posture

TLS 1.3, HSTS preload eligible.

Content-Security-Policy

No CSP header. Allows arbitrary script injection.

X-Frame-Options

Set, but value `SAMEORIGIN` is weaker than `DENY`.

Mixed content

All sub-resources served over HTTPS.

Cookie security flags

2 of 6 cookies missing the Secure flag.

Audit your own site in 30 seconds.

Free guest scans · no signup, no card.

Run a real Full Stack Scan

Dokven

– Tokens Left