NWS-360 — Client Dashboard

Showing data for www.meridianhealth.org — Homepage + 10-page sample — Scanned April 1, 2026 Retainer: NWS-360 Full Program • Renewal: January 2027

67 /100

Overall Health Score

Needs Attention

3 critical • 7 warnings

3 Critical
Issues

7 Warnings

99.7% Uptime
30 days

23 404
Errors

87 Days to
SSL Expiry

Core Web Vitals & Performance

View service details →

3.2s

LCP

Largest Contentful Paint

Needs Work

Goal: <2.5s

0.08

CLS

Cumulative Layout Shift

Good

Goal: <0.1

145ms

INP

Interaction to Next Paint

Needs Work

Goal: <200ms

Page Speed Score

/ 100 (Mobile)

050100

Page Size

4.2MB

Goal: under 3 MB

✗

Over target by 1.2 MB

Optimizations

✓

Minified JavaScript

✗

Minified CSS Missing

✓

Browser Caching

Image Optimization Partial

Redirects & Requests

301 Redirects 12

HTTP Requests 84

✓

HTTPS Enabled

✓

SSL Valid 87 days

SEO Health

View full SEO report →

SEO Score 71 / 100

050100

✓

Permission to Index

✓

robots.txt Present

✓

XML Sitemap

Meta Descriptions Missing on 14 pages

✗

Descriptive Link Text 23 issues

Content Plugins 2 flagged

Structured Data & Technical

Schema Markup Partial

✓

Canonical Tags

✓

Open Graph Tags

✗

H1 Hierarchy Multiple H1s on 6 pages

✓

Page Titles Unique

Image Alt Text 41 missing

Privacy & Consent (CMP)

View service details →

Compliance Status Critical Gaps

✓

CMP Vendor Detected (Termly)

✓

Cookie Banner Present

Reject / Decline All Button Buried in preferences

✗

Pre-Consent Tracking 3 trackers fire early

✗

GPC Signal Honored Not detected

Consent Mode v2 Partial

✓

✗

Cookie Policy Standalone Missing

Compliance Level

3 / 5

Defined — 2 levels to target

12345

Cookie Inventory

First-party cookies 11

Third-party cookies 4

Accessibility (WCAG 2.2)

View full accessibility report →

Accessibility Score

/ 100 — AA Partial

050100

Critical

Moderate

Minor

Critical Failures

✗

Missing alt text (41 images)

✗

Color contrast failures (12)

✗

Form labels missing (6 fields)

✗

Keyboard trap on modal

Skip navigation link missing

Mobile Accessibility

✓

Responsive Layout

✓

Legible Font Size

Tap Target Size 8 too small

✓

Viewport Meta Tag

Touch Gesture Alternatives Partial

Security

View security report →

Security Score

/ 100

HTTPS & Certificates

✓

HTTPS Enabled

✓

SSL Valid 87 days

Mixed Content 2 warnings

Headers & CSP

✗

Content Security Policy Missing

X-Frame-Options Weak

✓

HSTS Enabled

JavaScript Libraries

✗

jQuery 3.4.1 Vulnerable

✓

Bootstrap 5.3

SRI Coverage 0% on 4 scripts

Uptime & Availability

View uptime history →

Last 30 Days

99.7%

uptime — 2 incidents

Mar 2 Mar 16 Apr 1

Up Down Degraded

Incidents & Certificates

●

Mar 14 — 14 min outage Resolved

●

Mar 28 — Slow response (>4s) Resolved

Domain & SSL

✓

SSL Certificate Expires Jul 2026

✓

Domain Registration Expires Dec 2027

✓

DNS Health Healthy

Analytics & GA4 Configuration

View analytics details →

Tag Detection

✓

GA4 Tag Present G-59L0QDKBLT

✓

GTM Container GTM-M2XSBPS

HubSpot Tracking Fires pre-consent

Configuration Health

Consent Mode v2 Not configured

Conversion Tracking Unverified

✓

Page View Events

Data Quality

✓

Internal IP Filter

✗

Bot Filtering Off

Goal / Event Accuracy Review needed

Site Baseline Inventory

View full inventory →

247

Pages

Last full crawl: Apr 1, 2026

1,842

Images

41 missing alt text

Videos

3 lack captions

Forms

All tested — 6 delivering

404 Errors

Up from 18 last month

Redirects

12 are redirect chains

AI-Generated Recommendations

View full action plan →

Critical

Pre-consent tracking: 3 scripts fire before user consent is collected GA4, HubSpot, and a third-party map API are activating immediately on page load. This is a GDPR/CCPA violation with active enforcement risk. Replace or gate these via Termly Consent Mode v2 configuration.

Eric (CMP)

Critical

jQuery 3.4.1 has a known XSS vulnerability — update to 3.7+ CVE-2019-11358 allows prototype pollution. This library is loaded on every page. Update is low-risk and can be completed in under an hour.

Greg (Security)

Critical

8 accessibility violations block WCAG 2.2 AA compliance — legal exposure for a healthcare organization Missing alt text (41 images), 12 contrast failures, and a keyboard trap on the appointment modal are the top priorities. ADA lawsuits targeting healthcare sites have increased 35% since 2023.

Jenna (Accessibility)

High

Content Security Policy (CSP) header missing — implement immediately No CSP means the browser will execute any injected script. A basic CSP can be implemented at the server level with minimal development effort and eliminates a significant attack surface.

Greg (CSP)

High

Page size 4.2 MB exceeds 3 MB goal — primary cause is uncompressed images Running images through WebP conversion and lazy-loading below-the-fold assets should reduce page size by 30–40% and improve LCP from 3.2s toward the 2.5s target.

Brian (Performance)

Medium

Meta descriptions missing on 14 pages — direct impact on click-through rate Pages without meta descriptions are receiving auto-generated snippets from Google, which are often poor quality. Writing targeted descriptions for the top 14 pages by traffic is a quick SEO win.

Alex (SEO)

Medium

23 broken 404 pages — up from 18 last month — likely tied to recent navigation changes A content audit from the Feb 2026 navigation restructure appears to have left legacy URLs unredirected. Mapping these to canonical destinations will recover lost link equity and improve user experience.

Alex (SEO)