Three phases. Deterministic engine. AI translation. Human walkthrough. No black box, no opinion-as-finding, no AI-decides-what-to-check.
Deterministic, every time.
Our audit engine runs 513 checks across your site, search presence, social footprint and trust signals. The same checks fire every time - no AI decides what to look at, no skipped categories, no opinion. Every finding is anchored to a publicly observable signal (HTTP header, meta tag, structured-data block, public profile, page render).
This is the part where vibes-based audits fall over. A "5-point AI website review" can decide it doesn't feel like checking your DMARC policy today. We can't.
AI for translation, not opinion.
Once the engine returns evidence, AI does one job: translate each finding into business-impact language. What it costs you. Who it affects. How urgent it is. Whether a developer or a marketer should pick it up.
Each issue gets a severity score weighted to revenue impact - a missing CSP header on a marketing site scores differently than the same finding on a checkout flow. AI does not decide what's broken; it explains the broken-ness that the engine already surfaced.
30 minutes. Recorded or live.
You get a branded PDF with every finding, evidence, severity and fix path. Then we walk you through it - screen-recorded for replay, or live if you prefer real-time questions - so you understand the top fixes, the priority order, and where each finding sits in your wider plan. Most clients pick recorded so they can rewatch.
You leave with a work order, not a 90-page report nobody opens. Optional 90-day rescan locked in so you can confirm the fixes landed against the same engine.
513 checks. 9 suites.
Each suite is weighted to its revenue contribution, not its file size. Marketing and Technical carry the heaviest weight because that's where most service-business sites bleed.
85Technicalwt 16%
- Largest Contentful Paint, Interaction to Next Paint, Cumulative Layout Shift (Core Web Vitals)
- JavaScript bundle size, render-blocking resources, image optimisation
- Semantic HTML, heading hierarchy, ARIA landmarks, keyboard navigation
- Mobile viewport, touch target sizing, font legibility
- Status codes, 4xx/5xx errors, broken internal links
84Securitywt 14%
- SPF, DKIM, DMARC email authentication policies
- HSTS preload, HSTS max-age, CSP, X-Frame-Options, X-Content-Type-Options
- TLS configuration, certificate validity, mixed-content detection
- Subresource Integrity on third-party scripts
- 84 of these are CIS / OWASP-aligned signals
83GEOwt 14%
- JSON-LD structured data - Organization, LocalBusiness, Service, FAQ types
- llms.txt presence, robots.txt allow-list for AI crawlers
- Service area, opening hours, address markup
- Brand-name citation strength across the public web
- Open Graph metadata completeness for AI summary engines
48Marketingwt 18%
- Hero clarity - does the page say what you do in the first viewport
- Conversion path - CTA placement, friction count, form length
- Copy specificity - vague vs concrete, jargon density
- Social proof placement and credibility signals
- Pricing transparency and decision-aid presence
48Privacywt 11%
- Cookie consent banner presence and pre-consent tracker count
- Privacy policy presence, last-updated date, GDPR / CCPA / AU Privacy Act mentions
- Third-party cookie inventory (GA, Meta, LinkedIn, etc.)
- Form data handling disclosure
- Cross-border data transfer disclosure
44AI Readinesswt 4%
- FAQ schema markup - AI engines preferentially cite Q&A-structured content
- llms.txt declaration
- Customer-facing AI / chat presence
- Structured Q&A content on key pages
- Citation-ready content (clear sources, statistics, named entities)
43Social Footprintwt 10%
- Open Graph image, og:image:alt, og:locale, og:site_name
- Twitter / X card type and image
- Social profile links in footer + structured data
- Embedded social proof (Instagram, reviews, testimonials)
- Active-presence signals across 8 platforms
42Employer Brandwt 4%
- Team / about / leadership page presence
- Careers page, role listings, EVP signals
- Glassdoor / SEEK / LinkedIn employer review surface
- Founder / leadership bios with credibility markers
- Public mission / values content
36Reputationwt 9%
- Google review platforms linked or embedded on the site
- Third-party review platforms (Trustpilot, ProductReview, industry directories)
- Case studies, testimonials, before/after evidence
- Awards, certifications, accreditation markers
- Negative-review response patterns
Honest limits.
- No penetration testing. Security findings are based on publicly observable signals (headers, certificates, exposed services), not authenticated tests. For formal pen testing or compliance certification, you need an accredited assessor.
- No guaranteed rankings, leads or revenue. The audit surfaces what's broken and weighs it to impact - it does not promise outcomes. SEO, GEO and AI visibility depend on competitive context, content quality and time, not on a single audit.
- No AI-decides-what-matters. AI translates findings the engine surfaced. AI does not choose what to look at, what to ignore, or what to inflate. If your DMARC policy is soft-fail, it gets flagged every time - not when AI happens to feel like it.
- No vendor lock-in. The PDF is yours. The fix list is yours. Hand it to your own developer, your agency, or come back to us for the implementation work. Either is fine.
Ready to see your real numbers?
Brief in by 9am, report in by close. Same working day, from A$550 a suite or A$1,950 for the full nine. PDF + 30-minute walkthrough (recorded or live) included.