/ / d / meta.com
meta.com
58 / 100
overall · band: medium
Categories
Security66/ 100 · 9 measured
Performance100/ 100 · 5 measured
SEO54/ 100 · 7 measured
AI-readiness38/ 100 · 4 measured
Privacy27/ 100 · 6 measured
Accessibility0/ 100 · 1 measured
Brand presence30/ 100 · 16 measured
Email health51/ 100 · 16 measured
Site facts
- Snapshot date
- 2026-04-26
- Factors scored
- 64 / 86
- Composite score
- 58/100
- Method version
- v0.1 — 2026-04-25
Security· 66/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 4 | Security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, X-Content-Type-Options) | pass | 90 | security_headers_score=90, missing=Referrer-Policy |
| 5 | SSL certificate validity & expiration window | n/a | — | Scoring not yet implemented |
| 6 | WordPress REST API user enumeration exposure | pass | 100 | not_wordpress |
| 7 | Sensitive path exposure (.git, .env, /admin, xmlrpc.php, wp-login.php) | pass | 100 | total_checked=6 |
| 22 | DNSSEC validation | fail | 0 | ds_present=false, ad_bit=false |
| 23 | CAA records | fail | 0 | records=\# 93 00 05 69 73 73 75 65 64 69 67 69 63 65 72 74 2e 63 6f 6d 3b 20 61 63 63 6f 75 6e 74 3d 32 37 31 62 30 62 65 64 61 30 37 37 31 64 30 30 36 61 61 33 61 36 63 31 31 62 30 35 31 38 37 64 34 35 36 64 36 63 32 33 39 62 34 36 63 62 35 32 34 3… |
| 26 | HSTS preload list inclusion | pass | 100 | hsts_header=max-age=31536000; preload; includeSubDomains, preload_status=preloaded |
| 27 | TLS minimum version & cipher suite quality | pass | 100 | status=READY, grades=A+, worst=A+ |
| 28 | Subdomain takeover surface | pass | 100 | findings={"subdomain":"www.meta.com","cname":"star.c10r.facebook.com.","dangling":false}|{"subdomain":"support.meta.com","cname":"star.c10r.facebook.com.","dangling":false}, dangling_count=0 |
| 29 | Spam / phishing blocklist presence | fail | 0 | listed=true, response_code=0, answers=127.255.255.254 |
Performance· 100/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 8 | Mobile PageSpeed score + Core Web Vitals (LCP, FCP, CLS) | n/a | — | Scoring not yet implemented |
| 9 | HTTP/2 support | pass | 100 | perf_http2=true |
| 10 | Compression (Brotli / gzip) | pass | 100 | perf_compression=br |
| 30 | HTTP/3 support | pass | 100 | source=alt_svc, alt_svc=h3=":443"; ma=86400, supports_h3=true |
| 31 | IPv6 support | pass | 100 | aaaa_count=1, aaaa=2a03:2880:f36e:8d:face:b00c:0:2 |
| 32 | Image optimization (WebP/AVIF) | n/a | — | Scoring not yet implemented |
| 33 | Desktop PageSpeed score | n/a | — | Scoring not yet implemented |
| 34 | Core Web Vitals from CrUX (Real User Monitoring) | n/a | — | Scoring not yet implemented |
| 35 | Lazy loading on below-fold images | n/a | — | Scoring not yet implemented |
| 36 | Font loading strategy (FOUT/FOIT/swap) | n/a | — | Scoring not yet implemented |
| 37 | Total homepage byte weight | pass | 100 | html_bytes=512000, subresource_bytes=0, total_bytes=512000, total_kb=500, sampled=0, total_refs=0 |
| 38 | Largest unused JavaScript bundle | n/a | — | Scoring not yet implemented |
SEO· 54/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 11 | Title, meta description, OG, Twitter cards, canonical | pass | 80 | title=true, description=true, og=true, twitter=false, canonical=true |
| 12 | Schema.org structured data presence | n/a | — | Scoring not yet implemented |
| 13 | H1 tag presence | fail | 0 | h1_count=0 |
| 14 | Sitemap.xml + robots.txt presence | pass | 100 | has_robots_txt=true, has_sitemap=true |
| 39 | Schema.org type validity (parsed JSON-LD) | n/a | — | Scoring not yet implemented |
| 40 | Breadcrumb schema | fail | 0 | present=false |
| 41 | FAQ / HowTo schema (where applicable) | n/a | — | n/a — not_applicable |
| 42 | hreflang for multi-language sites | pass | 100 | html_lang=en, languages_seen=en, alternates=34, alternate_langs=x|en|es|de|nl|fr|pt|da|fi|it|ja|nb|pl|ko|sv|zh |
| 43 | Internal link depth (clicks from homepage to deepest content) | pass | 100 | max_depth=3, pages_fetched=50, pages_seen=98, capped_at=50 |
| 61 | Better Business Bureau accreditation | fail | 0 | no_link_on_site |
AI-readiness· 38/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 15 | llms.txt presence | fail | 0 | has_llms_txt=false |
| 16 | AI crawler robots.txt directives | pass | 100 | robots_ai_blocked_count=0 |
| 44 | AI plugin manifest (.well-known/ai-plugin.json) | fail | 0 | status=429 |
| 45 | JSON-LD richness score for LLMs | warn | 50 | org_complete=true, has_address=false, has_contact_point=false, has_same_as=true, has_content_type=false, breakdown={"coreOrg":25,"contact":0,"sameAs":25,"contentType":0} |
Privacy· 27/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 46 | Cookie banner presence + CMP detection | fail | 0 | banner_detected=false |
| 47 | Privacy policy page presence | fail | 0 | found=false |
| 48 | Terms of service page presence | fail | 0 | found=false |
| 49 | Third-party tracker count | pass | 80 | count=2, hosts=lookaside.fbsbx.com|static.xx.fbcdn.net |
| 50 | CCPA "Do Not Sell or Share My Personal Information" link | fail | 0 | found=false |
| 51 | Cookie scan — actual cookies set on first load | pass | 80 | count=1, names=locale, with_cmp=false |
Accessibility· 0/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 52 | Accessibility statement page | fail | 0 | found=false |
| 53 | axe-core / WAVE accessibility scan | n/a | — | Scoring not yet implemented |
| 54 | Image alt text coverage | n/a | — | Scoring not yet implemented |
| 55 | Heading hierarchy validity | n/a | — | Scoring not yet implemented |
| 56 | Color contrast (WCAG AA) | n/a | — | Scoring not yet implemented |
| 57 | ARIA labels presence and validity | n/a | — | Scoring not yet implemented |
| 58 | Skip-to-content link | n/a | — | Scoring not yet implemented |
Brand presence· 30/100
Email health· 51/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 1 | DMARC enforcement | pass | 100 | present=true, policy=reject |
| 2 | DKIM signing | fail | 0 | present=false |
| 3 | SPF record present and valid | fail | 40 | present=true, raw="v=spf1 redirect=_spf.fb.com" |
| 24 | MTA-STS & TLS-RPT | fail | 0 | policy_ok=false |
| 25 | BIMI + VMC | fail | 0 | no_bimi |
| 75 | Branded domain email address (vs free Gmail/Yahoo) | pass | 100 | branded=true, provider=generic |
| 76 | Email provider class (Workspace / 365 / Zoho / self-hosted / shared) | pass | 80 | provider=proofpoint, mx=mxa-00082601.gslb.pphosted.com|mxb-00082601.gslb.pphosted.com, source=mx_classifier |
| 77 | DMARC aggregate reporting enabled (rua=) | pass | 100 | has_dmarc_reporting=true, audit_flag=true, derived_from_raw=true, source=derived_from_raw, dmarc_raw="v=DMARC1; p=reject; pct=100; rua=mailto:a@dmarc.facebookmail.com" |
| 78 | Free-email exposure on contact page (gmail/yahoo/outlook visible) | pass | 100 | Scored |
| 79 | Newsletter signup form detected | fail | 0 | detected=false |
| 80 | Email Service Provider (ESP) detected | fail | 0 | Scored |
| 81 | Transactional email provider detected (from SPF includes) | fail | 0 | Scored |
| 82 | SPF lookup count (10-limit deliverability check) | pass | 100 | lookups=5, limit=10 |
| 84 | Mailto: direct contact link present | fail | 0 | Scored |
| 85 | Email forwarding service detected (improvmx, forwardemail, etc.) | pass | 100 | hosts=mxa-00082601.gslb.pphosted.com|mxb-00082601.gslb.pphosted.com, kind=unknown |
| 86 | Lead magnet / signup incentive detected (free download, ebook, etc.) | pass | 100 | detected=true, sample=DownloadTrackerWWW"],{"__rc":["ImageDownloadTrackerWWW",null]},-1],["cr:8958",["FBJSON"],{"__rc":["FBJSON",null]},-1],[" |
Scores are computed under method v0.1 — 2026-04-25. See the methodology for the full factor list and per-factor specifications.