/ / d / netflix.com
netflix.com
50 / 100
overall · band: medium
Categories
Security48/ 100 · 9 measured
Performance50/ 100 · 8 measured
SEO33/ 100 · 7 measured
AI-readiness50/ 100 · 4 measured
Privacy13/ 100 · 6 measured
Accessibility61/ 100 · 5 measured
Brand presence27/ 100 · 16 measured
Email health63/ 100 · 16 measured
Site facts
- Snapshot date
- 2026-04-26
- Factors scored
- 71 / 86
- Composite score
- 50/100
- Method version
- v0.1 — 2026-04-25
Security· 48/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 4 | Security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, X-Content-Type-Options) | warn | 60 | security_headers_score=60, missing=Content-Security-Policy|Referrer-Policy|Permissions-Policy |
| 5 | SSL certificate validity & expiration window | n/a | — | Scoring not yet implemented |
| 6 | WordPress REST API user enumeration exposure | pass | 100 | not_wordpress |
| 7 | Sensitive path exposure (.git, .env, /admin, xmlrpc.php, wp-login.php) | pass | 100 | total_checked=6 |
| 22 | DNSSEC validation | fail | 0 | ds_present=false, ad_bit=false |
| 23 | CAA records | fail | 0 | records=\# 19 00 05 69 73 73 75 65 64 69 67 69 63 65 72 74 2e 63 6f 6d|\# 22 00 05 69 73 73 75 65 6c 65 74 73 65 6e 63 72 79 70 74 2e 6f 72 67|\# 15 00 05 69 73 73 75 65 70 6b 69 2e 67 6f 6f 67, has_issue=false, has_iodef=false |
| 26 | HSTS preload list inclusion | fail | 0 | hsts_header=max-age=31536000; includeSubDomains, preload_status=unknown |
| 27 | TLS minimum version & cipher suite quality | warn | 70 | status=READY, grades=B|B|B|B|B, worst=B |
| 28 | Subdomain takeover surface | pass | 100 | findings={"subdomain":"www.netflix.com","cname":"www.prod.ftl.netflix.com.","dangling":false}|{"subdomain":"api.netflix.com","cname":"api.dradis.netflix.com.","dangling":false}|{"subdomain":"app.netflix.com","cname":"www.netflix.com.","dangling":fal… |
| 29 | Spam / phishing blocklist presence | fail | 0 | listed=true, response_code=0, answers=127.255.255.254 |
Performance· 50/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 8 | Mobile PageSpeed score + Core Web Vitals (LCP, FCP, CLS) | warn | 51 | performance_score=41, lcp_ms=7166.005143239188, cls=0, components={"perf":41,"lcp":30,"cls":100} |
| 9 | HTTP/2 support | n/a | — | Scoring not yet implemented |
| 10 | Compression (Brotli / gzip) | pass | 80 | perf_compression=gzip |
| 30 | HTTP/3 support | fail | 0 | supports_h3=false |
| 31 | IPv6 support | pass | 100 | aaaa_count=3, aaaa=2600:1f14:62a:de82:822d:a423:9e4c:da8d|2600:1f14:62a:de81:b848:82ee:2416:447e|2600:1f14:62a:de80:69a8:7b12:8e5f:855d |
| 32 | Image optimization (WebP/AVIF) | fail | 30 | id=image-delivery-insight, lighthouse_score=0, displayValue=Est savings of 90 KiB |
| 33 | Desktop PageSpeed score | n/a | — | Scoring not yet implemented |
| 34 | Core Web Vitals from CrUX (Real User Monitoring) | n/a | — | Scoring not yet implemented |
| 35 | Lazy loading on below-fold images | fail | 40 | id=image-delivery-insight, lighthouse_score=0, displayValue=Est savings of 90 KiB |
| 36 | Font loading strategy (FOUT/FOIT/swap) | fail | 0 | id=font-display-insight, lighthouse_score=0.5 |
| 37 | Total homepage byte weight | pass | 100 | html_bytes=512000, subresource_bytes=0, total_bytes=512000, total_kb=500, sampled=0, total_refs=0 |
| 38 | Largest unused JavaScript bundle | n/a | — | Scoring not yet implemented |
SEO· 33/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 11 | Title, meta description, OG, Twitter cards, canonical | pass | 80 | title=true, description=true, og=true, twitter=true, canonical=false |
| 12 | Schema.org structured data presence | fail | 0 | structured_data_absent |
| 13 | H1 tag presence | fail | 0 | h1_count=0 |
| 14 | Sitemap.xml + robots.txt presence | warn | 50 | has_robots_txt=true, has_sitemap=false |
| 39 | Schema.org type validity (parsed JSON-LD) | n/a | — | Scoring not yet implemented |
| 40 | Breadcrumb schema | fail | 0 | present=false |
| 41 | FAQ / HowTo schema (where applicable) | n/a | — | n/a — not_applicable |
| 42 | hreflang for multi-language sites | n/a | — | n/a — single_language |
| 43 | Internal link depth (clicks from homepage to deepest content) | pass | 100 | max_depth=0, pages_fetched=0, pages_seen=1, capped_at=50 |
| 61 | Better Business Bureau accreditation | fail | 0 | no_link_on_site |
AI-readiness· 50/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 15 | llms.txt presence | fail | 0 | has_llms_txt=false |
| 16 | AI crawler robots.txt directives | pass | 100 | robots_ai_blocked_count=0 |
| 44 | AI plugin manifest (.well-known/ai-plugin.json) | pass | 100 | status=200 |
| 45 | JSON-LD richness score for LLMs | fail | 0 | org_complete=false, has_address=false, has_contact_point=false, has_same_as=false, has_content_type=false, breakdown={"coreOrg":0,"contact":0,"sameAs":0,"contentType":0} |
Privacy· 13/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 46 | Cookie banner presence + CMP detection | fail | 0 | banner_detected=false |
| 47 | Privacy policy page presence | fail | 0 | found=false |
| 48 | Terms of service page presence | fail | 0 | found=false |
| 49 | Third-party tracker count | pass | 80 | count=2, hosts=assets.nflxext.com|help.nflxext.com |
| 50 | CCPA "Do Not Sell or Share My Personal Information" link | fail | 0 | found=false |
| 51 | Cookie scan — actual cookies set on first load | fail | 0 | count=5, names=flwssn|nfvdid|SecureNetflixId|NetflixId|gsid, with_cmp=false |
Accessibility· 61/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 52 | Accessibility statement page | fail | 0 | found=false |
| 53 | axe-core / WAVE accessibility scan | pass | 87 | accessibility_category=0.87 |
| 54 | Image alt text coverage | n/a | — | Scoring not yet implemented |
| 55 | Heading hierarchy validity | fail | 30 | lighthouse_score=0 |
| 56 | Color contrast (WCAG AA) | pass | 100 | lighthouse_score=1, failing_count=0 |
| 57 | ARIA labels presence and validity | pass | 86 | total_aria_audits=22, applicable=7, passing=6, failing=aria-hidden-focus |
| 58 | Skip-to-content link | n/a | — | Scoring not yet implemented |
Brand presence· 27/100
Email health· 63/100
| # | Factor | Verdict | Score | Evidence |
|---|---|---|---|---|
| 1 | DMARC enforcement | pass | 100 | present=true, policy=reject |
| 2 | DKIM signing | pass | 100 | present=true, selector=google, source=doh_probe |
| 3 | SPF record present and valid | pass | 100 | present=true, raw="v=spf1 include:_spf_ipv4.netflix.com include:_spf.google.com include:amazonses.com include:servers.mcsv.net include:_spf.salesforce.com include:_spf.createsend.com -all", qualifier=hardfail |
| 24 | MTA-STS & TLS-RPT | fail | 0 | policy_ok=false |
| 25 | BIMI + VMC | fail | 0 | no_bimi |
| 75 | Branded domain email address (vs free Gmail/Yahoo) | pass | 100 | branded=true, provider=google |
| 76 | Email provider class (Workspace / 365 / Zoho / self-hosted / shared) | pass | 100 | provider=google |
| 77 | DMARC aggregate reporting enabled (rua=) | pass | 100 | has_dmarc_reporting=true, audit_flag=true, derived_from_raw=true, source=derived_from_raw, dmarc_raw="v=DMARC1; p=reject; fo=1; rua=mailto:netflix@rua.netcraft.com,mailto:dmarcreports@netflix.com,mailto:dmarc_agg@dmarc.250ok.net;ruf=mailto:netflix@r… |
| 78 | Free-email exposure on contact page (gmail/yahoo/outlook visible) | fail | 0 | addresses=inexorabletash@gmail.com |
| 79 | Newsletter signup form detected | fail | 0 | detected=false |
| 80 | Email Service Provider (ESP) detected | pass | 100 | providers=Mailchimp|Campaign Monitor |
| 81 | Transactional email provider detected (from SPF includes) | pass | 100 | providers=Amazon SES|Salesforce |
| 82 | SPF lookup count (10-limit deliverability check) | pass | 100 | lookups=7, limit=10 |
| 84 | Mailto: direct contact link present | fail | 0 | Scored |
| 85 | Email forwarding service detected (improvmx, forwardemail, etc.) | pass | 100 | hosts=aspmx.l.google.com|aspmx2.googlemail.com|aspmx3.googlemail.com|alt1.aspmx.l.google.com|alt2.aspmx.l.google.com, provider=Google Workspace, kind=branded |
| 86 | Lead magnet / signup incentive detected (free download, ebook, etc.) | fail | 0 | detected=false |
Scores are computed under method v0.1 — 2026-04-25. See the methodology for the full factor list and per-factor specifications.