Website & Performance Auditing

Find what’s broken before you spend on what’s not.

A diagnostic for the front-end of your business. Page speed, Core Web Vitals, accessibility, mobile experience, hosting, security, and conversion — measured on real devices, weighed against real thresholds, and returned as a prioritised fix list rather than a tool dump.

Get a free performance report → See what’s included

Sub-techniques covered · Page Speed · Core Web Vitals · Accessibility (WCAG 2.2 AA) · Hosting Review · Mobile Experience · Conversion Audit · Security Headers · Form Tracking

01 — What’s Included

Eight passes.
One written verdict.

A website audit from us is not a screenshot of Lighthouse with a logo on the cover. We cover eight distinct surfaces — the ones that determine whether your site loads quickly, ranks fairly, includes every visitor, and turns traffic into customers — and we hand back a written report that ties each finding to a specific business consequence.

The deliverable is a prioritised fix list, not a tool export. Quick wins are tagged separately so you can act on them inside the first fortnight without having to read the whole document end to end.

N° 01

Page speed

Field measurement

Real-device load times across your most important templates — homepage, primary service or category page, blog post, product or contact page — measured against the 3G mid-range-phone reality your visitors actually experience, not the gigabit fibre you tested on. We profile time to first byte, time to interactive, total blocking time, and total page weight, then identify the heaviest assets, the render-blocking scripts, and the third-party tags that are quietly costing you a second or two on every visit. Where a tag adds more weight than it justifies, we flag it.

N° 02

Core Web Vitals

Ranking signal

Largest Contentful Paint, Interaction to Next Paint, and Cumulative Layout Shift — Google’s three field metrics, measured against the 75th-percentile thresholds the algorithm actually uses for ranking. We read your Chrome User Experience Report data alongside lab measurements from Lighthouse, identify which of the three is failing and on which templates, and trace each failure back to its cause: late-loading hero images, unsized embeds, hydration-blocking JavaScript, font-display strategy, layout shift from injected ads or banners. Field data is the verdict; lab data is the debugger.

N° 03

Accessibility (WCAG 2.2 AA)

Inclusion & risk

Automated scanning catches roughly thirty per cent of accessibility issues. The other seventy per cent require human review. We run an axe-core sweep across the templates, then walk the site by hand with a screen reader and a keyboard — colour contrast, focus order, form labelling, heading hierarchy, alt-text quality, semantic landmarks, motion-reduction preferences, ARIA misuse. The deliverable is the WCAG 2.2 AA conformance gap, scored by severity and effort. Accessibility is now a legal exposure in most jurisdictions and a ranking signal in all of them. The audit makes the gap visible before it becomes either.

N° 04

Hosting & infrastructure review

Foundation

A read on whether the host itself is the bottleneck. Server response times across the day, caching configuration at server, application, and CDN layers, PHP or runtime version, database query latency on the heaviest pages, asset delivery via CDN versus origin. We check whether the host’s marketing copy matches the actual performance you’re getting, and whether the plan you’re paying for is sized correctly for your traffic. The most common single finding on this pass is a host that costs the same as a faster one — and switching is the highest-leverage fix on the page.

N° 05

Mobile experience

Primary surface

More than half of your traffic arrives on a phone, and on most sites the phone version is a desktop layout that learned to shrink. We test on real devices across iOS and Android, audit touch-target sizes, tap-delay behaviour, scroll performance, font legibility at 320 px wide, the way menus and forms behave on a thumb, and the parity between what the desktop visitor sees and what the mobile visitor gets. Anything missing on mobile is effectively missing from your site as far as Google is concerned, and we surface those gaps explicitly.

N° 06

Conversion audit

Business outcome

A heuristic walkthrough of the paths that turn a visitor into a customer — homepage to service page to enquiry, category to product to checkout, landing page to lead form. We map the friction: ambiguous calls to action, forms that ask for more than they need, trust signals that are missing where the decision is being made, social proof in the wrong place, copy that hedges where it should commit. The output is not abstract conversion-rate-optimisation theory; it’s a list of specific, page-level changes ordered by expected impact on the actual business outcome you’re chasing.

N° 07

Security headers & hardening

Surface area

A baseline review of the security posture exposed at the HTTP layer — Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, Referrer-Policy, Permissions-Policy, CORS configuration — and at the application layer for WordPress and other CMS sites. SSL configuration, cipher suite, login hardening, file permissions, plugin and theme inventory, and the obvious exposed paths that automated bots probe within hours of going live. We grade the site against a clear standard, document the gaps, and flag the ones that are exploitable today versus the ones that are merely best-practice debt.

N° 08

Form tracking & analytics health

Measurement

Whether the data you rely on to make decisions is actually correct. We verify that GA4 is firing on every meaningful event, that conversion goals are configured against real form submissions and not pageviews of a thank-you URL, that bot traffic is being filtered, that referrer attribution is intact across the conversion path, and that tag-manager triggers are not silently double-counting or dropping events. Most sites we audit are running on a measurement layer that disagrees with reality somewhere; this pass is how that gets surfaced before another quarter of decisions is made on the wrong numbers.

02 — Our Approach

Diagnose first.
Then prescribe.

The discipline of auditing well sits in the gap between running a tool and writing a recommendation. Anyone can export a Lighthouse score; very few will sit with that score long enough to tell you which line of it actually matters for your business — and which would cost more to fix than the lift would justify.

Real devices, real conditions

Synthetic Lighthouse scores on a desktop development machine are useful as a debugger and misleading as a verdict. We measure on actual phones across actual networks, against the field data Google collects from your real visitors. The numbers in the report are the ones that affect rankings and conversion — not the inflated scores that look good in a screenshot but never show up where the decision is being made.

Impact, not noise

Every audit tool we run produces dozens of warnings; most of them are noise on any given site. The work of an audit is sitting with the raw output long enough to separate the issues that genuinely affect performance, rankings, or conversion from the ones that look alarming on a dashboard but rarely move anything. The report names the few items worth fixing and explains why the rest were excluded.

iii

Quick wins flagged separately

The fix list is split into two streams — quick wins and structural work. Quick wins are findings where impact is high, effort is low, and confidence is near-certain: an unoptimised hero image, a render-blocking script that can be deferred, a missing security header, a form that loses 30 per cent of submissions to a phantom required field. Tagging them separately means you can act on them inside the first fortnight without commissioning a rebuild.

Written report, not a tool dump

The deliverable is a written document that a non-technical stakeholder can read in twenty minutes. Charts and tables where they earn their place; sentences and paragraphs everywhere else. We do not hand over a raw Lighthouse export with a cover slide. Every finding is contextualised, every recommendation is justified by evidence, and the report functions as a roadmap an in-house team or any other agency could execute against.

03 — Who It’s For

When an audit beats
a rebuild.

An audit is the right first move when you suspect something is wrong but cannot point at it, when a redesign quote feels expensive without diagnosis to justify it, or when you want an independent read on the work someone else has done. Not every site needs a rebuild — and the audit is how you find out which side of that line you’re on.

Most audit clients arrive in one of five situations — the work is the same, the framing differs.

i Sites that feel slow but score “fine” on free toolsThe PageSpeed dashboard says you’re green; the visitors say it’s sluggish. The audit reconciles the two — usually a gap between the synthetic Lighthouse number and the field data Google actually uses.
ii Owners weighing a redesign quoteYou’ve been quoted twenty or fifty thousand for a rebuild. Before you spend it, you want to know whether the existing site has structural problems or just a handful of high-leverage fixes. The audit answers that question for a fraction of the rebuild fee.
iii Conversions flat despite decent trafficThe traffic curve is fine, the conversion curve is not. The audit identifies whether the leak is in performance, mobile experience, form friction, trust signals, or the measurement layer telling you the wrong story about what’s happening.
iv Businesses inheriting a websiteNew ownership, new marketing leadership, an acquired brand. The site exists, it earns some traffic, and you need a documented read on what you have actually inherited before you commit to a roadmap or a budget.
v Compliance & accessibility-driven auditsProcurement, government tendering, public-sector requirements, or simply a board that has decided WCAG conformance is no longer optional. The audit produces the conformance gap report and the prioritised remediation plan that goes back to the board.

An audit is distinct from an SEO audit, which focuses on search visibility — crawl, index, content, links. This audit focuses on the front-end: performance, accessibility, mobile, conversion. The two are complementary and most sites benefit from both, but they answer different questions and we run them as separate engagements.

04 — A complimentary report

Wondering why your site feels slow?

Send us your URL. We’ll send back a Premium Performance Report within 48 hours — page speed, Core Web Vitals, accessibility, and a prioritised fix list ranked by impact on rankings and conversion.

No sales call required.

“

The cost of a rebuild is what you spend before you know what was broken. Diagnosis is cheaper than prescription, and almost always more useful.

— The Aureole Practice —

05 — Frequently Asked

What clients ask
about audits.

If a question is missing here, the contact link at the foot of the page goes straight to the person who would answer it. No ticket queues, no funnels.

i How is this different from an SEO audit?

An SEO audit asks whether search engines can find, crawl, render, and rank your pages — its surfaces are crawl, index, content, links, and schema. This performance audit asks whether the visitors who do arrive get a fast, accessible, conversion-friendly experience — its surfaces are speed, Core Web Vitals, accessibility, mobile, hosting, security, and the conversion paths themselves. The two overlap on Core Web Vitals and on the technical-foundation pieces, but they answer different questions for different audiences. Most sites benefit from both. If you’re not sure which one you need first, the free Performance Report below is the fastest way to find out, and our SEO Auditing page covers the search-visibility angle in detail.

ii How long does the audit take?

A standard performance audit takes one to two weeks from kickoff to written report. The first few days are data collection — real-device performance testing, Core Web Vitals review, accessibility sweep, hosting profile, mobile walk-through, conversion-path mapping, security-header check, and analytics verification. The second half is interpretation and writing — separating noise from signal, ranking each finding by impact and effort, and producing a document that a non-technical stakeholder can read and act on. Larger sites or sites with unusual stacks (headless front-ends, heavy JavaScript hydration, multi-region hosting) can stretch the timeline by another week. We scope honestly upfront and we will not start the audit until you’ve signed off on what’s included.

iii Do I need an audit if I already have a rebuild quote in hand?

Almost always, yes. A rebuild quote without a diagnosis attached is a guess about what to fix; the audit is how you find out whether the rebuild is justified, partially justified, or premature. We have run audits for clients who arrived expecting a complete rebuild and walked away with a six-week fix list that lifted Core Web Vitals into the green and rescued a third of their conversion rate without touching the design. We have also run audits where the verdict was unambiguous — the foundation is too compromised to repair economically, and the rebuild is the right call. Either way, the audit reduces the risk of spending money on the wrong intervention, and the document is the record you take into the rebuild conversation if it does turn out to be necessary.

iv What does the report look like?

The report is a written PDF, typically twenty to forty pages depending on the size of the site and the depth of the findings. The structure is consistent: executive summary on the front page in plain English (the three to five things that matter most); methodology and scope; findings organised by surface — page speed, Core Web Vitals, accessibility, hosting, mobile, conversion, security, analytics; and a prioritised fix list at the back, scored by impact, effort, and confidence. Quick wins are tagged separately. We deliver the PDF alongside a one-page plain-English summary that any non-technical stakeholder can skim in five minutes and take into a board meeting without translation.

v Do you do the fixes, or just the report?

Both, depending on what you want. Many clients commission a one-off audit with no further commitment — the report is the deliverable, and they take it back to an in-house team or another agency to execute against. Others use the audit as the opening engagement of a focused remediation project, where we do the high-priority fixes ourselves over the following four to eight weeks. Where deeper changes need your developer or hosting provider, we write a precise specification and stay involved through QA and verification rather than throwing the document over the wall. The audit is gated only by your decision about who runs the fix list, not by ours.

vi Can the free Performance Report replace a paid audit?

Sometimes, for smaller sites. The free Performance Report is a focused 48-hour read that covers page speed, Core Web Vitals, accessibility headlines, hosting verdict, and the five highest-leverage fixes — enough to act on for a brochure site or a blog where the conversion paths are simple. The paid audit covers all eight surfaces in depth, walks the site by hand for accessibility and conversion friction, verifies the analytics layer, and produces the document that holds up in a board conversation or a procurement file. If you’re weighing a rebuild quote, defending an accessibility position, or trying to explain a conversion drop to a board, the paid audit is the right deliverable. If you’re checking whether your site is broadly healthy and want a starting point, the free report is genuinely useful.

06 — Connected Practice

Auditing sits inside
a wider practice.

An audit is rarely the end of the conversation; it is the diagnostic that informs the next one. The link below returns to the parent service. The pills below extend laterally to the sister sub-disciplines of Web Design & Development, the search-visibility audit angle, and the adjacent services that compound when engaged together.

Parent service

The Invitation

Ready for an honest
read on your site?

Start with the free Performance Report, or commission a full audit. Either way, the report comes from the team that would run the remediation work afterwards — not a sales department.

Get in touch → Or request a free Performance Report

Mon–Fri · 9–6 PT support@aureoleintelligence.com Reply within 1 business day