Puzzles Consulting

# QA Report: https://puzzlesconsulting.com **Client:** Flowsly **Overall Score:** 92/100 **Date:** 2026-03-24 The website audit reveals several technical and structural opportunities to improve site security and search engine performance. The most urgent priority is implementing the missing security header to ensure encrypted connections, alongside critical fixes for your page titles and headings to better support search rankings. We recommend prioritizing these configuration updates immediately to protect site integrity and enhance your visibility in search results. **Issues:** 1 critical · 5 high · 6 medium · 3 low ## SEO (72/100) - **[HIGH]** Title too short - <title> is 18 chars: "Puzzles Consulting". Google may rewrite it. - Fix: Expand to 50-60 characters. - **[HIGH]** Missing meta description - No <meta name="description"> found. - Fix: Add a meta description of 120-160 chars. - **[HIGH]** Multiple H1 tags (3) - Found 3 H1 tags: "Small pieces build a BIG puzzle."; "Your growth journey starts"; "HERE!". Confuses search engines about the page topic. - Fix: Keep only one H1 — the primary page heading. Remove or demote the others to H2. - **[HIGH]** Heading hierarchy skip - Heading jumps from H2 to H5: "Contact Us" - Fix: Use H3 instead of H5 here. - **[MEDIUM]** Missing og:title - <meta property="og:title"> not found. - Fix: Add og:title for better social sharing previews. - **[MEDIUM]** Missing og:description - <meta property="og:description"> not found. - Fix: Add og:description for better social sharing previews. - **[MEDIUM]** Missing og:image - <meta property="og:image"> not found. - Fix: Add og:image for better social sharing previews. - **[MEDIUM]** Missing twitter:card - No twitter:card meta tag found. - Fix: Add <meta name="twitter:card" content="summary_large_image">. ## Technical (78/100) - **[CRITICAL]** Missing HSTS header - The HSTS HTTP response header is not set. - Fix: Add to your server/CDN/nginx config: Strict-Transport-Security: max-age=31536000; includeSubDomains - **[HIGH]** Missing X-Content-Type-Options header - The X-Content-Type-Options HTTP response header is not set. - Fix: Add to your server/CDN/nginx config: X-Content-Type-Options: nosniff - **[MEDIUM]** Missing X-Frame-Options header - The X-Frame-Options HTTP response header is not set. - Fix: Add to your server/CDN/nginx config: X-Frame-Options: SAMEORIGIN - **[MEDIUM]** Missing Content-Security-Policy header - The Content-Security-Policy HTTP response header is not set. - Fix: Add to your server/CDN/nginx config: Content-Security-Policy: default-src 'self'; img-src * data:; script-src 'self' (customize per stack) - **[LOW]** Missing Referrer-Policy header - The Referrer-Policy HTTP response header is not set. - Fix: Add to your server/CDN/nginx config: Referrer-Policy: strict-origin-when-cross-origin - **[LOW]** Missing Permissions-Policy header - The Permissions-Policy HTTP response header is not set. - Fix: Add to your server/CDN/nginx config: Permissions-Policy: camera=(), microphone=(), geolocation=() - **[LOW]** 4 cookie(s) missing SameSite attribute - Cookies without SameSite may be sent on cross-site requests: __cf_bm, __cf_bm, __cf_bm - Fix: Set SameSite=Lax or Strict on all cookies.