Blog Auditope
Insights from the audit pipeline
Concrete, actionable articles on what we see in audits — what breaks, what to fix, and how to measure compliance.
What our first 100 audits reveal about EU web health (and where it hurts)
We've now run ~100 audits across Romanian SMBs, EU agencies, and a handful of fintech sites since launching. The aggregate data is grim and instructive. Median health score 58/100. 78% fail at least one EAA criterion. 91% miss DNSSEC. Here's what's broken at the population level — and the 3 patterns that explain most failures.
Read more →
8 cookie dark patterns CNIL is fining in 2026 (and how to detect them)
CNIL fined €486.8M in 2025 + €42M in Jan 2026 (Free Mobile + Free SAS) for cookie banner dark patterns. Here are the 8 specific patterns being penalized, with detection criteria and concrete fix examples.
Read more →
WCAG 2.2 EAA tactical checklist — the 23 things to fix before audit
European Accessibility Act came into force June 28, 2025. WCAG 2.2 AA is the de-facto compliance baseline. This is the tactical checklist — 23 concrete fixes that get most EU sites from failing to passing. Ordered by impact-to-effort ratio.
Read more →
EU AI Act Article 50: are you ready for August 2026?
Hard deadline 2 August 2026: every website with a chatbot or AI-generated content must disclose it. Penalties up to €35M or 7% global revenue. Here's the technical checklist.
Read more →
What is GEO (Generative Engine Optimization)? A practical 2026 primer
GEO is to ChatGPT and Perplexity what SEO is to Google. By 2026, an estimated 15-20% of search queries start in an LLM, not a search engine. If your content isn't structured for AI citation, you're invisible to that traffic. Here's what GEO is, what's different from SEO, and the 5 concrete things to do this quarter.
Read more →
DNSSEC mandate March 2026 will block your SSL renewal (and almost no audit tool warns)
CA/B Forum ballot SC-085v2 makes DNSSEC validation mandatory for certificate issuance from 15 March 2026. Misconfigured DNSSEC = no SSL renewal. Less than 10% of audit tools check this — Auditope does.
Read more →
How to read your AuditOPE report (every section explained)
First time getting an AuditOPE report? It's dense — 22 phases, dozens of findings, health score 0-100, severity badges, fix-effort minutes. This walkthrough explains each section: what to fix first, what to ignore (it depends), and how to use the JSON export in your CI pipeline.
Read more →
AI crawler robots.txt: block training, allow retrieval (2026 best practice)
Not all AI crawlers are equal. Training bots (GPTBot, CCBot) scrape for model data with zero attribution. Retrieval bots (ChatGPT-User, ClaudeWeb) fetch in real-time and cite you. Here's the per-bot policy that maximizes AI visibility.
Read more →
AuditOPE vs Screaming Frog: when desktop crawler beats SaaS (and vice versa)
Screaming Frog v24 is the gold standard for technical SEO crawling — flexible, scriptable, runs on your machine. AuditOPE is the opposite: zero install, SaaS, bilingual PDF + compliance evidence. They're complementary, not competing. Here's when to pick which.
Read more →
AuditOPE vs Semrush: when to use which (and why we don't compete on backlinks)
Semrush has the best backlink graph in the industry. We don't try to beat that. Our wedge is EU compliance depth (NIS2, EAA, DORA, AI Act) bundled with technical SEO + GEO — none of which Semrush ships natively. Here's the honest comparison so you can pick the right tool for each job.
Read more →
INP replaced FID in 2024 — what changed and why your old Lighthouse score lies
First Input Delay was deprecated September 2024. INP (Interaction to Next Paint) measures the full interaction window — clicks, taps, keypresses — to next visible paint. Threshold: 200ms p75. Many sites that scored 'Good' on FID fail INP badly.
Read more →
AuditOPE vs Sitechecker: which to pick when EU sovereignty matters
Sitechecker is a great SEO audit tool with good UX. But it runs on AWS US-East and uses OpenAI for AI synthesis. For EU teams that need GDPR, NIS2, EAA, and DORA compliance with zero US data transit, the only correct answer in 2026 is a sovereign EU stack. Here's a head-to-head.
Read more →
GEO / AEO: How to get cited in ChatGPT, Claude, Perplexity
Generative Engine Optimization is the new SEO. Princeton & Georgia Tech research (2024) shows AI engines prefer self-contained 134-167 word passages. Here's how to structure your content for citability.
Read more →
Core Web Vitals 2026: INP replaced FID, what changed
INP (Interaction to Next Paint) became the Core Web Vital in March 2024, replacing FID. Targets are stricter (good = ≤200ms vs FID ≤100ms). Here's how to audit and fix INP regressions.
Read more →
Security headers: from D to A+ in 30 minutes
Most production sites score D or E on Mozilla Observatory and Securityheaders.com. Six headers (CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, COEP/COOP) move you to A+ — here's the recipe.
Read more →
GDPR & ANSPDCP: Concrete checklist for SMBs
ANSPDCP (Romanian DPA) issued €19M+ in fines in 2024-2025. Most violations are preventable. Here's an 8-point pre-launch checklist focused on cookies, consent, retention, and data subject rights.
Read more →
WCAG 2.2 + EU Accessibility Act: What changed June 2025
EU Accessibility Act (Directive 2019/882) became enforceable on 28 June 2025. WCAG 2.2 added 9 new success criteria. Together, they extend accessibility obligations to most B2C digital services.
Read more →