Cum citești raportul AuditOPE (fiecare secțiune explicată)

ℹ️ Articol disponibil în engleză. O versiune română completă va fi publicată în curând.

When you run an AuditOPE audit, you get back a multi-page PDF and a JSON export. Both contain the same data, structured differently. New users sometimes feel overwhelmed: 50 findings? Where do I even start? This article walks through every section so you know what to prioritize.

Page 1 — Executive summary

Health score 0-100. A weighted composite across all 22 phases. 90+ is excellent (rare), 70-89 is healthy with room to improve, 50-69 is concerning, <50 is a fire. The weighting prioritizes security and compliance over SEO polish — a critical finding (e.g., expired TLS) drops your score more than a missing meta description.

Severity counts. Critical / High / Medium / Low / Info. Always fix Critical first — these are active vulnerabilities or compliance violations with immediate exposure (Magecart skimmer detected, expired SSL, missing AI Act Article 50 disclosure if you use AI chatbots).

Page 2 — Top 10 actions

A pre-prioritized list of the 10 highest-impact fixes, sorted by severity then effort. Each line shows: rule_id, severity badge, title, target URL, fix effort in minutes. Start here. The top 10 typically cover 80% of the score improvement potential.

Pages 3-N — Findings by category

Findings are grouped into 7 categories. Each shows what we found, why it matters, how to fix it, references.

• SECURITY — TLS, security headers, CSP depth, SRI, mixed content, email auth (DMARC/DKIM/SPF), DNSSEC, CAA, API security probes.
• PERFORMANCE — Lighthouse 12 mobile + desktop, Core Web Vitals (LCP/INP/CLS), bundle size, HTTP/3 support, image optimization.
• SEO — meta tags, structured data depth, hreflang, sitemap, robots.txt, OG/Twitter/LinkedIn share previews.
• ACCESSIBILITY — WCAG 2.2 AA via axe-core, EAA compliance presence, image alt coverage, color contrast, keyboard nav.
• COMPLIANCE — GDPR cookie banner dark-patterns, AI Act Article 50, NIS2 web-facing controls, EAA, DORA (fintech only), PCI DSS 4.0.1 (e-commerce only).
• GEO — Generative Engine Optimization: AI crawler robots.txt segmentation, MCP discovery, schema.org v30 AI citation readiness, brand presence (sameAs).
• INFRA — DNS, hosting green status (CO2 estimate), CDN detection, headers diagnostics.

How to prioritize

1. Critical findings — fix this week. These are active risks.
2. High + low effort — high severity, <30 min to fix. Quick wins.
3. Top 10 list page 2 — pre-sorted by ROI.
4. Medium findings — fold into next sprint.
5. Low/Info — fix opportunistically. Some are educational ("you don't have MCP — should you?").

What to ignore (it depends)

Not every finding applies to every site. Use judgment:

• PCI DSS findings — only relevant if you process card payments on-site. If you redirect to Stripe Checkout, you're out of scope.
• DORA findings — only apply to EU financial entities. We auto-skip if no fintech keywords detected.
• AI Act Article 50 — only if you have an AI chatbot or generated content. Static marketing sites are exempt.
• MCP recommendation — only relevant for SaaS/API providers. Brochure sites can skip.

The JSON export — for engineering teams

Every audit also produces a .json file with the full structured data. This is what you use in CI: parse the health score, fail the build if it drops below a threshold, gate deploys on critical/high findings. The Bearer API lets you re-run audits programmatically — write to support@auditope.com for API key + JSON schema reference.

Regression monitoring (Pro only)

If you schedule recurring audits, we compute deltas between consecutive runs. If health score drops or new critical findings appear, you get an email + push notification — "regression on yoursite.com: health 87 → 62, new finding pci-dss-magecart-indicators-detected". This is the value of an annual Pro pack vs one-off audits.

Questions about specific findings? Email support@auditope.com — we'll explain.