B83%
Quality Score
6
Pages
102
Issues
7.6
Avg Confidence
7.9
Avg Priority
35 Critical55 High12 Medium
>_ Testers.AI
AI Analysis
House of Fraser scored B (85%) with 102 issues across 6 tested pages, ranking #6 of 22 UK retail sites. That's 22 fewer than the 123.7 category average (73rd percentile).
Top issues to fix immediately: "Multiple Failed Resource Loads - DNS Resolution Errors" โ 1) Identify which specific resources are failing to resolve by checking the Network tab in DevTools; "Broken Resources Loading Preventing Core Functionality" โ Investigate the failed resource requests in the network tab; "Suspicious Obfuscated URL Path Detected in Production Traffic" โ Immediately investigate the source of this URL request: (1) Review server logs and WAF logs for this request pattern,....
Weakest area โ accessibility (5/10): Several accessibility concerns: small text in some areas, insufficient color contrast in places, lack of visible alt-text strat...
Quick wins: Improve color contrast ratios throughout the page to meet WCAG AA standards, particularly in product category labels.... Add descriptive aria-labels and alt-text to all carousel images and product thumbnails for screen reader users.
Qualitative Quality
House of Fraser
Category Avg
Best in Category
Pages Tested ยท 6 screenshots
Homepage
houseoffraser.co.uk
houseoffraser.co.uk
houseoffraser.co.uk
houseoffraser.co.uk
houseoffraser.co.uk
Detected Issues ยท 102 total
1
Multiple Failed Resource Loads - DNS Resolution Errors
CRIT P9
Prompt to Fix
We have 5 ERR_NAME_NOT_RESOLVED errors in the console indicating failed resource loads. The error message is '[ERROR] Failed to load resource: net::ERR_NAME_NOT_RESOLVED'. Please: 1) Check the Network tab to identify which URLs are failing to resolve, 2) Verify all API endpoint URLs in the application config are correct and match deployed infrastructure, 3) Add comprehensive error handling that logs which specific resource failed and why, 4) Implement a retry mechanism for critical resources with exponential backoff, 5) Add user-facing error messages to inform users when resources fail to load.
Why it's a bug
Multiple ERR_NAME_NOT_RESOLVED errors indicate that the application is attempting to load resources from domains that cannot be resolved. This suggests either misconfigured API endpoints, broken resource URLs, or infrastructure issues. With 5 consecutive failures, this is likely to impact core functionality and user experience significantly. Users may experience broken features, missing assets, or failed API calls.
Why it might not be a bug
These could be transient network issues or expected fallback behaviors if the application gracefully handles missing resources. However, the repeated nature and lack of visible error recovery suggests this is a real problem.
Suggested Fix
1) Identify which specific resources are failing to resolve by checking the Network tab in DevTools. 2) Verify all API endpoints and resource URLs are correctly configured in the environment variables or config files. 3) Ensure DNS records are properly set up for any external services. 4) Add proper error handling and user-facing error messages when resources fail to load. 5) Implement retry logic with exponential backoff for critical resources.
Why Fix
Failed resource loads directly break user-facing functionality. This prevents the application from operating correctly and degrades user experience. Fixing this ensures users can access all features and data they need.
Route To
Backend/DevOps Engineer, Infrastructure Engineer
Page
Tester
Sharon ยท Security TesterTechnical Evidence
Console:
[ERROR] Failed to load resource: net::ERR_NAME_NOT_RESOLVEDNetwork:
net::ERR_NAME_NOT_RESOLVED (x5)2
Broken Resources Loading Preventing Core Functionality
CRIT P9
Prompt to Fix
There are 5 network resource loading failures showing 'net::ERR_NAME_NOT_RESOLVED' errors in the console. These indicate DNS resolution or network connectivity issues with external dependencies. Audit all API endpoints, CDN URLs, and third-party service domains referenced in the application. Verify DNS records are properly configured, CORS headers are correct, and all external service URLs are accurate. Implement proper error handling with user-visible feedback when resources fail to load, and provide fallback mechanisms for critical functionality.
Why it's a bug
The console shows multiple 'Failed to load resource: net::ERR_NAME_NOT_RESOLVED' errors. These resource failures are likely preventing critical functionality from working properly. Users may experience broken features, missing styles, or non-functional interactive elements that appear present but don't work. This creates a confusing experience where the UI looks functional but key features fail silently.
Why it might not be a bug
The visible UI elements appear to render, so some fallback styling may be in place. However, the number and severity of resource failures suggests core functionality is compromised.
Suggested Fix
Investigate the failed resource requests in the network tab. Ensure all external resources (APIs, CDN assets, third-party libraries) have correct URLs and proper DNS resolution. Verify that API endpoints are responding and domains are correctly configured. Implement proper error handling and fallbacks for critical resources.
Why Fix
Unresolved resource failures will cause user-facing features to fail, leading to frustration and abandoned tasks. Users will encounter non-functional buttons, missing data, or broken interactive elements, destroying trust in the platform.
Route To
Backend Engineer / DevOps / Infrastructure Engineer
Page
Tester
Mia ยท Usability TesterTechnical Evidence
Elements:
All interactive elements potentially affected by failed resource loadingConsole:
[error] Failed to load resource: net::ERR_NAME_NOT_RESOLVED (appears 5 times)Network:
Multiple failed DNS resolution attempts for external resourcesPage Text:
N/A - Infrastructure issue not visible in page content3
Suspicious Obfuscated URL Path Detected in Production Traffic
CRIT P9
Prompt to Fix
Investigate the suspicious obfuscated URL request to 'https://www.houseoffraser.co.uk/kysaL0xGh/1xjKY77i_/FuAm9ty/CY/9w9JVQ9z1pYOJpOE/Pyd0AQ/ZV19e/EkPZG0B' found in production network traffic. This path doesn't match legitimate Next.js application routing patterns. (1) Search the entire codebase for this URL or any code generating random path segments, (2) Check if any third-party scripts or analytics libraries are making unexpected requests, (3) Review recent dependency updates for malicious packages, (4) Implement URL validation middleware to reject requests with suspicious path patterns, (5) Add security monitoring to alert on unexpected URL requests, (6) If source is identified as malicious, remove it and conduct a full security audit.
Why it's a bug
A highly suspicious obfuscated URL path 'GET https://www.houseoffraser.co.uk/kysaL0xGh/1xjKY77i_/FuAm9ty/CY/9w9JVQ9z1pYOJpOE/Pyd0AQ/ZV19e/EkPZG0B' appears in production network traffic. This pattern is characteristic of malware callback URLs, command-and-control (C2) communication, or injected malicious code. The random-looking path segments and underscores don't match legitimate application routing patterns. This indicates either: (1) malicious code injection in the application, (2) compromise of the application serving layer, or (3) malware on the user's system. This is a critical security incident requiring immediate investigation.
Why it might not be a bug
It's theoretically possible this could be legitimate application logic, though the obfuscation pattern is highly suspicious and doesn't match Next.js routing conventions used elsewhere on the site.
Suggested Fix
Immediately investigate the source of this URL request: (1) Review server logs and WAF logs for this request pattern, (2) Conduct a code audit to identify if this is generated by legitimate application code or injected maliciously, (3) Check for signs of server compromise or dependency vulnerabilities, (4) If malicious, identify and remove the injection vector, (5) Implement strict URL allowlist validation to prevent execution of unexpected paths, (6) Deploy Content Security Policy to prevent inline script execution that could generate such URLs.
Why Fix
This suspicious URL pattern could indicate active malware infection, server compromise, or code injection attacks. Failure to investigate could allow attackers to exfiltrate user data, inject malicious content, or establish persistent backdoors. This directly threatens user security and product integrity.
Route To
Security Engineer / DevSecOps / Backend Infrastructure Team
Page
Tester
Sharon ยท Security Networking AnalyzerTechnical Evidence
Console:
No console logs provided, but recommend checking browser console for JavaScript errors or warnings during the time this request was made.Network:
GET https://www.houseoffraser.co.uk/kysaL0xGh/1xjKY77i_/FuAm9ty/CY/9w9JVQ9z1pYOJpOE/Pyd0AQ/ZV19e/EkPZG0B - Status: N/A