B-82%
Quality Score
6
Pages
112
Issues
7.4
Avg Confidence
7.5
Avg Priority
30 Critical58 High20 Medium4 Low
>_ Testers.AI
AI Analysis
USC scored B (85%) with 112 issues across 6 tested pages, ranking #9 of 22 UK retail sites. That's 12 fewer than the 123.7 category average (59th percentile).
Top issues to fix immediately: "AI/LLM Endpoints Detected in Network Requests Without User Consent Ind" โ Implement explicit user consent for AI/LLM feature usage before making any calls to AI endpoints; "Multiple DNS Resolution Failures - Resources Failing to Load" โ 1) Identify which specific resources are failing to load by checking the Network tab; "Critical CTA Button Visibility Issue in Hero Section" โ Increase contrast on CTA buttons by either: 1) Using a brighter, more saturated button color that contrasts strongly ....
Weakest area โ accessibility (5/10): Limited visible accessibility features. No obvious alt text indicators, contrast ratios unclear on purple sections, and navigat...
Qualitative Quality
USC
Category Avg
Best in Category
Pages Tested ยท 6 screenshots
Homepage
usc.co.uk
usc.co.uk
usc.co.uk
usc.co.uk
usc.co.uk
Detected Issues ยท 112 total
1
AI/LLM Endpoints Detected in Network Requests Without User Consent Indicators
CRIT P10
Prompt to Fix
Our application is making calls to AI/LLM endpoints without explicit user consent, which violates privacy regulations. We need to implement a privacy-first AI feature architecture: (1) add a privacy disclosure banner explaining which AI services are used and what data they receive, (2) implement explicit user consent management - users must opt-in before any AI endpoint calls are made, (3) defer all AI/LLM endpoint calls until after consent is obtained or user interaction occurs, (4) add user controls to disable AI features, (5) audit all network requests to ensure no third-party AI services are called without consent, (6) document which AI endpoints are used and why. Ensure compliance with GDPR article 13, CCPA, and industry privacy standards.
Why it's a bug
Network activity shows multiple requests flagged with 'โ ๏ธ AI/LLM ENDPOINT DETECTED' including:
- GET https://www.usc.co.uk/#skip-link-main-content
- GET https://www.usc.co.uk/_next/static/chunks/main-app-ac428d2c2d04060a.js
This indicates the application is making calls to AI/LLM endpoints on page load without visible user consent mechanisms. AI-generated code commonly includes early LLM calls for features like auto-completion, recommendations, or content generation without proper privacy disclosures or consent management. The page content provided shows no consent prompts or privacy notices related to AI processing. This violates privacy regulations (GDPR, CCPA) and user expectations.
Why it might not be a bug
These could be false positives if they're actually first-party endpoints misidentified as AI endpoints. However, the consistent flagging suggests genuine third-party AI service integrations without proper consent mechanisms.
Suggested Fix
Implement explicit user consent for AI/LLM feature usage before making any calls to AI endpoints. Add privacy notices and disclosure statements explaining what data is sent to AI services. Defer AI endpoint calls until after user explicitly opts-in or interacts with AI-powered features. Audit all network requests to identify which are actually going to third-party AI services vs. internal endpoints. Use a privacy-first approach: make AI features optional, disabled by default, with clear user controls.
Why Fix
Sending user data to AI endpoints without consent violates privacy regulations and damages user trust. This is a critical compliance and security issue that can result in legal liability. Users have a right to know their data is being processed by AI systems and should have the ability to opt-out.
Route To
Privacy Engineer / Compliance Officer / Security Engineer
Page
Tester
Jason ยท GenAI Code AnalyzerTechnical Evidence
Console:
โ ๏ธ AI/LLM ENDPOINT DETECTED on multiple network requestsNetwork:
GET https://www.usc.co.uk/#skip-link-main-content - Status: 200 [AI/LLM ENDPOINT DETECTED], GET https://www.usc.co.uk/_next/static/chunks/main-app-ac428d2c2d04060a.js [AI/LLM ENDPOINT DETECTED]2
Multiple DNS Resolution Failures - Resources Failing to Load
CRIT P9
Prompt to Fix
I'm seeing multiple 'Failed to load resource: net::ERR_NAME_NOT_RESOLVED' errors in the console. This means resources are trying to load from domains that don't resolve. Please: 1) Inspect the Network tab to identify the exact URLs that are failing to resolve. 2) Verify all resource URLs in the HTML, CSS, and JavaScript are using correct, fully-qualified domain names. 3) Check that any CDN domains or third-party service domains are properly configured and DNS records are set up. 4) Review any recent configuration or deployment changes that may have introduced invalid domain references. 5) Add error handling and logging to capture the specific URLs failing so we can debug this faster in the future.
Why it's a bug
Multiple ERR_NAME_NOT_RESOLVED errors indicate that the application is attempting to load resources from domains that cannot be resolved. This is a critical network issue that will cause functionality failures, broken UI elements, or missing features. Users will experience broken pages, missing images, scripts, or stylesheets. This directly impacts user experience and application functionality.
Why it might not be a bug
Could be temporary DNS issues on user's network, but the fact that multiple resources are failing from what is likely the same domain suggests a real configuration or deployment problem on the server side that needs investigation.
Suggested Fix
1) Identify which specific resources are failing to load by checking the Network tab. 2) Verify that all resource URLs are correctly configured with valid, resolvable domain names. 3) Check DNS records for any misconfigured domains. 4) Ensure all third-party service domains are properly set up and accessible. 5) Review recent deployment changes that may have introduced broken resource URLs.
Why Fix
Unresolved resources will prevent the application from loading critical assets, leading to broken functionality, missing UI elements, and poor user experience. This is a blocking issue that must be resolved before the application can function properly.
Route To
Backend/DevOps Engineer
Page
Tester
Sharon ยท Security TesterTechnical Evidence
Console:
[ERROR] Failed to load resource: net::ERR_NAME_NOT_RESOLVEDNetwork:
net::ERR_NAME_NOT_RESOLVED (3 instances)3
Critical CTA Button Visibility Issue in Hero Section
CRIT P9
Prompt to Fix
The primary CTA buttons throughout the page (particularly 'SHOP NOW' in the hero and Frasers Plus sections) have insufficient contrast against their backgrounds, making them hard to find and click. Update the button styling to achieve at least a 4.5:1 contrast ratio between the button text/icon and background. Consider changing the button color to a brighter shade or using white text with a darker button background to improve visibility.
Why it's a bug
The 'SHOP NOW' and other primary call-to-action buttons in the hero/featured sections have very low contrast against their backgrounds, making them difficult to locate and engage with. Users may miss the primary action point entirely, reducing conversion rates. The purple button text against the dark background in the Frasers Plus section is particularly hard to read.
Why it might not be a bug
Some may argue this is intentional branding, but conversion-focused CTAs should prioritize clarity and discoverability.
Suggested Fix
Increase contrast on CTA buttons by either: 1) Using a brighter, more saturated button color that contrasts strongly with background, 2) Adding a white or light-colored text label with a darker button background, or 3) Adding a subtle glow or border effect to make buttons more discoverable.
Why Fix
Primary CTAs are critical conversion points. Low visibility directly impacts user ability to complete their primary goal (shopping/browsing), leading to abandoned sessions and lost revenue.
Route To
Frontend/UI Engineer
Page
Tester
Mia ยท Usability TesterTechnical Evidence
Elements:
<button> or <a> elements with class containing 'cta', 'shop', 'primary'Page Text:
SHOP NOW, FRASERSPLUS