A-91%
Quality Score
2
Pages
32
Issues
7.5
Avg Confidence
7.8
Avg Priority
11 Critical14 High7 Medium
>_ Testers.AI
AI Analysis
City Beach scored A- (91%) with 32 issues across 6 tested pages, ranking #3 of 14 US retail sites. That's 73 fewer than the 105.1 category average (71st percentile).
Top issues to fix immediately: "Missing or Unclear Call-to-Action for Promotional Offer" โ Add a single, large, high-contrast primary CTA button (e; "Broken Resource Loading Affecting Page Functionality" โ 1) Remove the duplicate Curalate site; "Duplicate Curalate site.js causing fanreels functionality errors" โ Audit the page HTML and remove duplicate Curalate snippet includes.
Weakest area โ accessibility (5/10): Missing alt text on images, limited color contrast in some areas, and no visible WCAG compliance indicators.
Quick wins: Add descriptive alt text to all product and lifestyle images for screen reader users. Improve color contrast ratios, particularly in footer and fine print areas.
Qualitative Quality
City Beach
Category Avg
Best in Category
Pages Tested ยท 2 screenshots
Homepage
citybeach.com.au
Detected Issues ยท 32 total
1
Google Analytics loaded before Consent Mode configuration
CRIT P9
Prompt to Fix
Fix Google Analytics Consent Mode sequencing violation. Modify the Google Tag Manager or analytics implementation to initialize Consent Mode before loading the Google Analytics tag G-FJQDX1L044. Ensure the Consent Mode configuration script runs first in the page head, before any Google tracking tags. Update tag sequencing in GTM or your analytics configuration. Test the implementation by checking the Network tab to verify Consent Mode initializes before Analytics. Remove the warning message once properly sequenced.
Why it's a bug
Loading Google Analytics (G-FJQDX1L044) before Consent Mode is initialized creates serious GDPR/privacy compliance violations. Analytics data is being collected before user consent is obtained, which violates data protection regulations and can result in legal liability, fines, and user trust issues.
Why it might not be a bug
None - consent sequencing is a critical compliance requirement with legal implications.
Suggested Fix
Reorder script loading to initialize Consent Mode before loading the Google Analytics tag. Ensure Consent Mode configuration is declared and processed first, then load the Google tag. Use data-nonce or async/defer attributes properly. Test consent flow in browser with GTM preview mode to verify sequencing.
Why Fix
Improper consent sequencing violates GDPR, CCPA, and other privacy regulations. This creates legal liability, potential fines, and damages user trust. Fixing ensures compliant analytics implementation.
Route To
Frontend Engineer / Privacy/Compliance Lead
Page
Tester
Sharon ยท Security TesterTechnical Evidence
Console:
[WARN] Error: Google tag G-FJQDX1L044 loaded before Consent Mode update. Please review and resolve Google Consent Mode sequencing.Network:
Google Analytics tag initialization2
Staging Environment Exposed in Production Network Traffic
CRIT P9
Prompt to Fix
Find and remove all hardcoded references to staging.citybeach.com from the production codebase. Search all JavaScript files, CSS files, configuration files, and build templates for 'staging.citybeach.com' URLs. Replace any staging domain references with the production domain (www.citybeach.com). Add a pre-deployment validation step that scans for staging domain references and fails the build if found. Test in a staging environment first to ensure no legitimate staging-only resources are broken.
Why it's a bug
A staging/development environment URL (staging.citybeach.com) is being accessed and loaded in production network traffic. This indicates either: (1) a misconfiguration where staging resources are referenced in production code, or (2) staging credentials/configurations may be exposed. Staging environments typically have weaker security controls, debug modes enabled, and may contain test data or bypass authentication. This is a critical information disclosure vulnerability that lowers attacker effort and increases risk of unauthorized access.
Why it might not be a bug
It's possible this was a temporary test request or the staging URL was intentionally accessed during development. However, the presence in production network traffic strongly suggests a configuration error that should be remediated.
Suggested Fix
Immediately audit the codebase and configuration files to remove all references to staging.citybeach.com. Verify that production code only references production domains (www.citybeach.com). Implement automated checks in the build pipeline to prevent staging URLs from being deployed to production. Review how this URL was included and remediate the root cause.
Why Fix
Exposing staging environments in production creates significant security risks: reduced security controls on staging, potential data leakage, information about internal infrastructure, and easier attack surface for malicious actors. This is a high-priority infrastructure security issue.
Route To
DevOps Engineer, Infrastructure Security Engineer, Backend Lead
Page
Tester
Sharon ยท Security Networking AnalyzerTechnical Evidence
Console:
Network request to staging environment detected during production page loadNetwork:
GET https://staging.citybeach.com/on/demandware.static/-/Library-Sites-CityBeachSharedLibrary/default/vb0d6f7200b99056227e785fd8bb61ad08c77798c/css/promo%2Dhero%2Dbanner%2Dbuttons.css?version=1,716,878,096,772 - Status: N/A3
Duplicate Curalate site.js causing fanreels functionality errors
CRIT P9
Prompt to Fix
Fix duplicate Curalate site.js script loads. Search the entire page HTML, templates, and tag manager configuration for all instances of the Curalate snippet or site.js includes. Remove all duplicate entries, keeping only one instance. Verify the script loads exactly once by checking the Network tab and console for the [crl8] duplicate detection error. Test that Curalate fanreels functionality works correctly after removing duplicates.
Why it's a bug
Duplicate script includes will cause JavaScript conflicts, variable collisions, and event listener issues. This directly breaks Curalate fanreels functionality which is a core product feature. The error message explicitly states this will cause errors.
Why it might not be a bug
None - this is a clear, actionable error with direct impact on functionality.
Suggested Fix
Audit the page HTML and remove duplicate Curalate snippet includes. Ensure only one instance of the Curalate site.js file is loaded. Check page templates, header/footer includes, and any tag manager configurations for duplicate entries.
Why Fix
Duplicate scripts cause unpredictable behavior, memory leaks, and broken features. Users cannot reliably use fanreels functionality, impacting core product value.
Route To
Frontend Engineer / DevOps
Page
Tester
Sharon ยท Security TesterTechnical Evidence
Console:
[ERROR] [crl8] Duplicate site.js files detected. This will cause errors with your Curalate fanreels. Remove the duplicate Curalate snippet to prevent the errors.Network:
Curalate site.js