Cursor
cursor.sh
App Quality Report
Powered by Testers.AI
Category Index → Competitive Grid → Category Report →
A-90%
Quality Score
2
Pages
19
Issues
8.5
Avg Confidence
8.2
Avg Priority
9 Critical8 High2 Medium
Testers.AI
>_ Testers.AI AI Analysis

Cursor was tested and 19 issues were detected across the site. The most critical finding was: Images lack descriptive alt text. Issues span A11y, Performance, Other, Security categories. Persona feedback rated Visual highest (7/10) and Accessibility lowest (4/10).

Qualitative Quality
Cursor
Category Avg
Best in Category
Issue Count by Type
Security
7
Content
4
A11y
1
Pages Tested ยท 2 screenshots
Screenshot
Homepage
Screenshot
cursor.sh
Detected Issues ยท 19 total
1
Images lack descriptive alt text
CRIT P9
Conf 9/10 OtherA11yContent
Prompt to Fix
Update all <img> tags in the page to include descriptive alt text for content images. For decorative assets, either remove the image if unnecessary or use alt="" and aria-hidden="true" as appropriate.
Why it's a bug
Page content images (hero and logos) have empty alt attributes, providing no descriptive context for assistive technologies or SEO.
Why it might not be a bug
If images are purely decorative, empty alt is acceptable; however, the imagery appears to convey brand and content intent (hero messaging and partner logos).
Suggested Fix
Add meaningful alt text for non-decorative images (e.g., hero image: 'Cursor: The best way to code with AI โ€“ hero visual', logos: 'Partner logo โ€“ [Brand Name]'). If an image is purely decorative, mark as decorative (alt="" or aria-hidden="true").
Why Fix
Improves accessibility and discoverability, aligning with brand storytelling and SEO expectations.
Route To
Frontend Developer / Accessibility Specialist
Page
Cursor: The best way to code with AI
Tester
Sophia ยท Content Quality Specialist
Technical Evidence
Console: [ERROR] Failed to load resource: net::ERR_NAME_NOT_RESOLVED
2
Console logs expose user tracking identifiers (auid, tid) in error messages
CRIT P9
Conf 9/10 Other
Prompt to Fix
In production, redact or mask sensitive tracking identifiers in all console logs. Implement a log sanitizer that strips or replaces parameters like auid, tid, gclid, msclkid, and similar analytics identifiers from any URLs before logging. Ensure that error messages and console output do not reveal full external URLs with tracking IDs. Validate that CSP violations do not cause logged URLs to leak identifiers; if logging of external calls is necessary, log only the domain and status instead of full URLs. After implementing, audit all third-party analytics URLs used by the app to ensure they do not disclose user- or device-level identifiers in logs.
Why it's a bug
The console logs reveal tracking identifiers (e.g., auid and Google Ads tid) within full URLs shown in error messages. This enables potential leakage of user-level identifiers to screenshots, clipboard captures, or attackers inspecting console logs, facilitating cross-site tracking and profiling. This is a privacy risk and commonly disallowed in user-facing logs.
Why it might not be a bug
While verbose logs can aid debugging, exposing live tracking IDs in console output is a privacy risk and should be avoided. Redaction or sanitized logging is a typical mitigation; the current logs clearly leak identifiers.
Suggested Fix
Implement log sanitization for all console or error logs: redact or strip tracking parameters such as auid, tid, gclid, msclkid, and other third-party analytics identifiers from any URLs printed to the console. Before logging, pass strings through a sanitizer (e.g., redactTrackingParams(url)) that replaces sensitive query parameters with [REDACTED] or removes them entirely. Consider configuring analytics/network requests to be proxied or logged without exposing IDs.
Why Fix
Protect user privacy, reduce exposure of cross-site tracking identifiers, and align with privacy best practices and regulatory expectations. Redacted logs prevent inadvertent leakage of tracking IDs while preserving enough context for debugging.
Route To
Frontend Engineer / Security Engineer
Page
Cursor: The best way to code with AI
Tester
Pete ยท Privacy Console Log Analyzer
Technical Evidence
Console: [ERROR] Loading the image 'https://www.google.com/ccm/collect?frm=0&en=page_view&dl=https%3A%2F%2Fcursor.com%2F&scrsrc=www.googletagmanager.com&rnd=667154281.1773961730&dt=Cursor%3A%20The%20best%20way%20to%20code%20with%20AI&auid=2054016343.1773961730&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&data=event%3Dgtag.config&gtm=45be63h1v9231728922za200zd9231728922xec&gcd=13l3l3l3l1l1&dma=0&tag_exp=103116026~103200004~115938465~115938468~116024733~117484252~118104772' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' cursor.com *.cursor.com cursor.sh *.cursor.sh *.unifyintent.com *.cloudfront.net pro.ip-api.com *.liadm.com *.usbrowserspeed.com alocdn.com va.vercel-scripts.com vercel.live jobs.ashbyhq.com os.ryo.lu connect.facebook.net js.zi-scripts.com ws-assets.zoominfo.com *.chilipiper.com www.googletagmanager.com *.googletagmanager.com *.roadwayai.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked.
Network: https://www.google.com/ccm/collect?frm=0&en=page_view&dl=https%3A%2F%2Fcursor.com%2F&scrsrc=www.googletagmanager.com&rnd=667154281.1773961730&dt=Cursor%3A%20The%20best%20way%20to%20code%20with%20AI&auid=2054016343.1773961730&navt=n&npa=0&gtm=45be63h1h1v9231728922za200zd9231728922xec&gcd=13l3l3l3l1l1&dma=0&tag_exp=103116026~103200004~115938465~115938468~116024733~117484252~118104772
3
Excessive number of network requests (494) impacting load and render
CRIT P9
Conf 9/10 PerformanceOther
Prompt to Fix
Review the homepage bundle composition to identify the top 40โ€“60 assets responsible for the majority of requests. Remove unused assets, implement lazy-loading and dynamic imports for non-critical features, and remove or defer non-essential fonts and scripts. Ensure critical CSS/JS are inlined or minimized and enable HTTP/2/3 prioritization.
Why it's a bug
The page issues an extremely high number of network requests (Total network requests: 494). This can saturate slow networks, increase parse/compile time, and delay the Largest Contentful Paint (LCP) and First Contentful Paint (FCP), harming user experience on mobile.
Why it might not be a bug
If all assets are strictly required for initial render, this could be valid; however, the sheer volume suggests over-fetching or missing optimization.
Suggested Fix
Audit resource usage to identify truly critical assets. Remove duplicates, consolidate assets, and apply code-splitting and lazy-loading for non-critical JS/CSS/images. Optimize asset delivery (gzip/brotli, HTTP/2/3) and consider bundling where possible.
Why Fix
Reducing requests lowers bandwidth and latency, improves LCP/FCP, and yields a faster, more reliable experience across devices and networks, with SEO and user retention benefits.
Route To
Frontend Performance Engineer
Page
Cursor: The best way to code with AI
Tester
Tariq ยท Performance Specialist
Technical Evidence
Console: Total network requests: 494; Performance metrics indicate heavy network activity.
Network: GET https://cursor.com/marketing-static/_next/static/chunks/50eb18a90a1f1a2b.js?dpl=dpl_9TQUoToJZSAY8ytfLgF2aVnPkgoC
+16
16 more issues detected  View all →
Fetch API blocked by CSP for Google CCM collect (fetch/refus...
Console Error: Failed to load resource: net::ERR_NAME_NOT_RE...
Console Error: Connecting to 'https://stats.g.doubleclick.ne...
and 13 more...
Generated by Testers.AI ยท Cursor Quality Scan
Unlock All 19 Issues
You're viewing the top 3 issues for Cursor.
Sign up at Testers.AI to access the full report with all 19 detected issues, detailed fixes, and continuous monitoring.
Sign Up at Testers.AI or let us run the tests for you