A-92%
Quality Score
2
Pages
25
Issues
7.2
Avg Confidence
7.6
Avg Priority
6 Critical15 High4 Medium
>_ Testers.AI
AI Analysis
Fresh Cotton scored A- (92%) with 25 issues across 5 tested pages, ranking #2 of 14 US retail sites. That's 80 fewer than the 105.1 category average (86th percentile).
Top issues to fix immediately: "Multiple DNS Resolution Failures - ERR_NAME_NOT_RESOLVED" โ Investigate and identify which resources are failing to resolve; "Multiple images missing informative alt text" โ Add descriptive alt text to all informative images; "Multiple resource loading failures affecting page functionality" โ Investigate each ERR_NAME_NOT_RESOLVED error to identify which external resources are failing.
Weakest area โ accessibility (5/10): Low contrast in some sections, unclear alt-text potential for images. No visible skip links or accessibility features.
Quick wins: Improve color contrast ratios throughout the site for WCAG compliance and better readability. Add prominent search functionality and product filtering options in a sticky header or sidebar.
Qualitative Quality
Fresh Cotton
Category Avg
Best in Category
Pages Tested ยท 2 screenshots
Homepage
freshcotton.com
Detected Issues ยท 25 total
1
Third-Party AI Service Called on Page Load Without Explicit User Consent
HIGH P8
Prompt to Fix
We are calling third-party AI services (Gorgias chat, 9gtb loader) on initial page load without explicit user consent. This creates privacy and compliance risks. Please: 1) Identify all third-party AI/LLM service endpoints being called automatically on page load 2) Implement a consent management system that explicitly asks users before loading these services 3) Defer non-essential AI service initialization until after user interaction or explicit opt-in 4) Add privacy notices explaining what data these services receive 5) Implement user-facing privacy controls to disable AI services 6) Add logging to track when AI services are invoked and what data is sent.
Why it's a bug
Network analysis reveals multiple requests to 'content.9gtb.com/loader.js' and 'config.gorgias.chat' endpoints that appear to be AI/LLM-related services being invoked on initial page load. The network log explicitly marks these with 'โ ๏ธ AI/LLM ENDPOINT DETECTED' tags. This violates privacy best practices where: (1) User data could be transmitted to third-party AI services without consent, (2) No visible indication to users that their data is being sent to external AI services, (3) Common in AI-generated code where developers add AI features without proper consent flows, (4) Potential GDPR/CCPA violations if personal data is sent to third parties.
Why it might not be a bug
These could be legitimate feature integrations (e.g., AI-powered chat support via Gorgias). However, the lack of visible consent mechanisms and automatic invocation on page load suggests proper privacy controls may be missing.
Suggested Fix
Implement explicit user consent before invoking third-party AI services. Add clear privacy notices disclosing which AI services process user data. Defer loading of non-essential AI features until user interaction. Implement consent management using a CMP (Consent Management Platform). Add user-facing controls to opt-out of AI services. Log which AI endpoints are being called and what data is transmitted.
Why Fix
Privacy violations expose the company to regulatory fines (GDPR up to 4% of revenue, CCPA penalties), loss of user trust, and reputational damage. Users have a right to know when their data is processed by external AI services. This is especially critical for AI-generated features that developers may not have thoroughly reviewed for privacy implications.
Route To
Privacy Engineer / Compliance Officer / Frontend Engineer
Page
Tester
Jason ยท GenAI Code AnalyzerTechnical Evidence
Console:
[LOG] [Klaviyo / Onsite] Initializing (third-party service initialization)Network:
GET https://config.gorgias.chat/bundle-loader/shopify/baskets-production.myshopify.com - Status: N/A โ ๏ธ AI/LLM ENDPOINT DETECTED
GET https://content.9gtb.com/loader.js - Status: N/A โ ๏ธ AI/LLM ENDPOINT DETECTED2
Multiple DNS Resolution Failures - ERR_NAME_NOT_RESOLVED
CRIT P9
Prompt to Fix
We have 6 ERR_NAME_NOT_RESOLVED errors in the browser console indicating DNS resolution failures. Identify which specific resources are failing to resolve by checking the Network tab in DevTools. For each failed resource, verify: 1) The domain name is correctly spelled and configured, 2) DNS records exist and are properly set up, 3) CDN endpoints are active, 4) Any domain aliases are correctly mapped. Update the resource URLs to use correct domain names or implement a fallback mechanism for failed resource loads.
Why it's a bug
Six separate ERR_NAME_NOT_RESOLVED errors indicate that critical resources failed to load due to DNS failures. This suggests either misconfigured domain names, CDN issues, or network connectivity problems that directly impact page functionality and user experience. The repetition across multiple resources indicates a systematic issue rather than an isolated incident.
Why it might not be a bug
Could be temporary network issues that resolve on page refresh, though this doesn't excuse the failures from being logged and investigated.
Suggested Fix
Investigate and identify which resources are failing to resolve. Check DNS records, CDN configurations, and domain aliases. Verify that all resource URLs in the application are correctly configured and pointing to valid domains. Implement DNS prefetching for critical resources and add error handling/fallback mechanisms.
Why Fix
DNS resolution failures prevent critical assets from loading, which degrades functionality, breaks features, and creates poor user experience. This is a blocker-level issue that needs immediate investigation.
Route To
DevOps/Infrastructure Engineer
Page
Tester
Sharon ยท Security TesterTechnical Evidence
Console:
[ERROR] Failed to load resource: net::ERR_NAME_NOT_RESOLVED (appears 6 times)Network:
Multiple failed resource load attempts with ERR_NAME_NOT_RESOLVED3
Multiple resource loading failures affecting page functionality
CRIT P9
Prompt to Fix
Review browser console errors showing ERR_NAME_NOT_RESOLVED failures. For each failed resource, verify that the domain is correctly configured and accessible. Check DNS resolution for any third-party services (filters, analytics, chat, etc.). Implement error handling and fallback functionality so that failed third-party resource loads don't break core page functionality. If these are optional integrations, ensure they fail gracefully without impacting user experience. Test resource loading in production environment to ensure all external calls resolve correctly.
Why it's a bug
The console shows 6 ERR_NAME_NOT_RESOLVED errors indicating failed DNS resolutions for external resources. While these may be third-party integrations, each failure represents functionality that isn't loading properly. This could affect analytics, chat widgets, product filters, or other important features. The user sees no error states to indicate what's missing.
Why it might not be a bug
These may be intentional - third-party services might be optional, or the errors could be from localhost development. However, in production they represent broken integrations that degrade functionality.
Suggested Fix
Investigate each ERR_NAME_NOT_RESOLVED error to identify which external resources are failing. Verify DNS configuration for third-party domains. Implement error handling so failed resource loads don't break the page. Consider adding fallback functionality or graceful degradation for critical features like filters or chat widgets.
Why Fix
Failed resource loads can break core functionality and degrade user experience. Users may not understand why features aren't working, leading to frustration and reduced conversions. This directly impacts trust in the brand and site reliability.
Route To
Backend / Infrastructure Engineer
Page
Tester
Sophia ยท Content Quality SpecialistTechnical Evidence
Console:
[ERROR] Failed to load resource: net::ERR_NAME_NOT_RESOLVED (appears 6 times)Network:
Multiple ERR_NAME_NOT_RESOLVED failures