Gorman
gormanshop.com.au
App Quality Report
Powered by Testers.AI
Category Report โ†’ Competitive Grid โ†’ Animated Demo โ†’
B-81%
Quality Score
6
Pages
131
Issues
7.4
Avg Confidence
7.6
Avg Priority
28 Critical83 High20 Medium
Testers.AI
>_ Testers.AI AI Analysis

Gorman scored B- (81%) with 131 issues across 7 tested pages, ranking #10 of 14 US retail sites. That's 26 more than the 105.1 category average (36th percentile).

Top issues to fix immediately: "Missing form field labels for email and password inputs" โ€” Wrap form inputs with <label> elements and use the 'for' attribute to associate labels with input IDs: <label for="em...; "Multiple DNS Resolution Failures - Critical Network Issues" โ€” Investigate which resources are failing to resolve; "Multiple DNS Resolution Failures for Critical Resources" โ€” 1) Audit all resource loading code for hardcoded domain names or paths that may be environment-specific.

Weakest area โ€” accessibility (4/10): Placeholder images lack alt text, color contrast on promotional text may be insufficient, and no visible skip navigation or ARI...

Quick wins: Complete all placeholder sections and ensure proper content hierarchy with clear category labels. Add descriptive alt text to all product images and decorative elements.

Qualitative Quality
Gorman
Category Avg
Best in Category
Issue Count by Type
A11y
46
Content
24
UX
7
Visual
4
Security
1
Pages Tested ยท 6 screenshots
Screenshot
Homepage
Screenshot
gormanshop.com.au
Screenshot
gormanshop.com.au
Screenshot
gormanshop.com.au
Screenshot
gormanshop.com.au
Screenshot
gormanshop.com.au
Detected Issues ยท 131 total
1
User Location Data Exposed in Console Logs
CRIT P9
Conf 8/10 Other
Prompt to Fix
Remove the console.log statement that outputs user location data: '[LOG] Current region: United States, WA'. Replace client-side location logging with server-side logging only. If the frontend needs to know the region, receive it from the backend via an API response but do NOT log it to console. Ensure location data is only transmitted securely and never exposed in client-side logs or console output.
Why it's a bug
The console log explicitly outputs '[LOG] Current region: United States, WA' which exposes the user's geographic location (state-level) in plain text to the browser console. This geolocation information is sensitive personal data that can be used for user profiling, location-based targeting, and violates privacy expectations. Under GDPR, CCPA, and other privacy regulations, location data is classified as personal data and should never be logged to console where it could be accessed via browser developer tools or client-side log aggregation.
Why it might not be a bug
The location data is derived from general geolocation APIs and may be considered non-sensitive at the state level rather than precise coordinates. However, this counter-argument is weak because: (1) any persistent identifier linked to location enables user profiling, (2) regulations treat location data as sensitive regardless of granularity, and (3) console logging is a security/privacy anti-pattern.
Suggested Fix
Remove all location data logging from console output. If region/location information is necessary for backend functionality, pass it directly to server-side endpoints without logging to client-side console. Implement server-side logging only for location data with proper access controls and retention policies.
Why Fix
Exposing location data in console logs violates user privacy expectations and data protection regulations. Users expect their location information to be handled securely and not casually logged where it's visible in browser developer tools. This exposure could enable unauthorized user profiling and tracking.
Route To
Privacy Engineer / Backend Engineer / Data Protection Officer
Page
Gorman
Tester
Pete ยท Privacy Console Log Analyzer
Technical Evidence
Console: [LOG] Current region: United States, WA
2
Third-Party Tracking Pixels Logging User Events to Console
CRIT P9
Conf 8/10 Other
Prompt to Fix
Audit and implement proper consent management for all third-party tracking pixels (TikTok Pixel, BSS scripts, k-web-pixel). Ensure: (1) User consent is obtained BEFORE pixels load, (2) Consent status is checked before firing tracking events, (3) Remove all verbose console logging that exposes tracking activities, (4) Update privacy policy to disclose all third-party tracking, (5) Implement a consent management platform (CMP) to manage pixel firing based on user consent choices. Specifically, wrap TikTok Pixel initialization and event firing in consent checks.
Why it's a bug
The console logs reveal active third-party tracking integration: '[LOG] k-web-pixel-version 1', '[LOG] BSS scripts loaded', and '[WARN] [TikTok Pixel]' warnings. These logs demonstrate that user behavioral events are being captured and sent to third-party tracking services (TikTok Pixel, BSS/tracking pixels). The presence of multiple 'Invalid Event Name Format' warnings from TikTok Pixel indicates active event tracking is occurring. This third-party pixel tracking enables cross-site profiling of users without explicit, informed consent being documented in console logs. Users expect transparency about tracking, and these logging patterns indicate opaque third-party data collection.
Why it might not be a bug
Third-party pixels are common industry practice and may be authorized by privacy policy disclosures. However, this counter-argument fails because: (1) console logging of tracking reveals the practice and its extent to users who inspect console, (2) no consent verification is visible in logs, (3) the logging itself is unprofessional and suggests poor privacy practices.
Suggested Fix
Audit all third-party tracking pixels and ensure they are: (1) covered by explicit user consent mechanisms, (2) documented in privacy policy with user-facing disclosure, (3) implement consent checks before loading pixels, (4) remove verbose console logging that exposes tracking activities. Use tag management systems with proper consent integration. Ensure TikTok Pixel and BSS tracking only fire after affirmative user consent is obtained.
Why Fix
Third-party tracking pixels enable profiling and cross-site user tracking. Without visible consent mechanisms, this violates privacy regulations (GDPR, CCPA, ePrivacy Directive). Users have a right to know they're being tracked. Console logging of tracking activities suggests insufficient privacy controls and consent management.
Route To
Privacy Engineer / Consent Management Engineer / MarTech Engineer
Page
Gorman
Tester
Pete ยท Privacy Console Log Analyzer
Technical Evidence
Console: [LOG] k-web-pixel-version 1, [LOG] BSS scripts loaded, [WARN] [TikTok Pixel] - Invalid Event Name Format
Network: TikTok Pixel event tracking endpoints (implied by warnings)
3
User Location Data Exposed in Console Logs
CRIT P9
Conf 8/10 Other
Prompt to Fix
Remove the console.log statement that outputs user location/region data: '[LOG] Current region: United States, WA'. This exposes sensitive geolocation information in browser console logs, violating GDPR and CCPA compliance requirements. Instead, store regional information securely server-side or in protected session storage that cannot be accessed via console debugging. If regional data must be client-side, use environment variables or secure configuration that is not logged to console. Search your codebase for 'Current region' logging statements and remove them immediately.
Why it's a bug
The console log explicitly outputs '[LOG] Current region: United States, WA' which exposes user geolocation data (state-level location) to the browser console. This geolocation information can be captured by malicious scripts, browser extensions, or debugging tools. Location data is considered sensitive personal information under GDPR, CCPA, and other privacy regulations. Exposing it in console logs violates privacy best practices and data protection compliance requirements.
Why it might not be a bug
The location data is only at state-level granularity and may be necessary for legitimate regional functionality. However, this does not justify logging it to the console where it can be easily exposed.
Suggested Fix
Remove the console.log statement that outputs user location data. If regional functionality is required, store location data in secure, non-accessible backend variables or use session storage with appropriate security headers. Do not output any geolocation information to browser console logs.
Why Fix
Preventing location data exposure protects user privacy, ensures compliance with GDPR Article 6, CCPA Section 1798.100, and other privacy regulations, and prevents malicious actors from harvesting location information through console access.
Route To
Privacy Engineer / Backend Engineer / Data Protection Officer
Page
ALL โ€“ Gorman
Tester
Pete ยท Privacy Console Log Analyzer
Technical Evidence
Console: [LOG] Current region: United States, WA
Network: Not applicable
+128
128 more issues detected  View all →
Sensitive Tracking Data Exposed in Network Requests
Third-party tracking and analytics services loaded without e...
Multiple DNS Resolution Failures - Critical Network Issues
and 125 more...
Generated by Testers.AI ยท Gorman Quality Scan
Unlock All 131 Issues
You're viewing the top 3 issues for Gorman.
Sign up at Testers.AI to access the full report with all 131 detected issues, detailed fixes, and continuous monitoring.
Sign Up at Testers.AI or let us run the tests for you