A-92%
Quality Score
2
Pages
12
Issues
8.1
Avg Confidence
7.4
Avg Priority
2 Critical5 High3 Medium
>_ Testers.AI
AI Analysis
David Jones scored A- (92%) with 12 issues across 5 tested pages, ranking #1 of 7 Australian retail sites. That's 109 fewer than the 120.6 category average (86th percentile).
Top issues to fix immediately: "Maintenance page reveals internal IPs and incident IDs" β Remove the lines displaying Your IP, Proxy IP, and Incident ID from the maintenance page; "Personal data exposure: IP address shown on maintenance page" β Remove or redact the displayed IP address from the UI; "Console Error: JSHandle@error" β Investigate and fix the root cause of this error: JSHandle@error.
Weakest area β usability (5/10): No obvious navigation, search, or CTA; users cannot proceed or easily find help or alternatives.
Quick wins: Provide an estimated time to resolution or a progress indicator, plus prominent links to support, contact options, and.... Consider a simplified or high-contrast maintenance view that preserves branding while improving readability and....
Qualitative Quality
David Jones
Category Avg
Best in Category
Pages Tested Β· 2 screenshots
Homepage
www.davidjones.com
Detected Issues Β· 10 total
1
Maintenance page reveals internal IPs and incident IDs
CRIT P9
Prompt to Fix
In the maintenance page, remove all user-facing internal-network identifiers. Specifically delete lines that display 'Your IP', 'Proxy IP', and 'Incident ID'. Replace with a concise public status message such as: 'Weβre currently undergoing maintenance. Please check back later or contact support at [email/URL].' Ensure no internal IPs or incident IDs are visible in the UI.
Why it's a bug
The page displays internal system details (Your IP, Proxy IP, and an Incident ID) to all visitors. This information is not useful for end users and can expose infrastructure details, potentially eroding trust and increasing security risk.
Why it might not be a bug
The data may be intended for internal debugging, but exposing it publicly provides unnecessary information and can be misused. The risk and potential confusion outweigh any debugging benefit.
Suggested Fix
Remove the lines displaying Your IP, Proxy IP, and Incident ID from the maintenance page. Replace with a generic status message and, if needed, a simple contact or support link. Ensure no internal identifiers are shown to users.
Why Fix
Eliminating exposed internal identifiers reduces security risk and improves user trust by presenting a clean, non-technical status message.
Route To
Security Engineer
Page
Tester
Mia Β· Usability TesterTechnical Evidence
Elements:
<div>Your IP: 24.17.117.100<br/>Proxy IP: 45.60.240.56 (ID 102101-100)<br/>Incident ID: 210100000650452221264-9366606718750863122</div>Console:
Failed to load resource: the server responded with a status of 403 (Forbidden)Network:
GET /status (maintenance) endpoint returned 403 ForbiddenPage Text:
Your IP: 24.17.117.100
Proxy IP: 45.60.240.56 (ID 102101-100)
Incident ID: 210100000650452221264-93666067187508631222
Personal data exposure: IP address shown on maintenance page
CRIT P9
Prompt to Fix
In the maintenance page, remove the explicit display of the client's IP address. Do not render 'Your IP: {IP}' in the HTML. If IP is needed for support, handle it server-side with proper consent and redact it in the client-facing page.
Why it's a bug
The page displays the user's IP address in plain text (e.g., 'Your IP: 24.17.117.100'). This is sensitive information that can reveal location and network details. Exposing IPs on a public maintenance page increases privacy risk and may violate data minimization principles and privacy regulations.
Why it might not be a bug
Some diagnostic or maintenance pages include IP information for debugging; however, exposing it publicly without consent is generally discouraged and can create privacy concerns.
Suggested Fix
Remove or redact the displayed IP address from the UI. If IP information is required for support, mask it (e.g., 'Your IP: xxx.xxx.xxx.xxx') or collect it server-side with explicit user consent and proper privacy notices.
Why Fix
Protect user privacy, reduce data leakage, and align with privacy best practices and potential regulatory requirements.
Route To
Privacy/Security Engineer, Frontend Developer
Page
Tester
Jason Β· GenAI Code AnalyzerTechnical Evidence
Console:
Your IP: 24.17.117.1003
AI/LLM endpoint detected on page load β potential on-load AI calls
HIGH P8
Prompt to Fix
If the site is performing any on-load AI/LLM calls, remove or defer them until user interaction or explicit consent is provided. Audit network requests to identify AI endpoints, replace them with consent-driven lazy-loading, and document the privacy impact in the policy.
Why it's a bug
Console logs show 'β οΈ AI/LLM ENDPOINT DETECTED', suggesting remote AI calls or LLM integrations may be invoked on page load. This can raise privacy concerns, increase startup latency, and potentially expose user data to third-party AI services without explicit consent.
Why it might not be a bug
If AI calls are intended for content personalization or telemetry, they should be clearly disclosed and consented; without UI/consent, this is risky and could be misconfigured.
Suggested Fix
Audit the build to locate any on-load AI/LLM calls. Move any AI interactions behind a user action or explicit consent, and ensure endpoints are clearly disclosed in a privacy policy. Implement feature flags and lazy-load AI assets only after user interaction.
Why Fix
Improve privacy posture, reduce unintended data leakage, and improve page performance by avoiding unnecessary on-load AI calls.
Route To
Frontend Engineer, Security/Privacy Engineer
Page
Tester
Jason Β· GenAI Code AnalyzerTechnical Evidence
Console:
β οΈ AI/LLM ENDPOINT DETECTEDNetwork:
GET https://www.davidjones.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3 - Status: N/A