PLANit
www.planit.com
App Quality Report
Powered by Testers.AI
B-80%
Quality Score
14
Pages
184
Issues
7.9
Avg Confidence
7.8
Avg Priority
76 Critical72 High34 Medium2 Low
Testers.AI
>_ Testers.AI AI Analysis

PLANit scored B- (80%) with 184 issues across 7 tested pages, ranking #7 of 7 Australian retail sites. That's 63 more than the 120.6 category average (0th percentile).

Top issues to fix immediately: "AI on-page endpoints detected / potential on-load LLM calls" Defer any LLM/AI endpoint calls until user interaction or explicit consent; "DNS resolution failures causing multiple resource load errors" 1) Identify all failing resource URLs from the Network tab (hostnames that cannot be resolved); "Primary CTAs not visually distinct from blue background" Increase contrast by using a higher-contrast color for primary CTAs (e.

Weakest area accessibility (5/10): Possible color contrast issues in some modules; images may lack alt text; keyboard navigation and landmarks could be improved; ...

Quick wins: Streamline navigation with a sticky header and a clearly labeled primary CTA across breakpoints, plus quick access to.... Improve color contrast and typography accessibility; add alt text for images and ensure landmarks/ARIA roles are used....

Qualitative Quality
PLANit
Category Avg
Best in Category
Issue Count by Type
Content
56
A11y
28
UX
23
Visual
10
Security
4
Pages Tested · 14 screenshots
Screenshot
Homepage
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Screenshot
www.planit.com
Detected Issues · 184 total
1
AI on-page endpoints detected / potential on-load LLM calls
CRIT P10
Conf 9/10 Other
Prompt to Fix
Identify any on-load AI/LLM endpoint calls in the page bundle and remove or lazy-load them behind a user interaction or explicit consent. Replace with a consent-driven integration pattern and ensure no data is sent to external AI services until approved by the user. Provide a minimal reproducible patch that postpones LLM calls and documents the privacy implications.
Why it's a bug
Console logs show '⚠️ AI/LLM ENDPOINT DETECTED' and some network requests labeled as AI endpoints on page load. On-load LLM calls can leak prompts, impact performance, and raise privacy concerns if user data is sent to external AI services without explicit consent.
Why it might not be a bug
If these calls are solely for legitimate consent or analytics, they should be clearly documented and gated behind user action. The current presence on load is suspicious and should be reviewed.
Suggested Fix
Defer any LLM/AI endpoint calls until user interaction or explicit consent. Remove hard-coded on-load calls, implement lazy-loading with proper consent prompts, and minimize payload size. Audit all endpoint domains used for AI services and ensure compliant privacy disclosures.
Why Fix
Prevents unintended data exposure, reduces performance impact, and aligns with privacy best practices for GenAI-enabled features.
Route To
Security/Privacy Engineer, Frontend Architect
Page
Engineering the Future: NZ Roadshow - Planit
Tester
Jason · GenAI Code Analyzer
Technical Evidence
Console: ⚠️ AI/LLM ENDPOINT DETECTED
Network: go.planit.com/l/814723/2026-01-14/3p15zk (endpoint URL observed in network activity) or similar AI endpoint references
2
Insecure HTTP request to privacy policy (HTTP mixed content)
CRIT P9
Conf 9/10 OtherSecurity
Prompt to Fix
Audit all network requests in the page for non-HTTPS endpoints. Replace http:// URLs with https://, or use protocol-relative //domain/path. Enforce HTTPS at the server level with strict HSTS if possible and remove any HTTP redirects that degrade UX. Validate that the privacy policy URL is served exclusively over HTTPS and update any service workers or caching rules accordingly.
Why it's a bug
The network activity shows an insecure HTTP request for the privacy policy (INSECURE: HTTP (non-HTTPS) request) and multiple http://www.planit.com/privacy-policy calls. This exposes data to interception, triggers mixed-content warnings, and violates security best practices.
Why it might not be a bug
If this environment intentionally tests fallback redirects, it could be temporary; however, production code should not rely on HTTP and should always use HTTPS.
Suggested Fix
Replace all hardcoded HTTP URLs with HTTPS (or protocol-relative URLs where appropriate). Ensure the server enforces HTTPS with 301/HTTPS redirects and remove any mixed-content references. Audit all external/resource URLs loaded by the page to require secure transport.
Why Fix
Eliminates potential data leakage, improves security posture, and aligns with modern browser expectations for secure content.
Route To
Frontend Security Engineer / DevOps
Page
Privacy Policy - Planit
Tester
Jason · GenAI Code Analyzer
Technical Evidence
Console: ⚠️ INSECURE: HTTP (non-HTTPS) request
Network: GET http://www.planit.com/privacy-policy - Status: N/A
3
AI/LLM endpoints invoked on page load without explicit user consent
CRIT P9
Conf 9/10 Other
Prompt to Fix
Actionable fix: 1) Remove any AI/LLM API calls that run on initial page load. 2) Integrate with the CMP so that LLM endpoints are only invoked after user consents (Accept All / View Preferences). 3) Wrap calls in a consent-guarded function and load assets lazily. 4) Add proper error handling and exponential backoff for retries if needed. 5) Add a test or simulate consent flow to verify that no calls are made prior to consent.
Why it's a bug
The network activity shows AI/LLM endpoint usage detected during initial page load (⚠️ AI/LLM ENDPOINT DETECTED) and a CMP-related URL being queried before user consent is clearly obtained. This can expose user data to external AI services, add latency, and may violate privacy/compliance requirements. The behavior appears to occur before explicit user action.
Why it might not be a bug
Some implementations preload analytics or CMP checks; without full context, a benign preload could be intended for performance or compliance checks. However, the evidence suggests AI endpoints are engaged on load without confirmed consent.
Suggested Fix
Move all AI/LLM API calls behind an explicit consent gate. Do not invoke AI endpoints until the user accepts or configures preferences via the cookie banner. Implement lazy-loading with a feature flag and ensure all endpoints are called only after consent, with data minimization and server-side proxy when possible.
Why Fix
Protect user privacy, reduce data leakage risk, and improve performance. Aligns with privacy laws and user trust expectations.
Route To
Privacy Engineer / Frontend Engineer
Page
Understanding how AI systems fail: A layered failure taxonomy - Planit
Tester
Jason · GenAI Code Analyzer
Technical Evidence
Console: [⚠️ AI/LLM ENDPOINT DETECTED]
Network: GET https://www.planit.com/understanding-how-ai-systems-fail-a-layered-failure-taxonomy/#cmplz-tcf-wrapper - Status: N/A; GET https://go.planit.com/l/814723/2025-01-28/3md2wn - Status: N/A
+181
181 more issues detected  View all →
AI/LLM endpoints detected and loaded on page load
AI/LLM endpoints invoked on page load without explicit conse...
AI/LLM endpoints loaded on page load (potential GenAI integr...
and 178 more...
Animated Demo → Competitive Grid → Category Report →
Generated by Testers.AI · PLANit Quality Scan
Unlock All 184 Issues
You're viewing the top 3 issues for PLANit.
Sign up at Testers.AI to access the full report with all 184 detected issues, detailed fixes, and continuous monitoring.
Sign Up at Testers.AI or let us run the tests for you