Searchflex has an urgent data privacy crisis that requires immediate action: credit card numbers are being transmitted directly to Meta Pixel, a critical violation that exposes the business to severe regulatory penalties under GDPR, CCPA, and payment industry standards. The audit returned a score of 0 out of 100, reflecting the gravity of the situation across a single URL tested, which recorded 2 critical and 17 high severity issues. Compounding the PII exposure, phone numbers are also being sent to Meta Pixel on multiple occasions, and tracking tags are firing even after users select "Reject All" — a direct breach of consent requirements that undermines the legitimacy of the entire consent mechanism. Collectively, these findings indicate that Searchflex's tag management and data layer configurations are fundamentally misconfigured, with no effective controls preventing sensitive personal and financial data from reaching third-party advertising platforms. Remediation should be treated as a business-critical priority, beginning immediately with the suppression of the Meta Pixel and a full review of consent enforcement logic before any further traffic is processed.
Searchflex's GA4 property (475597986) is recording a perfect trust score of 100, indicating no data integrity issues with the events that are being tracked; however, the property is capturing zero revenue, zero purchase events, and zero e-commerce funnel activity across all stages — from product views through to checkout. This means either the storefront is pre-launch with no live traffic, or the e-commerce tracking implementation is fundamentally absent or broken, rendering the property commercially blind. Immediate action is required to validate and deploy end-to-end e-commerce event tracking before any meaningful performance analysis or optimisation can take place.
Searchflex's mobile performance score of 51 puts it squarely in Google's 'poor' CWV tier, creating a direct ranking disadvantage against competitors already in the 'good' band — and with over 57 seconds of aggregate third-party blocking time on mobile alone, visitors are bouncing before pages become interactive, which means paid traffic from Facebook and Google Ads is being bought and then wasted. The single largest revenue-adjacent issue is that the very tools used to measure and drive conversions — GTM, Facebook Pixel, and Hotjar — are the primary cause of the slowdown, creating a paradox where the marketing stack is actively suppressing the results it's meant to improve.
Detected credit_card in params ['post_body'] of https://www.facebook.com/tr/
Fix: Hash, redact, or remove PII before sending. Use Enhanced Conversions / CAPI with hashed values where required.
Google Tag Manager appears on 97/100 pages (97%). Mean blocking per page: 239ms. Total main-thread time: 43584ms. Transfer: 35561KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Google Tag Manager is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Google Tag Manager appears on 96/100 pages (96%). Mean blocking per page: 233ms. Total main-thread time: 42221ms. Transfer: 35961KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Google Tag Manager is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Facebook appears on 97/100 pages (97%). Mean blocking per page: 222ms. Total main-thread time: 40751ms. Transfer: 22281KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Facebook is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Facebook appears on 96/100 pages (96%). Mean blocking per page: 221ms. Total main-thread time: 40291ms. Transfer: 22060KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Facebook is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Hotjar appears on 97/100 pages (97%). Mean blocking per page: 127ms. Total main-thread time: 25460ms. Transfer: 6160KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Hotjar is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Hotjar appears on 96/100 pages (96%). Mean blocking per page: 122ms. Total main-thread time: 24478ms. Transfer: 6105KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Hotjar is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Cloudflare CDN appears on 97/100 pages (97%). Mean blocking per page: 41ms. Total main-thread time: 11582ms. Transfer: 2694KB sitewide.
Fix: Because Cloudflare CDN is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Cloudflare CDN appears on 96/100 pages (96%). Mean blocking per page: 35ms. Total main-thread time: 10413ms. Transfer: 2666KB sitewide.
Fix: Because Cloudflare CDN is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Rank #1 by blocking time on this page. Calendly transfers 1699 KB and keeps the main thread busy for 2209ms, delaying INP and TBT.
Fix: Load Calendly with `async defer`, push it as late as safely possible, and if it's tag-manager-loaded, add a consent trigger. If it's not strictly needed for functionality, lazy-load on first interaction.
Rank #1 by blocking time on this page. Calendly transfers 1700 KB and keeps the main thread busy for 2184ms, delaying INP and TBT.
Fix: Load Calendly with `async defer`, push it as late as safely possible, and if it's tag-manager-loaded, add a consent trigger. If it's not strictly needed for functionality, lazy-load on first interaction.
Rank #1 by blocking time on this page. Calendly transfers 1699 KB and keeps the main thread busy for 2139ms, delaying INP and TBT.
Fix: Load Calendly with `async defer`, push it as late as safely possible, and if it's tag-manager-loaded, add a consent trigger. If it's not strictly needed for functionality, lazy-load on first interaction.
+ 795 more findings — see the detailed dashboards.