Searchflex has a severe and urgent data privacy crisis that requires immediate attention: credit card details are being transmitted to Meta Pixel, a critical compliance failure that exposes the business to significant regulatory risk under GDPR, CCPA, and payment card industry standards. The overall audit score is 0 out of 100, reflecting the gravity of the issues uncovered across just a single URL audited. Compounding the PII breach, tags are continuing to fire even after users select "Reject All" on the consent banner, meaning consent signals are being ignored entirely and user choices are not being honoured. On the implementation side, there are also duplicate installs of both GA4 and Google Tag Manager, which will corrupt analytics data and inflate reported metrics, making any business decisions based on that data unreliable. With 23 issues in total — two critical and 21 high severity — this site should be treated as non-compliant with immediate remediation required, starting with the suppression of all tags pending a full consent and data layer audit.
Searchflex (GA4 property 475597986) has recorded 3,756 sessions but zero measurable conversion events of any kind — no form submissions, no lead events, no click-to-call, and no email clicks — meaning the business is operating entirely blind to whether any of that traffic is generating leads. With a trust score of 75 and full session data flowing, the instrumentation gap is almost certainly a tracking configuration issue rather than a traffic or form problem. Resolving this is the single highest-leverage action available: until conversions are measured, no channel, campaign, or landing page can be optimised with confidence.
Searchflex's mobile Core Web Vitals are failing at a speed score of 52, creating direct Google ranking risk across all 100 audited URLs; the single biggest revenue-adjacent issue is that GTM, Facebook Pixel, and Hotjar are collectively blocking the main thread for over 57 seconds in aggregate on mobile alone, meaning visitors — especially those on paid campaigns driven by that very Facebook Pixel — are waiting several seconds before they can interact with the page. Fixing just the tag-loading strategy is projected to lift desktop scores by up to 7 points and cut Total Blocking Time nearly in half, with mobile gains expected to be at least equivalent.
Searchflex's 152-page site achieves 100% raw schema coverage but only 43/100 compliance, with 92 pages missing required schema types across three high-priority page buckets. The most damaging gap is 78 service pages with zero Service schema, directly blocking rich-result eligibility for Searchflex's core revenue-driving pages. Resolving the Service, Product/Offer, and JobPosting gaps is estimated to restore structured-data signals on 60%+ of the crawled estate.
Detected credit_card in params ['post_body'] of https://www.facebook.com/tr/
Fix: Hash, redact, or remove PII before sending. Use Enhanced Conversions / CAPI with hashed values where required.
GA4 has zero events for any of: generate_lead, form_submit, contact, phone_call, email_click. For a lead-gen site this means there's no measurable conversion happening — either the tracking isn't wired up, or the events are named differently and need standardising.
Fix: Wire up `generate_lead` (Google's recommended event) on every form submit and key conversion action. If you already track a custom event name, add `generate_lead` alongside it for Google Ads / GA4 conversion modelling consistency.
Google Tag Manager appears on 98/100 pages (98%). Mean blocking per page: 237ms. Total main-thread time: 43724ms. Transfer: 37248KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Google Tag Manager is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Google Tag Manager appears on 96/100 pages (96%). Mean blocking per page: 238ms. Total main-thread time: 42924ms. Transfer: 36308KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Google Tag Manager is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Facebook appears on 96/100 pages (96%). Mean blocking per page: 232ms. Total main-thread time: 41999ms. Transfer: 22057KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Facebook is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Facebook appears on 98/100 pages (98%). Mean blocking per page: 225ms. Total main-thread time: 41751ms. Transfer: 22519KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Facebook is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Hotjar appears on 96/100 pages (96%). Mean blocking per page: 127ms. Total main-thread time: 25266ms. Transfer: 6096KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Hotjar is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Hotjar appears on 98/100 pages (98%). Mean blocking per page: 125ms. Total main-thread time: 25318ms. Transfer: 6223KB sitewide. Fires BEFORE consent on pages with a CMP — degrading experience even for users who reject cookies.
Fix: Because Hotjar is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Cloudflare CDN appears on 96/100 pages (96%). Mean blocking per page: 34ms. Total main-thread time: 10232ms. Transfer: 2666KB sitewide.
Fix: Because Cloudflare CDN is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Cloudflare CDN appears on 98/100 pages (98%). Mean blocking per page: 32ms. Total main-thread time: 10198ms. Transfer: 2722KB sitewide.
Fix: Because Cloudflare CDN is on most of the site, fixing it once yields a sitewide lift. Move it behind a consent trigger, defer until user interaction, or switch to server-side tagging if it supports it.
Rank #1 by blocking time on this page. Google Tag Manager transfers 295 KB and keeps the main thread busy for 2863ms, delaying INP and TBT.
Fix: GTM's own weight usually means a lot of tags. Run GTM Preview and look for tags firing on every page that could be scoped to specific events or URLs.
Rank #1 by blocking time on this page. Calendly transfers 1700 KB and keeps the main thread busy for 2241ms, delaying INP and TBT.
Fix: Load Calendly with `async defer`, push it as late as safely possible, and if it's tag-manager-loaded, add a consent trigger. If it's not strictly needed for functionality, lazy-load on first interaction.
+ 795 more findings — see the detailed dashboards.