Skip to main content
Free Website Scan — No Signup Required

Scan Results

Here is what we found for www.redevice.com.my. Review the checks below and take action on anything flagged in red.

96 / 100

Overall Score: 96/100

Great job! Your website covers most of the fundamentals. There are still a few areas worth improving.

35 Passed
1 Warnings
1 Failed

Website Preview

https://www.redevice.com.my/

Capturing screenshot…

Google SERP Preview

This is how your page may appear in Google search results.

https://www.redevice.com.my
iPhone Repair Sungai Petani (SP) | Kedai Repair Phone — ReDevice
iPhone repair Sungai Petani (SP) — kedai repair phone semua model. Tukar LCD, bateri dari RM99, warranty 10 bulan, siap 15-45 minit. ☎ 013-407 0085.

Domain Information

Loading domain information…

CDN & Infrastructure

Server Location Malaysia

185.93.164.202

Provider LiteSpeed

LiteSpeed

Provider jsDelivr

detected in HTML

Provider Google Fonts

detected in HTML

PageSpeed Insights

Powered by Google Lighthouse. Scores are out of 100.

Running Lighthouse audit… This may take up to 60 seconds.

Detailed Analysis

SEO

Search engine optimisation checks

SEO

Page Title

Title: "iPhone Repair Sungai Petani (SP) | Kedai Repair Phone — ReDevice" (64 chars). Too long, may be truncated in search results. Aim for 50-60 characters.

Recommendation: Write a unique, descriptive <title> tag (50-60 characters) that includes your main keyword.
SEO

Meta Description

Description (148 chars). Ideal length for search results.

SEO

H1 Heading

One H1 heading found correct structure.

SEO

Image Alt Attributes

All 21 images have alt attributes good for accessibility and SEO.

SEO

Canonical URL

Canonical tag found helps prevent duplicate content issues in search engines.

SEO

Robots Noindex Check

No noindex directive found your page is eligible for Google indexing.

SEO

Schema.org Structured Data

Structured data (Schema.org) detected this helps Google display rich snippets in search results.

SEO

URL Length

URL is 28 characters. Good — short URLs are easier to share and rank better in search.

SEO

Content Length

2183 words detected. Good content length — enough for search engines to understand and rank the page.

SEO

Hreflang Tags

2 hreflang tag(s) found: ms-MY, x-default. Search engines will serve the correct language version to users.

SEO

Noindex Header Test

No noindex directive in HTTP headers (X-Robots-Tag). The server is not blocking indexing via response headers.

SEO

Robots.txt

robots.txt file found with valid directives. This file controls which parts of your site search engines can crawl.

SEO

Blocked by Robots.txt

This page is NOT blocked by robots.txt. Search engines are free to crawl and index it.

SEO

LLM.txt

llms.txt file found. This helps AI language models (ChatGPT, Claude, Gemini, etc.) accurately describe your business and services.

SEO

XML Sitemap

XML sitemap found at /sitemap.xml. Also referenced in robots.txt.

SEO

WWW Redirect Consistency

Both www and non-www versions resolve. redevice.com.my correctly redirects to www.redevice.com.my.

Security

Security and safety checks

Security

HTTPS / SSL Certificate

Your site uses HTTPS good for security and Google rankings.

Security

Security Headers

4 of 5 security headers found: X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security (HSTS), X-XSS-Protection.

Security

Server Technology Exposure

No server technology or version information is leaked in HTTP headers.

Security

Permissions-Policy

No Permissions-Policy header. Third-party scripts could access browser features like camera, microphone, or geolocation without restriction.

Recommendation: Add a Permissions-Policy header to restrict browser features, e.g.: Permissions-Policy: camera=(), microphone=(), geolocation=()
Security

Referrer-Policy

Referrer-Policy is configured. Controls how much URL information is shared when navigating to other sites.

Security

Google Safe Browsing

Checking Google Safe Browsing…

Security

VirusTotal Reputation

Checking VirusTotal threat intelligence…

Security

Malware & Suspicious Code

No common malware indicators found in the page source. No hidden iframes, obfuscated scripts, crypto miners, or suspicious redirects detected.

Security

Cookie Security

All cookies have proper security attributes, or no cookies were set on initial load.

Security

Mixed Content

No mixed content detected. All resources load over HTTPS.

Security

JS Library Versions

No outdated JavaScript libraries detected in page source.

Security

Staging / Debug References

No staging, development, or debug references found in page source.

Performance

Speed and delivery checks

Performance

Server Response Time

Your server responded in 0.04s. Excellent response time.

Performance

HTML Page Size

HTML size is 158 KB lightweight and fast to download.

Performance

Gzip / Brotli Compression

Compression is enabled pages are served compressed to reduce transfer size.

Performance

Cache Headers

Caching is active: Cache-Control: public, max-age=3600, must-revalidate. Expires: Sat, 11 Jul 2026 20:07:01 GMT. Last-Modified present.

Performance

China Firewall Compatibility

Server location: Malaysia. Your site loads 4 resource(s) that may be blocked in China: Google Fonts, Google Tag Manager, Facebook, Instagram. If you need to reach visitors in mainland China, these may need to be replaced. Contact us for a China compatibility audit.

Mobile & UX

Mobile-friendliness and user experience

Mobile

Viewport Meta Tag

Viewport meta tag is present your site should render properly on mobile devices.

UX

Favicon

Favicon found your site has a browser tab icon.

Social & Analytics

Social sharing and tracking

Social

Open Graph Tags

Open Graph tags detected your page will display properly when shared on Facebook, LinkedIn, and WhatsApp.

Analytics

Analytics Detection

Analytics detected: Google Tag Manager, Google Analytics (gtag.js), Google Analytics 4.

Need help fixing these issues?

Our team can optimise your website for speed, SEO, and security. Get a free consultation no obligations.

Website Scan FAQ

Common questions about our free website scanning tool.

Our scanner runs 37+ checks across SEO, security, performance, and WordPress. General checks cover: HTTPS/SSL, server response time, page size, gzip/Brotli compression, title tag, meta description, viewport meta, H1 heading, image alt attributes, Open Graph tags, canonical URL, security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy), cookie security (Secure, HttpOnly, SameSite), robots noindex, favicon, Schema.org structured data, server technology exposure, cache headers, mixed content detection, outdated JavaScript libraries, China Firewall compatibility, URL length, content length, hreflang tags, X-Robots-Tag, robots.txt, llms.txt, XML sitemap, analytics, and staging/debug reference detection. For WordPress sites, we run a full deep audit including: version check, theme & plugin detection, WPScan known CVEs, endpoint security (wp-login.php, xmlrpc.php, wp-cron.php, author enumeration), file exposure (readme.html, license.txt, debug.log, error_log, backup files), directory listing, and information leakage (generator tag, RSD, WLW manifest, oEmbed). We also run a full Google PageSpeed Insights audit showing Performance, Accessibility, Best Practices, and SEO scores plus Core Web Vitals (FCP, LCP, TBT, CLS) for both mobile and desktop.
Yes, completely free with no signup required. Enter your URL, hit Scan Now, and get your results in seconds. No email, no credit card, no strings attached.
Most free scanners only check basic SEO or performance. Ours goes deeper — especially for WordPress sites. We probe actual endpoints like xmlrpc.php and wp-cron.php, check for exposed error logs and backup files, detect information leakage signals, and cross-reference your plugins and themes against the WPScan vulnerability database. We also check cookie security attributes, mixed content, and outdated JavaScript libraries that could expose your users to attacks.
The scan provides a reliable snapshot of your website’s fundamentals. It checks the same core metrics that affect Google rankings and user experience. For a deeper audit covering Core Web Vitals, database queries, and server-level issues, contact us for a full audit.
Aim for 80 or above. A score of 80–100 means your fundamentals are solid. Below 50 means there are critical issues hurting your SEO and user experience that should be fixed urgently.
For WordPress sites, we run a dedicated security audit on top of the standard checks. This includes: whether wp-login.php is exposed, if xmlrpc.php is accessible (a common attack vector for brute-force and DDoS amplification), whether wp-cron.php can be triggered publicly, if author enumeration is possible via ?author=1, whether sensitive files like readme.html, license.txt, debug.log, PHP error logs, and backup config files are publicly accessible, directory listing status on core WordPress folders, information leakage signals like generator meta tags and RSD/WLW manifest links, and known security vulnerabilities in your WordPress version, theme, and plugins via the WPScan database.
If the scan finds any of these, fix them immediately: exposed debug.log or error_log files (they can contain passwords and API keys), publicly accessible wp-config.php backups or .env files (contain database credentials), xmlrpc.php accessible (enables brute-force attacks at scale), and known CVEs in your plugins or theme. After that, address author enumeration, wp-cron.php exposure, and information leakage signals.
Absolutely. We specialise in WordPress optimisation, server hardening, and technical SEO. Most fixes can be completed within 48 hours. WhatsApp us with your scan results and we will give you a free quote.
It works for any publicly accessible website — WordPress, Shopify, Wix, custom-built, or any other platform. The URL must start with http:// or https:// and be reachable from our servers. The deep WordPress audit only runs when WordPress is detected.
No. The scan makes a small number of lightweight requests to your website, similar to normal visitors loading your page. For WordPress sites, additional HEAD requests are made to probe specific endpoints — these are read-only and cause no meaningful load.
We recommend scanning after every major update — plugin updates, theme changes, hosting migrations, or content overhauls. A monthly check is a good habit to catch newly disclosed CVEs, configuration drift, and any files that may have been accidentally exposed.

Disclaimer: This scan is provided for informational purposes only and does not constitute professional security advice. XCII Technologies makes no warranties regarding the accuracy, completeness, or reliability of the results. Third-party data sources used in this report include:

  • Domain & WHOIS data — sourced via the IANA RDAP Bootstrap service, with registry and registrar RDAP referral. Providers include MYNIC (.my domains), Google Registry (.app, .dev, .page, .new and other Google TLDs), Verisign, PIR (.org), Identity Digital, Aliyun, CNNIC (.cn domains), and individual registrar RDAP endpoints. Accuracy depends on the respective provider.
  • PageSpeed Insights — performance, accessibility, best practices, and SEO audits are powered by Google PageSpeed Insights and Lighthouse. Results may vary between runs.
  • Google Safe Browsing — threat detection data is provided by Google Safe Browsing. A clean result does not guarantee the site is free from all threats.
  • VirusTotal — domain and IP reputation data is provided by VirusTotal (a Google subsidiary). Results reflect analysis from 70+ security vendors and may include false positives.
  • WPScan Vulnerability Database — WordPress vulnerability data is provided by WPScan. Coverage depends on their database and may not include all known vulnerabilities.
  • WPVulnerability Database — WordPress, PHP, Apache, and nginx vulnerability data is provided by WPVulnerability. This free, community-maintained database may not include all known vulnerabilities.
  • WordPress.org & Envato — plugin and theme metadata is sourced from WordPress.org and Envato/CodeCanyon APIs.
  • Joomla Extensions Directory — Joomla extension metadata is sourced from the Joomla Extensions Directory (JED). Not all extensions may be listed in JED.
  • Server geolocation — IP-based server location data is provided by ip-api.com. Geolocation accuracy may vary.

XCII Technologies is not affiliated with any of the above services and is not responsible for the data they provide. Use this report at your own discretion.