WQI.web​qualityindex
Method v1.2.0 86 live / 86 total factors methodology

Homecommhawkglobal.com

commhawkglobal.com

Meets Web Standards
Score withheldNo Web Quality factors graded

verdict counts0 pass0 warn0 fail·method v1.2.0·scanned 2026-04-30

Built by WebEnliven Solutions· detected via regex (90% confidence)

Web Standards · all applicable pillars passed

The table-stakes layer — every site either meets these or doesn’t. The Web Quality score is computed only when Web Standards passes.

Functional

pass3/3

Preconditions for being scored at all — the site responds, isn't on a phishing blocklist, and isn't a parked / for-sale page.

  • Site respondsprecondition
    HTTP 200
  • Not on safe-browsing blocklist
    Not scored in this run
  • No deceptive redirectprecondition
    Final host matches requested (commhawkglobal.com)
  • No critical mixed content
    No mixed content detected

Identity

pass2/2

Whether the site is honest about who runs it and how a visitor can reach a real human.

  • Operator is identifiable
    Organization schema or About page detected
  • At least one contact channel
    Contact form detected
  • Branded domain email
    Not scored in this run

In plain English · 7 questions, drilling down to the 98 factors

A reader-first rollup. Each card maps to the underlying factors — click to expand, or scroll for the full technical breakdown.

Can people find this site?

unscored
Nothing measurable in this scan yet.
  • How your site appears when shared or in search results
    The headline, blurb, and image that show up when someone posts your site on Facebook, sends it in iMessage, or sees it in Google. If they're missing or wrong, you look unfinished or attract the wrong clicks.
  • Hidden labels that explain your business to Google
    Behind the scenes, your pages can carry small tags that tell Google whether you're a restaurant, a dentist, or a law firm — and your hours, prices, and reviews. Without them, Google has to guess, and the rich result with stars and photos goes to a competitor instead.
  • A clear headline on every page
    Every page should announce, in one obvious sentence, what it's about. When that's missing, Google and skim-reading visitors both lose the thread of what you do.
  • A map of your site for search engines
    Google needs a list of every page you want it to find, plus a note about which ones to skip. Without it, parts of your site quietly go missing from search results.
  • Whether your behind-the-scenes labels are valid
    The hidden tags that describe your business to Google only work if they're written correctly. A typo or wrong format and Google ignores them, so the stars, hours, and prices never show up next to your listing.
  • A trail showing where visitors are on your site
    Those little 'Home > Services > Teeth Whitening' trails help Google understand how your pages connect, and they often appear right inside your search result. Without them, your listing looks plainer than competitors'.
  • Common questions answered in a Google-friendly way
    When your FAQs are formatted the way Google likes, your answers can show up directly in search — sometimes before anyone even clicks. That's free real estate competitors are taking from you.
  • Telling Google which language a visitor should see
    If you serve customers in more than one language or country, your site needs to tell Google which version is for whom. Otherwise a Spanish-speaking customer might land on your English page and bounce.
  • How easy it is to reach your deepest pages
    If a customer or Google has to click five or six times from your homepage to find a service or product page, most never make it. Important pages should be two or three clicks away, max.
  • Whether you're listed with the Better Business Bureau
    Older customers and people considering a big-ticket purchase still check the BBB. An accreditation badge — or just a clean profile — quietly answers the question 'is this business real and reachable if something goes wrong?'
  • Visitor privacy on hostile networks
    Hides which website a visitor is opening from coffee-shop WiFi, corporate proxies, and government censors. It's a newer feature, so having it on is a real sign your site is keeping up with the modern web.
  • A summary file for AI assistants
    ChatGPT, Claude, and Perplexity look for a small text file at /llms.txt to understand what your business is and what to say about it. Without it, they guess, and the guess is often wrong.
  • Whether you're letting AI assistants read your site
    Your site can quietly tell ChatGPT, Claude, and Google's AI to stay out — or to come in. If you're blocking them by accident, you're invisible when customers ask AI for a recommendation in your category.
  • A direct line for AI assistants to your business
    A small file you can publish lets AI tools talk to your site directly — checking availability, prices, or booking. Without it, you're missing out as customers shift from Googling to asking ChatGPT.
  • How well your site feeds AI the right facts
    When ChatGPT or Perplexity describes your business, they're pulling from the structured details on your site. The thinner those details, the more the AI guesses — and the more often it gets your hours, prices, or services wrong.

Is it safe to visit?

unscored
Nothing measurable in this scan yet.
  • Browser-level protections for visitors
    Hidden settings your site sends to a visitor's browser to block common attacks like fake login overlays, hijacked sessions, and content sniffing. Modern hosting platforms set them by default; older custom-built sites often don't.
  • Your padlock isn't about to expire
    The little padlock next to your address bar comes from a certificate that has to be renewed on a schedule. If it lapses, every browser slams a full-screen red warning in front of your customers and they bounce.
  • WordPress isn't leaking your usernames
    A default WordPress setting publishes a list of every login name on your site, which attackers feed straight into password-guessing tools. Turning it off takes one plugin or one line of config.
  • Private files aren't open to the public
    Things like login pages, admin panels, and developer files should never be reachable by a stranger typing a guess into their browser. When they are, they become the front door for an attack.
  • Your domain can't be quietly hijacked
    An extra signature on your domain settings that stops attackers on shared WiFi or shady networks from rerouting your customers to a fake version of your site. Most domain registrars offer it as a one-click toggle.
  • Only your approved vendors can issue your padlock
    A short list at your domain registrar that names which companies are allowed to issue security certificates for your site. Without it, a sloppy or compromised certificate vendor anywhere in the world could mint a fake one for your domain.
  • Your site is on the browser-baked-in safe list
    An opt-in list shipped inside Chrome, Safari, and Firefox themselves. Once your domain is on it, browsers will never let a visitor fall back to an unencrypted connection — even before they've ever visited you.
  • Your site uses up-to-date encryption
    Older versions of the encryption that powers the padlock have known holes and were retired by every major browser years ago. If your server still accepts them, security scanners and payment processors will start flagging you.
  • Forgotten subdomains aren't an open door
    If you ever spun up something like blog.yoursite.com or shop.yoursite.com and later abandoned it without cleaning up the DNS, a stranger can sometimes claim that address and put their own content under your name.
  • Your domain isn't on a spam blocklist
    Anti-virus tools, email filters, and corporate firewalls share lists of domains tied to malware or scams. If yours lands on one — even by mistake — your emails go to spam and your site gets blocked at offices and schools.
  • The padlock uses strong, modern math
    Inside every encrypted connection there's a recipe — newer recipes are bank-grade, older ones have known weaknesses. If your server still falls back to the old ones, security scanners and cyber-insurance audits will flag it.
  • Old recordings stay locked even if a key leaks
    If someone ever steals your server's master key, well-built encryption still protects every conversation that happened before the theft. Without it, an attacker who quietly recorded traffic for years can suddenly read all of it.
  • Your padlock isn't using outdated keys
    The certificate behind your padlock is signed with a kind of math that has to keep up with the times. Old, short keys are being phased out — sites still using them will start showing warnings in browsers.
  • Your padlock loads cleanly on every device
    Browsers can usually paper over a half-installed certificate, but phones, apps, and older email clients can't — they'll show an error and refuse to connect. This is one of the most common silently-broken setups on the web.
  • Visitors connect faster on the first click
    A small efficiency where your server checks once that the certificate is still valid and shares the answer with everyone, instead of every visitor's browser making its own trip across the internet to ask. Faster page loads, better privacy.
  • Your certificate is publicly logged
    Every legitimate certificate today gets recorded in a public ledger so fake ones get caught quickly. Browsers refuse to trust certificates that skip this step, and yours needs at least two log entries to clear the bar.
  • Future-proof against tomorrow's computers
    Researchers worry that quantum computers, when they arrive, could crack today's encrypted recordings after the fact. The newest encryption recipes already protect against that — and Chrome and Cloudflare turned them on in 2024.
  • Your padlock renews on a healthy schedule
    Short-lived certificates that auto-renew are the new normal — they prove your renewal automation works and limit the damage if a key ever leaks. Multi-year certificates from old paid vendors are increasingly seen as a smell.
  • Strict mode for your padlock check
    An advanced setting that tells browsers to refuse the connection if the freshness check on your certificate goes missing, instead of quietly accepting it. Rarely turned on — when it is, it's a clear sign someone competent runs the server.
  • Your padlock comes from a reputable vendor
    Some certificate vendors have been kicked out of browsers in the past for sloppy practices. Sticking with a well-known name — Let's Encrypt, DigiCert, Cloudflare, Google, Sectigo — means your padlock keeps working on every device for years.
  • Your site finishes its handshake quickly
    Before a page can even start loading, the browser and server have a quick back-and-forth to set up the encrypted connection. When that takes too long, every first-time visitor feels the lag — and Google notices it too.

Is it fast?

unscored
Nothing measurable in this scan yet.
  • How fast your site loads on a phone
    Google's mobile-first index means slow sites rank lower in search and lose visitors before the page paints. Most fixes are configuration changes, not rebuilds.
  • Your site uses a modern web connection
    An older connection style makes every image, font, and script load one after another instead of together — so your phone visitors wait longer than they should. Flipping this on is usually a single setting at your host.
  • Pages get squeezed before they're sent
    Without compression, your visitors download files that are roughly four times bigger than they need to be — burning their data plan and your search ranking. Every modern host supports this; it's almost always just a checkbox.
  • Your site uses the newest connection style
    The latest version of the web's delivery protocol shaves real time off how fast your site feels, especially on spotty mobile networks. It's a free upgrade that better hosts and CDNs already include.
  • Reachable on the modern internet
    A growing share of phone and home networks now use the newer addressing system. Sites stuck on the old one get a small but real ranking nudge against them and load slower for those visitors.
  • Your photos are saved in modern formats
    Older photo formats can be five times heavier than newer ones, so your homepage drags on a phone and Google notices. Most hosts and platforms can convert your images automatically.
  • How fast your site loads on a laptop
    Even if most visitors are on phones, a sluggish desktop experience hurts the customers most likely to fill out a long form, book a service, or buy something expensive.
  • How real visitors actually experience your speed
    Google quietly collects loading times from actual Chrome users on your site and uses that — not lab tests — to decide your search ranking. If real visitors are seeing slow pages, your rankings already feel it.
  • Photos lower on the page wait their turn
    When every image loads at once, the top of your page stalls because the phone is busy fetching pictures nobody can see yet. Loading them as a visitor scrolls is a one-line fix that makes the first screen pop in faster.
  • Your text shows up while fonts load
    If custom fonts aren't set up right, your headlines stay blank for a second or two — visitors see a flash of nothing where your name should be, then bounce. The fix is one line of code at the font.
  • Your homepage isn't bloated
    A homepage that weighs several megabytes punishes anyone on cell service and silently knocks down your Google ranking. Usually the bulk is one giant hero image or a stack of unused plugins.
  • You're not shipping code visitors don't use
    Themes and page builders often ship piles of features your site never uses, and the visitor's phone has to download all of it anyway. Trimming this is the single biggest speed win on most small-business sites.

Is the business real?

unscored
Nothing measurable in this scan yet.
  • How long your domain has existed
    First-time visitors and fraud-detection systems both treat brand-new domains as suspicious by default. A domain registered yesterday tells the same story to humans and to spam filters.
  • How long your site has been online
    Public web archives quietly record when your site first appeared and how often it's updated. A site with years of history reads as established; a site that just popped up reads as a pop-up.
  • Your listing on Google Maps and search
    When someone Googles your business name, this is the panel that shows your address, hours, photos, phone, and reviews. Without one, a customer ready to walk in the door may end up at a competitor.
  • Whether anyone's written about you lately
    Recent news mentions — local paper, industry blog, podcast — tell both customers and Google that your business is active and relevant. A long silence reads as a business that's gone quiet.
  • Whether you have a Wikipedia entry
    A Wikipedia page is one of the strongest signals to Google and AI assistants that you're a real, notable business. Most small businesses don't have one — but if you're big enough, missing it is a wasted credibility win.
  • Your reviews on Yelp
    Plenty of customers still check Yelp before booking, especially for restaurants, salons, and home services. No listing — or worse, a listing with two angry reviews and no replies — sends them to the next result.
  • Your reviews on Trustpilot
    For online stores and B2B services, Trustpilot is often the first place a cautious buyer checks. An empty profile, or no profile at all, makes it easy to walk away from the purchase.
  • Your company page on LinkedIn
    B2B buyers, recruits, and reporters all check LinkedIn before reaching out. An empty page, or no page, makes you look smaller and less established than you actually are.
  • Your listing on Bing and Microsoft Maps
    Bing powers search for millions of Windows users, ChatGPT search, and DuckDuckGo. Without a listing, you're invisible to all of them — and increasingly to AI tools that pull from Bing.
  • Your listing on Apple Maps
    Every iPhone user who asks Siri for directions or searches Apple Maps is using this. If you're not listed, customers driving toward you literally can't find you.
  • Your site can be saved to a phone's home screen
    When this is set up, customers who use your site often can pin it to their home screen like an app — which keeps you a tap away instead of buried in a search. It's a small file, but a missing one signals an older build.
  • Your site can work for a moment offline
    Modern sites can show a useful page even when a customer's phone briefly loses signal — like in an elevator or a bad reception area. Without it, they get a blank error and assume your site is broken.
  • Whether your site is set up to take payments online
    If you sell anything, customers expect to pay on the site without a phone call or invoice email. Missing checkout means lost sales the moment they hesitate.
  • A contact form people can actually find
    A visible 'get in touch' form is the easiest way to turn a curious visitor into a lead. If finding one takes more than a few seconds, most people just close the tab.

Does it respect visitor privacy?

unscored
Nothing measurable in this scan yet.
  • Cookie consent banner for European visitors
    If anyone from the European Union or California can land on your site, the privacy laws there (GDPR and CCPA) require a banner that lets visitors say no to tracking. Fines start at thousands of dollars and the regulators don't warn you first.
  • You have a privacy policy page
    Every state and country with a privacy law requires one, and Google, Apple, and Meta all refuse to run ads from sites without it. Missing this is the fastest way to get an ad account suspended or a lawyer's letter.
  • You have a terms of service page
    Without one, you have no written agreement with the people using your site — which makes refund disputes, chargebacks, and copied content much harder to fight. A basic version takes an afternoon and protects you for years.
  • How many outside companies you let watch your visitors
    Every analytics, ad, and chat tool you've added quietly shares your visitors' behavior with another company — and you're legally on the hook for what they do with it. Most small-business sites are running twice as many as the owner realizes.
  • California privacy opt-out link
    California law requires a clearly labeled "Do Not Sell or Share My Personal Information" link in your footer if you have visitors from California and use ad or analytics tools. The state Attorney General has been actively fining small businesses for missing it.
  • What your site actually drops on visitors' phones
    Tools like Facebook Pixel and Google Ads quietly set tracking cookies the moment someone lands — often before they've agreed to anything. Under European and California law, that gap between landing and consent is what triggers fines.

Can everyone use it?

unscored
Nothing measurable in this scan yet.
  • You have an accessibility statement
    Posting one signals to the courts and to disabled visitors that you're taking accessibility seriously, and it's the first thing a plaintiff's lawyer looks for when deciding whom to sue. Roughly 4,000 small businesses got accessibility lawsuits last year.
  • Your site works for visitors with disabilities
    About one in four American adults has a disability the courts recognize, and your site is legally required to work for them under the Americans with Disabilities Act (ADA). Lawsuits over this hit small businesses every week, and most settle for $5,000 to $20,000.
  • Your photos have written descriptions
    Blind visitors use software that reads pages out loud, and it can only describe a photo if you've written a short caption behind it. Missing alt text is the single most common item cited in accessibility lawsuits — and Google uses the same text to understand your images.
  • Your headings are in a sensible order
    Screen readers let blind visitors jump heading-to-heading the way you skim with your eyes — but only if the headings are nested in order. Out-of-order headings also confuse Google about what your page is actually about.
  • Text is dark enough to read
    Pale-gray text on white is the single most-cited problem in accessibility lawsuits. It also loses customers over 50, who already squint at their phones.
  • Your buttons and forms are labeled for screen readers
    When a button is just an icon — a magnifying glass, a hamburger menu, a shopping cart — a blind visitor's screen reader has nothing to announce unless someone added a hidden label. Without these, your contact form and checkout are unusable for them, and that's the kind of thing that ends up in a demand letter.
  • A way to skip past the menu
    Visitors who navigate by keyboard instead of mouse — usually because of a motor or vision impairment — otherwise have to tab through every nav link on every page just to reach your content. It's a small link at the top, and it's checked in nearly every accessibility audit.

Will email from this domain actually arrive?

unscored
Nothing measurable in this scan yet.
  • Stops scammers from emailing customers as you
    Without this, anyone can send phishing email pretending to be from your business — and your customers may receive it as if it really came from you. The fix is a few DNS records your email provider can usually add in under an hour.
  • Proves your email actually came from you
    When your email arrives, this is the invisible signature that tells Gmail and Outlook it really came from your business and wasn't tampered with along the way. Without it, your messages are more likely to land in spam or get blocked.
  • Lists who's allowed to email as your business
    This tells the rest of the internet which mail services — your provider, your booking system, your CRM — are actually permitted to send email from your domain. Without it, your real messages look as suspicious as a stranger's, and your invoices and confirmations start hitting spam.
  • Keeps your email private in transit
    These settings tell other mail servers they must use encryption when delivering email to you, so an attacker on the network can't read or quietly redirect it. Most small businesses don't have this turned on yet, and the bigger your domain gets, the more it matters.
  • Shows your logo next to your emails
    When this is set up, Gmail and Apple Mail can display your verified logo in the inbox next to messages from your business — which both looks more professional and helps customers spot real email from you versus impersonators.
  • You email from your own domain, not Gmail
    Customers trust hello@yourbusiness.com a lot more than yourbusiness@gmail.com — the free address makes a real company look like a side hustle, and it's one of the fastest ways to lose a lead before they even reply.
  • What's actually running your email
    We can usually tell whether your email is on Google Workspace, Microsoft 365, your web host, or something custom. The platform behind your email shapes how reliable it is, how well it filters spam, and how easy it is for a new employee to get an inbox.
  • You get reports when someone fakes your email
    When this is on, mail providers send you a daily summary of who tried to send email pretending to be your business — so you can spot impersonation attempts before customers do. Without it, scammers can spoof you for months and you'd never know.
  • A real tool for sending newsletters
    If your business sends marketing email, doing it through a service like Mailchimp or Klaviyo (instead of from your personal inbox) is what keeps you out of spam folders and out of legal trouble with unsubscribe rules.
  • A real tool for sending receipts and confirmations
    Order confirmations, password resets, and appointment reminders need to land in the inbox every single time. Sending them through a dedicated service — instead of straight from your website — is the difference between customers getting their receipt and them calling you confused.
  • Your email setup is under a hidden limit
    There's a behind-the-scenes ceiling on how many email tools can be authorized to send as your business at once. When you add too many — newsletter, booking, invoicing, helpdesk — you quietly cross the line and all of them start landing in spam.
  • A clickable email link on your site
    On a phone, tapping an email address should open the mail app with everything pre-filled. When it's just text someone has to copy and paste, half of them give up.
  • Your email is being forwarded, not hosted
    Instead of having a real inbox at your domain, mail to your address is being bounced over to a personal Gmail or Yahoo account. It works, but it's fragile — replies often look broken to customers, and the setup tends to fall apart as your business grows.

Technical breakdown · deeper data behind the verdict

Categories

8 categories · worst grade A
CategoryGradeScoreApplicable
Security 0/21
Performance 0/12
SEO 0/11
AI-readiness 0/4
Privacy 0/6
Accessibility 0/7
Brand presence 0/21
Email health 0/16

Standards compliance

0 satisfied · 0 partial · 0 failed · 100 n/a

All applicable standards are currently satisfied.

View all 100 standards →

Site profile + facts

Corporate / B2B · 12 attributes detected

Classification driving applicability · deep detection

Site type
Corporate / B2Bconfidence 20%
Vertical
Other
Jurisdiction
Other / unknown
Detected stack
cms: wordpress · hosting: cloudflare-pages · cdn: cloudflare

Site facts

Hosting
Managed host
CDN / WAF
DNS provider
Platform
Email provider
Spam protection
Mail forwarder
Marketing ESP
DMARC policy
Hosting country
Registrar

All factors

0 scored · 0 pass · 0 warn · 0 fail of 0 applicable
#FactorCategoryVerdictScoreEvidence
writes a fresh score to the registry

Scores computed under method v1.2.0. See the methodology for the full factor list and per-factor specifications.