Inspector
Issues How Inspector turns raw check data into a prioritized list of fixes - severities, categories, evidence, and recommendations.
The Issues panel is the user-facing payoff of every Inspector run. After all six checks settle, a rule engine walks the collected data and emits a prioritized list of findings - each with a severity, a category, the evidence we based it on, and a concrete recommendation.
This is not a passthrough of any single tool's audits. Inspector derives its own findings from CrUX field data, raw response headers, the SSL chain, WHOIS dates, the robots.txt parse tree, and the headless Chrome capture, then merges them into one consolidated view.
The Issues panel appears on every completed inspection. It opens with the count: Issues (24) .
Three filter rows let you narrow the list:
Severity - All, Critical, Warning, Info, each with its own countCategory - dynamically generated from the categories that fired (e.g. SEO, SSL, CWV, Headers, Caching)
Each issue card shows:
A severity icon - red filled circle (critical), orange triangle (warning), blue info icon (info)
The title - short and action-oriented (e.g. "Largest Contentful Paint is poor" , "SSL certificate expires in 12 days" )
Severity and category badgesAn estimated savings chip when available - e.g. "Save 340 KB" or "Save ~600 ms"
A description - one to three sentences explaining the finding
A recommendation - the concrete next step, marked with a lightbulb icon
An evidence block - the raw numbers we based the finding on, expandable on demand
Issues are sorted by severity descending, then by base deduction, then by estimated savings - the things that matter most are at the top.
Severity Meaning Critical Fundamental failure - the page is broken, insecure, or invisible to search engines Warning Significant problem - measurably harms users or search visibility Info Minor or advisory - best practice not followed but no immediate harm
Severity also caps how much a single issue can deduct from the Inspector Score: warnings are capped at 4 points each, info issues at 1.5 points each, and criticals can consume their full sub-pillar budget. See Inspector Score for the full deduction model.
Every issue is tagged with one of six categories:
Category What it covers Performance Speed, Core Web Vitals, lab vitals, page weight, code efficiency, main-thread health SEO Crawlability, on-page fundamentals, JS rendering parity, structured data, rich results Security SSL/TLS, security headers, mixed content, cookie hygiene, content security Infrastructure Caching, compression, HTTP version, operational maturity (sourcemaps, manifest, service worker) Availability HTTP status, server response time, console errors, failed subresource requests Domain WHOIS findings - advisory only, no score impact
Categories drive the filter pills at the top of the Issues panel and also map to the pillar breakdown on the score card.
The catalog below lists every issue Inspector can produce, grouped by sub-pillar to mirror the deduction model on the Inspector Score page. Each row is the title you'll see on the issue card in the Issues panel; the actual on-screen text often inlines specific numbers (e.g. "Largest Contentful Paint at 4820 ms" ).
An issue with multiple severity tiers is listed once per tier. Issues marked Fatal trigger the cross-pillar 0.85x score multiplier.
Issue Severity Trigger LCP at p75 is poor Critical CrUX p75 LCP > 4000 ms LCP at p75 needs improvement Warning CrUX p75 LCP 2500-4000 ms INP at p75 is poor Critical CrUX p75 INP > 500 ms INP at p75 needs improvement Warning CrUX p75 INP 200-500 ms CLS at p75 is poor Critical CrUX p75 CLS > 0.25 CLS at p75 needs improvement Warning CrUX p75 CLS 0.1-0.25 FCP is slow at p75 Warning CrUX p75 FCP > 3000 ms TTFB is slow at p75 Warning CrUX p75 TTFB > 1800 ms Mobile LCP is much slower than desktop Warning Desktop p75 LCP < 2000 ms but mobile p75 LCP > 4000 ms No CrUX field data for this URL Info URL has too little Chrome traffic for Google to publish field data Largest Contentful Paint is slow Critical Lab LCP > 4000 ms Largest Contentful Paint is slow Warning Lab LCP 2500-4000 ms First Contentful Paint is slow Critical Lab FCP > 3000 ms First Contentful Paint is slow Warning Lab FCP 1800-3000 ms Cumulative Layout Shift is high Critical Lab CLS > 0.25 Cumulative Layout Shift is high Warning Lab CLS 0.1-0.25 Simulated INP is slow Critical Simulated INP > 500 ms Simulated INP is slow Warning Simulated INP 200-500 ms LCP has multiple contributing bottlenecks Critical LCP breakdown shows multiple bottlenecks (> 4000 ms) LCP has contributing bottlenecks Warning LCP breakdown shows bottlenecks (2500-4000 ms) LCP element renders below the fold Warning LCP element is below the initial viewport LCP element renders borderline below the fold Info LCP element marginally below the initial viewport Real users see much slower paints than the lab run Info CrUX field LCP and Chrome lab metrics disagree noticeably
Issue Severity Trigger Page weight is high Critical Total page weight > 5 MB Page weight is high Warning Total page weight > 1.5 MB Heavy JavaScript payload Critical Total JS > 1500 KB Heavy JavaScript payload Warning Total JS > 750 KB Heavy CSS payload Warning Total CSS > 500 KB Heavy CSS payload Info Total CSS > 200 KB Oversized images Warning Individual images > 200 KB Legacy-format images Warning 5+ images in JPEG/PNG where AVIF/WebP would save > 25% Legacy-format images Info 1-4 legacy-format images Many HTTP requests on this page Critical > 200 HTTP requests Many HTTP requests on this page Warning > 100 HTTP requests Large DOM Critical DOM > 3000 nodes or depth > 60 Large DOM Warning DOM > 1500 nodes or depth > 32 Heavy third-party payload Critical Third-party resources > 1500 KB Heavy third-party payload Warning Third-party resources > 250 KB Many distinct origins contacted Warning 20+ distinct origins contacted Many web font files loaded Warning 10+ font files Many web font files loaded Info 6+ font files Many JavaScript files loaded Warning 50+ script elements (or 80+ for higher tier) Many JavaScript files loaded Info 30+ script elements Many iframes embedded on this page Warning Many iframes embedded on the page DOM dominated by structural wrapper elements Info LayoutObjects-to-DOM ratio < 30% on 500+ node pages
Issue Severity Trigger Unused JavaScript shipped to the browser Critical Unused JavaScript > 500 KB Unused JavaScript shipped to the browser Warning Unused JavaScript present Unused CSS shipped to the browser Warning Significant unused CSS Duplicate JavaScript modules shipped Critical Duplicate modules waste > 200 KB Duplicate JavaScript modules shipped Warning Duplicate modules waste > 10 KB Legacy / polyfill code shipped Info Legacy polyfills or transpilation detected
Issue Severity Trigger Long tasks block the main thread Critical Total long-task time > 1000 ms or > 10 tasks Long tasks block the main thread Warning Long tasks present (> 200 ms total) Single script causes heavy main-thread blocking Critical Top script blocking > 500 ms Single script causes heavy main-thread blocking Warning Top script blocking > 100 ms Render-blocking resources in <head> Critical Render-blocking resources > 200 KB Render-blocking resources in <head> Warning Render-blocking resources present Layout thrashing detected Warning Forced synchronous layouts in trace Third parties consume main-thread time Critical Third-party blocking > 500 ms Third parties consume main-thread time Warning Third-party blocking > 75 ms Excessive style recalc / forced layouts Warning > 500 style recalculations or > 200 forced layouts window.load fires slowlyCritical Load event > 10 s window.load fires slowlyWarning Load event > 5 s Slow web font loading Warning Font download > 500 ms JS heap grows during idle Critical JS heap grows > 10 MB during idle JS heap grows during idle Warning JS heap grows > 1 MB during idle JS heap is heavily fragmented Info Allocated JS heap is 70%+ unused High JavaScript heap usage Critical JS heap usage critically high High JavaScript heap usage Warning JS heap usage exceeds threshold Same URL fetched more than once Warning Same URL loaded 2+ times Critical resources fetched at sub-optimal priority Warning Critical resources missing priority hints Preload / preconnect opportunities detected Warning Late-discovered critical resources should use preload / preconnect
Issue Severity Trigger Page is set to noindex Critical (Fatal) Page has a noindex directive in meta or HTTP header This URL is blocked by robots.txt Critical (Fatal) robots.txt disallows the URL for * This URL is blocked specifically for Googlebot Critical (Fatal) robots.txt disallows the URL for Googlebot robots.txt blocks a major search engine Warning Bing, Yandex, Baidu, or DuckDuckGo blocked Plain HTTP is not redirected to HTTPS Critical http:// URL does not redirect to https://Multiple redirects before reaching the final URL Warning 3+ redirects before final URL Redirects during page load Warning 5+ redirects in resource loading Redirects during page load Info 3+ redirects in resource loading Robots directives disagree between meta tag and HTTP header Warning X-Robots-Tag forces noindex while meta tag suggests indexable Robots directives disagree between meta tag and HTTP header Info Meta-robots and X-Robots-Tag disagree on a minor directive No robots.txt file found Info robots.txt returns 404 robots.txt has no Disallow rules Info File exists but contains no Disallow directives All known AI crawlers are blocked Info All major AI crawlers (GPTBot, ClaudeBot, PerplexityBot, ...) blocked No AI crawlers are blocked Info No AI crawlers in the blocked list
Issue Severity Trigger Page has no <title> tag Critical Missing title element Title tag is outside the 20-70 character range Warning Title length too short or too long Page has no meta description Warning Missing meta description Meta description is outside the 50-170 character range Info Description length too short or too long Page has no <h1> heading Warning Zero H1 elements Page has multiple <h1> headings Info More than one H1 element Page has no canonical link Warning No <link rel="canonical"> Canonical URL points to a different page than the one inspected Warning Canonical mismatch Page has no viewport meta tag Warning Missing <meta name="viewport"> <html> element has no lang attributeInfo Missing lang attribute Heading levels skipped Info Heading hierarchy jumps levels (e.g. H1 to H3) Images missing alt text Warning 50%+ images without alt text Images missing alt text Info 20-50% images without alt text Many links use generic anchor text Info 20%+ links use generic phrases ("click here", "read more") External links lack rel="noopener" Info 30%+ external links missing rel attribute No favicon link declared Info No <link rel="icon"> declared Images without alt text Critical 10+ images without alt text Images without alt text Warning Images without alt text Form fields without a label Warning Form fields missing accessible labels Links or buttons without an accessible name Warning 5+ links / buttons without accessible names Links or buttons without an accessible name Info Links / buttons without accessible names Heading hierarchy skips levels Info Heading order violations
Issue Severity Trigger Robots directive changes after JavaScript runs Critical (Fatal) Robots directive differs between raw and rendered HTML Rendered HTML has much more content than raw HTML Warning Raw HTML contains < 1/5 of rendered text Canonical URL differs between raw and rendered HTML Warning Canonical changes after JavaScript Page title changes after JavaScript runs Warning <title> rewritten by JavaScriptMost internal links only appear after JS runs Warning Internal links only present in rendered HTML H1 heading differs between raw and rendered HTML Warning H1 content changes after JavaScript Structured data only appears after JS runs Warning JSON-LD injected by JavaScript
Issue Severity Trigger Content-rich page has no structured data Info Word-rich page without any JSON-LD JSON-LD blocks fail to parse Warning Invalid JSON-LD detected Structured data summary Info Informational summary, no deduction Open Graph tags incomplete Info Missing required og: tags (title, description, image) No Twitter / X Card tags Info Falls back to Open Graph
Issue Severity Trigger TLS certificate has expired Critical (Fatal) Certificate past its expiry date Certificate hostname doesn't match the URL Critical (Fatal) Certificate SAN does not cover the hostname Deprecated TLS version negotiated Critical TLS 1.0 or 1.1 negotiated Weak certificate signature algorithm Critical SHA-1 or MD5 signature Weak RSA key length Critical RSA key < 2048 bits TLS certificate expires soon Critical Certificate expires within 14 days TLS certificate expires soon Warning Certificate expires within 30 days TLS certificate chain is incomplete Warning Missing intermediate certificates
Issue Severity Trigger Security headers grade is low Critical Security headers grade F (< 40% present) Security headers grade is low Warning Security headers grade C/D (40-70% present) Security headers grade is low Info Security headers grade B (70-90% present) Missing HSTS header Warning No Strict-Transport-Security Missing clickjacking protection Warning No X-Frame-Options, no CSP frame-ancestors Missing Content-Security-Policy Info No Content-Security-Policy header Missing X-Content-Type-Options Info No X-Content-Type-Options: nosniff Missing Referrer-Policy Info No Referrer-Policy header Missing Permissions-Policy header Info No Permissions-Policy (Feature-Policy) Server header reveals software version Info Server response header discloses version
Issue Severity Trigger Insecure (HTTP) sub-resources on an HTTPS page Critical Mixed content detected Content Security Policy weakened by unsafe directives Warning CSP uses unsafe-inline, unsafe-eval, or wildcard sources Third-party requests carry API keys in the URL Info API keys visible in request URLs
Issue Severity Trigger Cookies use SameSite=None without Secure Critical Modern browsers reject these cookies Cookies missing Secure flag Warning Cookies set without the Secure attribute Cookies missing SameSite attribute Warning Cookies set without an explicit SameSite value Oversized cookies Info Cookies larger than 4 KB Many cookies set on this page Critical 50+ cookies Many cookies set on this page Warning 25+ cookies
Issue Severity Trigger Static asset served without Cache-Control Warning Main document or asset missing Cache-Control Static asset cached for less than a day Info max-age < 86400Static assets with missing or weak Cache-Control Warning Multiple subresources without proper caching Static assets with weak Cache-Control Warning Static resources with inadequate cache policy Few responses have long-lived cache headers Info < 10% of cacheable requests served from cache
Issue Severity Trigger Text response served without compression Warning Main document missing gzip / br / zstd Text resources served without compression Critical Subresources > 500 KB total uncompressed text Text resources served without compression Warning Uncompressed text subresources present Text responses missing compression Warning Recoverable bytes from compressing text resources
Issue Severity Trigger Main document served over an old HTTP version Info Main document over HTTP/1.x (uptime probe) Main document served over HTTP/1.1 Info Main document over HTTP/1.1 (Chrome probe) Slow DNS lookups Info DNS lookup > 200 ms Slow TLS handshakes Info TLS handshake > 300 ms Slow server response (TTFB) Critical TTFB > 1500 ms Slow server response (TTFB) Warning TTFB > 600 ms Large request header block Warning Request-header block unreasonably large Large response headers Warning Response-header block >= 8 KB Excessive response headers Critical Response-header block >= 16 KB Unreasonably large response headers Critical Response-header block >= 32 KB
Issue Severity Trigger Production scripts ship without sourcemap references Info Sourcemap references absent No Web App Manifest linked from this page Info No <link rel="manifest"> Web App Manifest failed to fetch or parse Warning Manifest linked but unreachable / invalid Web App Manifest missing required fields Info Manifest incomplete for installability No Service Worker registered on this origin Info No active Service Worker Deprecated browser APIs used by this page Info DevTools deprecation warnings Legacy JavaScript libraries detected Info Old jQuery, Prototype, MooTools, etc. Deprecation warnings in the browser console Info Console deprecation messages Content-Type header does not match the response body Warning Wrong Content-Type for served HTML
Issue Severity Trigger Server returned an HTTP 5xx status Critical (Fatal) 5xx response from origin Page not found (404) Critical (Fatal) 404 from origin Client error HTTP response Warning Other 4xx (403, 410, 429, ...) Network requests failed during load Warning One or more subresource requests failed JavaScript errors thrown during load Critical 5+ console errors / uncaught exceptions JavaScript errors thrown during load Warning 1-4 console errors
Issue Severity Trigger Slow Time to First Byte Warning Server TTFB > 1500 ms Slow total response time Warning Total response time > 5 s
Issue Severity Trigger Domain registration expires soon Critical Domain expires within 30 days Domain registration expires soon Warning Domain expires within 90 days Domain registered recently Info Domain registered < 30 days ago WHOIS privacy protection is enabled Info Registrant details hidden via privacy service WHOIS lookup not available for this TLD Info ccTLD or restricted TLD without public WHOIS
The catalog evolves as new detection signals are added to the engine. Every issue above corresponds to a registered detector in app.services.inspector.rules (Python) or in the chrome-inspector Go analyzer; detectors without a registered rule are not surfaced.
When multiple rules fire on the same root cause from different angles, Inspector merges them into a single issue. The most common case is a metric that appears in both field and lab data:
LCP - crux.lcp.* (field) and chrome.lcp.slow (lab) coalesce. The highest-severity finding wins, and the surviving issue cites both data sources in its evidence.CLS, INP, FCP - same coalescing pattern across CrUX and Chrome.Image alt coverage - the page-wide SEO scan and the Chrome accessibility audit coalesce.Heading hierarchy - same as above.HTTP version - the uptime probe and the Chrome network log coalesce.Subresource compression - multiple Chrome rules covering the same uncompressed-text problem coalesce.Security headers - the composite Chrome grade and individual headers.* rules from the uptime check coalesce. Whichever approach deducts more is kept; the other is dropped.
The result: a slow LCP shows up once with both real-user and lab numbers in the evidence - not twice with the same finding from two angles.
TTFB is intentionally not coalesced across CrUX, Chrome, and Uptime. A consistently slow server should be confirmed from every vantage point - and the deduction is bounded so the total impact stays proportionate.
Every issue carries an evidence block - the raw numbers that triggered the rule. For an LCP poor finding, evidence might include:
{ "p75_ms": 4820, "good_threshold_ms": 2500, "poor_threshold_ms": 4000, "form_factor": "PHONE" } The recommendation is the human guidance - what to actually do. Recommendations are written for engineers, not auditors: they point to the specific subsystem to investigate (e.g. "Largest Contentful Paint is rendering below the fold - verify your hero image isn't being lazily loaded" ).
