BotWatcher.ai Audit Report

Site Audited

handymanpro.ai

https://handymanpro.ai/

Completed

Thu, 16 Apr 2026 02:30:01 GMT

Duration

364ms

Overall

83 · B

handymanpro.ai

Audit completed

Good baseline, but there are issues that should be addressed next. COEP is not set.

Main issue: COEP is not set.

↺ Run again ⬇ Export Excel View fixes 🏅 View Leaderboard

Edge/network/header analysis · bot simulation · crawlability evidence

Alert

No urgent crawler access problem was found in this audit.

Advise

Your most important bots appear to be reaching the site normally, so the main opportunities are lower-priority hardening and polish.

Action Step

Keep monitoring crawler access and focus next on response headers, caching, and small technical improvements.

Key Findingswhat failed first

Warnings

⚠

COEP is not set.

⚠

ETag is missing.

Passed

✓

HTTPS is enabled.

✓

HSTS is valid.

✓

robots.txt is present.

Fix Priorityrecommended next steps

1Add a COEP header if cross-origin isolation is needed.

2Add ETag or validator headers for better cache revalidation.

3Review tracking flags and confirm only intended analytics scripts are loaded.

4Review the detailed sections below for lower-priority hardening opportunities.

Speed

Excellent response path

Security

core protections are present

SEO

crawl assets are discoverable

Bot Access

bot responses need attention

Result Integrity98% measurement confidence · 1 conflict

Speed Confidence

100%

Security Confidence

94%

SEO Confidence

100%

Bot Confidence

100%

LOWCSP contains 'unsafe-inline' — inline script execution is permitted, which is the most common CSP bypass vector

Replace 'unsafe-inline' with nonce-based or hash-based script allowlisting. This single change has more XSS-protection impact than any other CSP improvement.

Main fetch: ok

Security: ok

SEO: ok

20/20 bot probes succeeded

Bot Importance Hierarchy 1 ranked bot issue

Ranks crawlers by practical impact so users can tell whether a failure is mission-critical, growth-related, or lower-priority.

Tier 1

Mission Critical

Search and AI discovery bots that most directly affect visibility and retrieval.

1 issue

Perplexity

Blocked

HTTP 403 / 24ms

Google

Stable

21ms / no crawler override

OAI Search

Stable

82ms / no crawler override

GPTBot

Stable

22ms / no crawler override

Vertex AI

Stable

82ms / no crawler override

ChatGPT

Stable

82ms / no crawler override

Claude

Stable

22ms / no crawler override

Tier 2

Growth & Distribution

Bots that influence secondary reach, ecosystem visibility, and social preview distribution.

2 issues

Meta AI

Caution

83ms / no crawler override

Bing

Stable

34ms / no crawler override

Mistral

Caution

83ms / no crawler override

Amazon

Stable

62ms / no crawler override

Apple

Stable

22ms / no crawler override

Facebook

Stable

44ms / no crawler override

Twitter

Stable

49ms / no crawler override

Stable

44ms / no crawler override

Tier 3

Reference & Baseline

Supportive or baseline agents useful for comparison and lower-priority monitoring.

2 issues

ByteDance

Blocked

HTTP 403 / 47ms

CommonCrawl

Blocked

HTTP 403 / 48ms

DuckDuck

Stable

36ms / no crawler override

Chrome

Stable

46ms / no crawler override

BotWatcher

Stable

54ms / no crawler override

consistent access caution anomaly / blocked

Anomaly Detection peak Bot/Crawl spike

Asset Discovery 5/8 public assets visible

HTTPS

TLS active

Cloudflare

DYNAMIC

Compression

none

robots.txt

crawl rules live

Sitemap

32 URLs

llms.txt

missing

Structured Data

2 schema blocks

Analytics

none detected

Map routes are derived from bot simulation responses and compliance checks. This board is audit-driven, not global telemetry.

Bot Access & Consistency36▾

Bot Access & Consistency 36

Your site appears to respond differently to some crawlers, which can reduce AI search visibility and trigger cloaking concerns.

ℹ

Why this matters

AI search visibility, social previews, and crawler trust can drop when some agents receive different responses or are blocked.

Different bots received different responses

Mixed status code classes: 2xx, 4xx

Status codes stayed consistent

Mixed status code classes detected

ℹ

AI crawler guidance

Add /llms.txt for AI crawler guidance

Bot Status Strip

Google

Bing

DuckDuck

Apple

GPTBot

Claude

Perplexity

Facebook

Twitter

Chrome

BotWatcher

amazonbot

bytespider

ccbot

chatgptuser

oaisearchbot

mistralaiuser

googlevertexbot

metaexternalagent

Bot	Result	HTTP	robots.txt	Notes
PerplexityBot	Review	403	unspecified	HTTP 403
bytespider	Review	403	unspecified	HTTP 403
ccbot	Review	403	unspecified	HTTP 403
Googlebot 2.1	Accessible	200	allowed	21ms
Bingbot 2.0	Accessible	200	allowed	34ms
DuckDuckBot	Accessible	200	unspecified	36ms
Applebot	Accessible	200	unspecified	22ms
GPTBot (OpenAI)	Accessible	200	allowed	22ms
ClaudeBot (Anthropic)	Accessible	200	allowed	22ms
Facebook External Hit	Accessible	200	unspecified	44ms
Twitterbot	Accessible	200	unspecified	49ms
LinkedInBot	Accessible	200	unspecified	44ms
Chrome (baseline)	Accessible	200	unspecified	46ms
BotWatcherAudit/1.0	Accessible	200	unspecified	54ms
amazonbot	Accessible	200	unspecified	62ms
chatgptuser	Accessible	200	unspecified	82ms
oaisearchbot	Accessible	200	unspecified	82ms
mistralaiuser	Accessible	200	unspecified	83ms
googlevertexbot	Accessible	200	unspecified	82ms
metaexternalagent	Accessible	200	unspecified	83ms

Performance83▾

TTFB

167ms

Total Time

167ms

Body Size

106.4 KB

Status

200

Compression

none

CF Cache

DYNAMIC

✓

HTTPS

Secure TLS

✓

TTFB: 167ms

Excellent

✓

HTTP 200

Compression

Enable gzip or Brotli

Note 1: Uncompressed responses waste bandwidth and slow down page load times for all visitors.

Note 2: Crawlers see increased latency and may deprioritize your site in crawl schedules.

Note 3: Enable gzip or Brotli compression in your web server config (nginx: gzip on; Apache: mod_deflate).

✓

Cache-Control

public, max-age=0, must-revalidate

ℹ

ETag

Consider adding ETag

✓

Redirects: 0

No redirects

✓

Cloudflare CDN

CF-Cache-Status: DYNAMIC

Security Headers95▾

✓

HTTPS / TLS

Secure

✓

HSTS

max-age=31536000; includeSubDomains; preload

✓

Content-Security-Policy

default-src 'self'; script-src 'self' https://static.cloudflareinsights.com http…

✓

X-Content-Type-Options

nosniff

✓

Clickjacking protection

SAMEORIGIN

✓

Referrer-Policy

strict-origin-when-cross-origin

✓

Permissions-Policy

camera=(), microphone=(), geolocation=(), payment=(), usb=()

✓

Cross-Origin-Opener-Policy

same-origin

ℹ

Cross-Origin-Embedder-Policy

Not set

SEO & Crawlability95▾

✓

Meta title

HandyManPro.ai — Fix It. Learn It. Own It.

✓

Meta description

HandyManPro.ai — Your home, simplified. Visual guides for every room, every season, and every fix. F…

✓

Canonical URL

https://handymanpro.ai/

✓

Viewport meta

width=device-width, initial-scale=1.0

✓

robots.txt

1 sitemap(s)

✓

Googlebot access

Allowed

✓

Sitemap.xml

32 URL(s)

✓

Open Graph

og:title = "HandyManPro.ai — Fix It. Learn It. Own It."

✓

JSON-LD Structured Data

WebSite, Organization

ℹ

llms.txt (AI compliance)

Not found - add for GPTBot, Claude etc.

Third-Party & Privacy▾

Analyzes raw HTML source for third-party domains, consent tooling, render-blocking scripts, and tracking pixels. Tools injected at the edge (Cloudflare Zaraz, CF Web Analytics) or loaded dynamically via JS after page load will not appear here — use your browser's Network tab for a complete runtime picture. Results are informational and do not affect your score.

21 third-party domains · 0 render-blocking scripts · ✗ No consent tool ·10 tracking pixels

No analytics detected — you may be flying blind on traffic data

Ad/tracking pixels detected without a visible consent mechanism — potential GDPR/CCPA compliance gap

Third-Party Domains in Source

anrdoezrs.net

awin1.com

awltovhc.com

btcminergpt.ai

buymeacoffee.com

chatgpt.com

dpbolvw.net

fonts.googleapis.com

fonts.gstatic.com

ftjcfx.com

handymanpro.ai

jdoqocy.com

kqzyfj.com

lduhtrp.net

llmadvisor.ai

+ 6 more

Tracking Pixels

ftjcfx.com

ftjcfx.com

awltovhc.com

awltovhc.com

lduhtrp.net

tqlkg.com

ftjcfx.com

ftjcfx.com

ftjcfx.com

ftjcfx.com

Platforms Detected in Source

○ Google Analytics 4○ Universal Analytics (UA)○ Google Tag Manager○ Cloudflare Web Analytics○ Cloudflare Zaraz○ Plausible○ Fathom○ Matomo / Piwik○ Hotjar○ Microsoft Clarity○ Segment○ Mixpanel○ Heap○ Amplitude○ HubSpot○ Intercom○ Adobe Analytics○ Meta (Facebook) Pixel○ TikTok Pixel○ Crisp Chat

Domain Surface▾

Probes common subdomains and non-standard HTTP/HTTPS ports to map the visible attack surface of this domain. Results are based on network-layer responses only. Informational — does not affect your score.

Wildcard DNS detected — subdomain results are not meaningful

A probe of a guaranteed-nonexistent subdomain (wildcardtestconfirmationbotwatcherai.handymanpro.ai) returned HTTP 530, definitively confirming a wildcard DNS record (*.handymanpro.ai) is active and answering all subdomain requests. Individual subdomain scan results are unreliable when wildcard DNS is present and have been suppressed.

Non-standard Ports

Port	Status	HTTP	TTFB
http:8080	Responded	301	71ms
https:8443	Responded	200	87ms
http:3000	Responded	301	80ms
http:8000	Responded	301	83ms