Is the free audit really free?

Yes, completely free. Just enter your URL — no account, no email, no credit card. You get your overall score and top issues instantly. Want more? Create a free account to save your report and get 2 pro scan credits.

How long until I get my report?

The Quick Scan is typically under 60 seconds. Paid reports are generated and emailed within 2–3 minutes of payment.

9 categories: SEO & Search Visibility, Website Performance & Speed, Mobile Experience, Security & Privacy, Accessibility, Content & Messaging, Technical Health, Trust & Credibility, and Local SEO & Google Business. Each category is scored independently, and we provide specific evidence and fix instructions for every issue found.

Do I need technical knowledge?

Not at all. Reports are written in plain language with prioritized, step-by-step recommendations. Each issue is labeled with who can fix it, and many are things you can do yourself without touching code.

How accurate is the analysis?

We analyze your actual live website, checking real page speed, real HTML structure, and real content. Every finding comes with specific evidence from your site, so you can verify it yourself.

Absolutely. We only use your email to deliver your report. No spam, no sharing with third parties. We analyze publicly accessible pages (the same thing Google sees). We never store passwords, we don't access admin panels, and we never sell your data. All connections are encrypted with 256-bit SSL. See our Privacy Policy for full details.

Can I see a sample report before buying?

Yes! Check out our interactive demo report to see exactly what a full audit looks like, with real findings, evidence, and fix instructions you can explore.

How do I cancel my subscription?

You can cancel anytime from your dashboard. Just click "Manage Subscription" to open the billing portal. Your audit access continues until the end of your current billing period.

Who built FreeSiteAudit?

FreeSiteAudit was built by web professionals who wanted to make professional-grade website audits accessible to every business owner. We combined real-world SEO and web development experience with automation to deliver clear, actionable reports.

WordPress fix guide

Cookies Missing HttpOnly Flag on WordPress

Cookies are set without the HttpOnly flag, making them accessible to JavaScript. This increases the risk of cookie theft via XSS attacks.

Issue ID: SEC-COOKIE-HTTPONLY-001Severity: moderateEffort: S

Why this matters

Cookies are set without the HttpOnly flag, making them accessible to JavaScript. This increases the risk of cookie theft via XSS attacks. This affects browser trust signals and whether visitors feel safe submitting contact details.

WordPress fix path

How to fix this on WordPress

Use the page editor, theme, or SEO tooling depending on where this issue lives.

1Inspect the page and theme output.
2Apply the fix in the most direct place.
3Publish and validate with a re-audit.

After you fix it

✓Inspect cookies in DevTools and confirm session cookies have the HttpOnly flag

Same fix, other platforms

Fix cookies missing httponly flag on a different CMS

Other fixes

More WordPress fixes

Parents

Related guides

See every WordPress issue on your site

This is one issue of many the full audit checks. Run a free scan to see what else might be holding your site back.

Run Free Audit