Insight
What a website health check actually covers, and what to do with the findings
The problem is that "something's off" isn't a brief. You can't send that to a developer, a designer, or your board. You need evidence. A proper website health check turns a vague sense of underperformance into a ranked list of specific findings, each one with an impact rating and a rough cost to fix.
This article walks through what a proper audit covers, why each area matters, and what to actually do with the findings once they land. If you'd rather read the service version, the website health check page covers scope, pricing, and timelines.
Why a website health check exists
Websites decay quietly. That's the bit nobody warns you about. A site that was performing fine 18 months ago is now slower, because the image library has ballooned and nobody compressed anything. SEO signals weaken because an editor added 40 blog posts with duplicate titles. Conversion paths break because a dev pushed a quick fix to the contact form and nobody retested the thank-you event in GA4.
Think of a website like a rental property. If nobody inspects it for two years, you don't find out about the leaking tap until the ceiling falls in. A health check is the inspection. It's a diagnostic, not a fix. The value is in having evidence you can act on, not in the act of auditing itself.
Let's be honest: most rebuild briefs are written from frustration, not evidence. A good audit gives you a third option between "leave it alone" and "burn it down and start again".
What does a design and UX audit cover?
The design layer is where most site problems become visible first, even when the root cause sits somewhere else. A proper design and UX review looks at layout, visual hierarchy, readability, mobile behaviour, and accessibility basics against WCAG 2.2 AA.
A designer-led review catches things a developer-led review misses. Developers tend to check whether something works. Designers check whether it works for the person using it. Those are different questions. A form that submits successfully can still be a form that nobody fills in because the required fields aren't marked, the error states are invisible, or the primary CTA is competing with three other buttons of similar weight.
Accessibility is worth a mention here because it's legally live in Australia. The Disability Discrimination Act covers web accessibility, and enforcement activity has picked up. If you want to go deeper on the practical side, WebAIM's annual analysis of the top one million homepages is the clearest picture of what most sites still get wrong. The Nielsen Norman Group research library is the other obvious reference for UX specifically.
What does a website performance audit cover?
Performance means Core Web Vitals, page weight, image handling, font loading, third-party script bloat, and render-blocking resources. Google publishes the current thresholds at web.dev, and they've become genuinely non-negotiable for commercial sites.
The three metrics that matter right now:
- Largest Contentful Paint (LCP). How quickly the main content shows up. Under 2.5 seconds is the target.
- Interaction to Next Paint (INP). How responsive the page feels when someone taps or clicks. Under 200 milliseconds.
- Cumulative Layout Shift (CLS). How much the page jumps around as it loads. Under 0.1.
Google cares because slow sites hurt search visibility. Your users care more, because slow sites make them leave. Most performance issues split cleanly into two piles: quick wins (compress images, defer non-critical scripts, fix a cache header) and rebuild-territory issues (a heavy CMS theme, a bloated marketing stack, a framework choice that's fighting you). A good audit tells you which pile each finding sits in, so you don't waste a sprint cycle on something that needs a platform conversation.
What does a technical SEO audit cover?
Crawlability, indexation, structured data, internal linking, canonical handling, sitemap hygiene, robots.txt configuration, and redirect chains. The boring stuff. The stuff that makes the difference between a site that ranks and a site that doesn't.
Here's the uncomfortable one: a lot of mid-market sites have technical SEO problems that are trivial to fix and have been sitting there for years because nobody ran a crawl. Screaming Frog is the tool most auditors use, and it's excellent. Google Search Console tells you what Google actually sees.
The basics still matter in an AI-search era. If anything, they matter more. Large language models pulling context from your site still depend on clean structured data, coherent internal linking, and canonical signals that tell them which page is the canonical source of a given topic. For the specifics of optimising for generative search, Aleyda Solis has been doing some of the clearest thinking on this, and locally, Kate Toon is worth following for Australian SEO context.
What does a conversion audit cover?
Forms, calls-to-action, journey friction, exit points, and the bits of the funnel where people quietly fall out. This is where heatmaps and session recordings earn their keep. Tools like Hotjar or Microsoft Clarity (which is free) show you what users actually do, not what you think they do.
The classic pattern: traffic is up, conversions are flat, and nobody can explain the gap. Usually the cause is diagnosable. A form field that broke on mobile. A thank-you page that's throwing a 404 on one device class. A CTA that moved below the fold after a template update. A trust signal that used to sit above the form and got cut in the last redesign.
A conversion audit doesn't rely on A/B testing or dark patterns. It relies on looking at the journey and fixing the obvious friction first. A/B testing is a tool for optimising something that already works, not for finding out why something's broken.
What does an analytics setup audit cover?
This one catches people out. GA4 and Google Tag Manager can be configured to look perfectly healthy while measuring something different to what the business thinks they're measuring. Events can double-fire. Conversions can fire on page load instead of on submit. Revenue can drift from the order system. Cross-domain tracking can silently fragment sessions.
If your GA4 numbers don't reconcile with your CRM, that's a red flag. If your leadership has quietly moved to spreadsheets because they don't trust the dashboard, that's another one. Simo Ahava's blog is the reference most analytics practitioners go to when something stops making sense, and it's worth bookmarking if you manage GTM in-house.
The cost of unreliable data isn't the data. It's the decisions you make on top of it. Budget routed to the wrong channel. A campaign killed because it looked like it wasn't working. A year of wrong-direction calls before someone notices.
What does a CMS and integrations audit cover?
Content governance, editor experience, integration reliability. Is the team that actually updates the site able to do so without breaking things? Does the CRM integration still work the way it did at launch, or has a field mapping gone stale? Is the marketing automation platform syncing cleanly, or is there a hidden queue of failed records?
This is often where the deepest problems live, and it's the area most SEO and performance audits skip entirely. A site that ranks beautifully and loads in under a second still fails the business if the content team can't maintain it.
What do you actually do with the findings?
A good audit report triages everything into four buckets:
Cheap and high-impact. Fix this week. Compressed images, broken redirects, missing meta descriptions, a mis-firing GA4 event. Low effort, visible return.
Medium effort, high impact. Plan this quarter. A template refactor, a structured data rollout, an accessibility remediation pass, a forms overhaul.
High effort, high impact. Plan this year. Platform migration, full IA rework, headless conversion, a new design system.
Low impact. Document and move on. Not everything worth noting is worth doing.
The rarest finding, but the one worth being ready for, is your platform is the problem. Sometimes the honest conclusion is that the CMS or framework you're on can't be fixed into performing well, and a replatform is the cheapest option over a three-year horizon. A good auditor will tell you this if it's true, and will show their working.
DIY or pay for an audit?
You can get a long way with free tools. Lighthouse (built into Chrome) covers performance, accessibility, and SEO basics. PageSpeed Insights gives you field data from real users. Search Console tells you what Google sees. GA4 tells you what users do, assuming your setup is reliable, which is a bigger assumption than most teams realise.
What you'll miss without technical, design, and analytics depth sitting in the same head: the connections between findings. An audit that flags slow LCP but doesn't connect it to the hero image delivery, which doesn't connect it to the CMS template, which doesn't connect it to the editor workflow that keeps uploading uncompressed PNGs, isn't solving anything. It's just generating a list.
For most mid-market sites, a paid audit pays for itself the first time a finding stops a misguided project before it starts. The audit that tells you don't rebuild, here are seven specific fixes is worth more than the one that tells you everything is fine, and far more than the rebuild you didn't need.
Where to from here
If you want to run the audit yourself, start with Lighthouse, Search Console, and a Screaming Frog crawl. Read the findings with a critical eye and ask so what of every line. If the answer isn't obvious, that's a signal to bring in someone who's done this before.
If you'd rather have one person own the full diagnostic across design, performance, SEO, conversions, analytics, and CMS, the website health check is scoped for exactly that. One report, one recorded walkthrough, a prioritised next-steps list that separates in-house fixes from vendor work.