On 2026-04-23we ran a lightweight single-page audit on 20 widely-known technology and publishing homepages. This page lists every URL, the exact checks, the aggregate results, and the caveats. No extrapolation to "X% of the web" — we checked 20 hand-picked sites, and that's all the numbers describe.
Every site was on HTTPS (100%) and every one that responded sent an HSTS header (100%). Where the sample split was on which modern security headers ship: 79% had a Content-Security-Policy, 74% set X-Frame-Options, 68% set Referrer-Policy, and only 53% had opted into the HSTS preload list. For consumer-facing tech companies, adopting CSP and preload is the gap. See the HSTS glossary · most common security issues.
84% of sites had a meta description at all, but only 32% landed between 120 and 160 characters. 16% were long enough to overflow the desktop SERP pixel width (> 920px). Most of what we saw was either too short — which lets Google build the snippet from page content instead — or too long to render fully. Check your own with the meta description checker.
This was the biggest surprise. Rich-result-eligible structured data is a free click-through-rate lift, but only 37% of the sample ships any JSON-LD on the homepage at all. The most common schema type in this sample was Organization, followed by WebSite. See the structured data glossary.
16% of homepages had no H1 at all, and 21% had more than one. Even on sites run by teams that obviously care about SEO, the H1 convention gets lost in template refactors. See the H1 tag glossary.
The fastest site returned full HTML in 18 ms; the slowest in 1033 ms. These are all CDN-backed, cache-optimised homepages — a useful baseline for what server-side response time looks like when done well. See the Core Web Vitals glossary · most common performance issues.
| Metric | Value |
|---|---|
| Sites attempted | 20 |
| Sites fetched successfully | 19 (95%) |
| HTTPS | 100% |
| HSTS header | 100% |
| HSTS preload directive | 53% |
| Content-Security-Policy | 79% |
| X-Frame-Options | 74% |
| Referrer-Policy | 68% |
| Has title tag | 100% |
| Title length (chars) — median | 46 |
| Title length (chars) — range | 9 – 78 |
| Has meta description | 84% |
| Meta description 120–160 chars | 32% |
| Meta description overflows desktop (920px) | 16% |
| Meta description length (chars) — median | 128 |
| Meta description length (chars) — range | 64 – 190 |
| Meta description pixels — median | 767 |
| Has canonical tag | 74% |
| Canonical is self-referencing | 53% |
| Has viewport meta | 100% |
| Has <html lang> | 100% |
| Has og:title | 84% |
| Has og:image | 84% |
| Has JSON-LD structured data | 37% |
| Has favicon | 89% |
| Exactly one H1 | 63% |
| Zero H1s | 16% |
| Multiple H1s | 21% |
| Images without alt | 1% |
| Homepage load (ms) — median | 288 ms |
| Homepage load (ms) — range | 18 – 1033 ms |
| Site | Status | Load | Title len | Desc len | H1s | HSTS | CSP | Canonical | JSON-LD |
|---|---|---|---|---|---|---|---|---|---|
| github.com | 200 | 176ms | 61 | 190 | 4 | ✓ | ✓ | ✓ | — |
| stackoverflow.com | 200 | 354ms | 33 | — | 4 | ✓ | ✓ | — | ✓ |
| news.ycombinator.com | 200 | 595ms | 11 | — | 0 | ✓ | ✓ | — | — |
| developer.mozilla.org | 200 | 59ms | 12 | 145 | 1 | ✓ | ✓ | ✓ | — |
| stripe.com | 200 | 474ms | 54 | 148 | 2 | ✓ | ✓ | ✓ | ✓ |
| vercel.com | 200 | 179ms | 67 | 111 | 2 | ✓ | ✓ | ✓ | ✓ |
| nextjs.org | 200 | 93ms | 39 | 64 | 1 | ✓ | ✓ | — | — |
| tailwindcss.com | 200 | 59ms | 76 | 114 | 1 | ✓ | — | — | — |
| linear.app | 200 | 485ms | 43 | 64 | 1 | ✓ | ✓ | ✓ | — |
| notion.so | 200 | 1033ms | 45 | 124 | 1 | ✓ | ✓ | ✓ | — |
| figma.com | 200 | 344ms | 46 | 172 | 1 | ✓ | ✓ | ✓ | ✓ |
| airbnb.com | 200 | 855ms | 78 | 132 | 1 | ✓ | ✓ | ✓ | ✓ |
| shopify.com | 200 | 87ms | 66 | 145 | 1 | ✓ | — | ✓ | ✓ |
| slack.com | 200 | 288ms | 49 | 173 | 1 | ✓ | — | ✓ | — |
| zapier.com | 200 | 135ms | 47 | 150 | 1 | ✓ | ✓ | ✓ | — |
| pinterest.com | 200 | 355ms | 9 | 71 | 0 | ✓ | ✓ | ✓ | ✓ |
| medium.com | 403 | 22ms | 16 | — | 0 | ✓ | — | — | — |
| reddit.com | 200 | 18ms | 37 | — | 0 | ✓ | ✓ | — | — |
| cloudflare.com | 200 | 191ms | 51 | 112 | 1 | ✓ | — | ✓ | — |
| mozilla.org | 200 | 952ms | 46 | 86 | 1 | ✓ | ✓ | ✓ | — |
A single HTTP GET against each homepage from a server in our infrastructure on 2026-04-23. For each response we captured status code, response time, selected HTTP headers, and extracted HTML signals — title, meta description, canonical, H1 count, viewport, lang, Open Graph tags, JSON-LD types, and img alt coverage — using regex-based parsing of the HTML head.
Hand-picked set of widely-known technology, SaaS, and publishing homepages. The sites were chosen for recognisability, not as a representative sample of the web. 19 of 20 returned HTML successfully; the remaining site returned HTTP 403 to our user-agent.
Statistically representative of "the internet" or any larger population. Percentages reflect this exact 20-URL sample. Run the same study on 20 mid-market e-commerce sites or 20 government sites and the numbers will look different.
The full Seoxpert scan crawls multiple pages per site and covers 14 check categories across ~100 signals per page. For a one-day cross-site comparison the lightweight single-page approach is more useful — it isolates homepage-level signals and does not penalise sites for deep-crawl issues the homepage alone cannot reveal.
Run a real scan against your own site — full crawl, 14 check categories, free.
Related: complete technical SEO audit guide · most common SEO issues