What GreenLight checks
Seven whole-site scans, each in plain language. Point GreenLight at any live, public URL; it checks the page the way the big tools do, then tells you what it found, why it matters, and the exact fix, so you learn from your site instead of just patching it.
The difference: the last mile
Most tools stop at the warning. They say "your CSP allows unsafe-inline" or "12 images missing alt text" and leave you to figure out what that means and what to type. GreenLight's whole job is the part those tools skip: the specific, plain-language fix for your site. Every finding is written to be understood by someone who isn't a specialist.
Security
The common security basics that quietly leave a site exposed: whether it loads over HTTPS, whether it sends HSTS and the protective response headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy), mixed content (secure pages loading insecure resources), cookie flags (Secure, HttpOnly), and exposed sensitive files (.env, .git, backups). It scans for common issues; it is not a hardening guarantee, and it says so.
SEO
The on-page basics search engines need, across every page in your sitemap: a title tag and meta description, a single clear H1, image alt text, a mobile viewport, a canonical link, a declared page language, a working sitemap and robots.txt, and warnings for thin content. It also catches duplicate titles and descriptions across pages, a common templating mistake that quietly hurts rankings.
AI Search (GEO)
Generative Engine Optimization: whether AI engines like ChatGPT, Perplexity, and Google's AI Overviews can find and cite you. GreenLight checks for an llms.txt file, access for the AI citation bots (and that you are not accidentally blocking them), Bing visibility, your Organization identity, structured data per page (FAQ, Article, HowTo), question-style headings on articles, and interlinking between related articles. The off-site half, whether an AI actually cites you, needs human testing, and the tool says so plainly instead of faking a score.
AdSense readiness
The practical hurdles to Google AdSense approval, built from real rejections: a privacy policy, About and Contact pages, a valid ads.txt (it even flags a placeholder publisher id), crawlability for Google, and enough real, original content. It adds the E-E-A-T checks that trip up new sites: articles with a named human author, a visible "not advice" disclaimer on money or health pages, and a warning when too many articles share one publish date, a bulk-import signal that reads as low value.
Accessibility (ADA)
Mechanical WCAG checks across every page: images without alt text, buttons with no accessible name, form fields with no label, a missing main landmark, non-descriptive link text ("click here"), pinch-zoom disabled, and a missing page language. Accessibility is load-bearing far beyond compliance: the same markup feeds screen readers, voice control, SEO, and AI agents at once. Color contrast is computed straight from your CSS colors and font sizes (theme variables resolved, with the WCAG large-text rule applied); text sitting over an image or gradient still benefits from a human look.
Speed signals
The markup and server signals behind a fast page, per page: server response time (TTFB), text compression (gzip or brotli), heavy HTML, render-blocking scripts in the head, images missing width and height (which cause layout shift), and images not lazy-loaded. It is not a Lighthouse score, since real Core Web Vitals need a headless browser; it checks the signals behind the score and is upfront about the difference.
Social readiness
How your links look when someone shares them: Open Graph tags (title and image), a Twitter/X card, a preview image that actually resolves, a favicon, and linked social profiles. The gap between a bare URL and a rich preview with a headline and image is a real click-through difference.
How every finding reads
Each result is the same three parts: what we noticed, why it matters, and how to fix it, color-coded so the must-fixes, heads-ups, and all-clears are obvious at a glance. When GreenLight finds something on its own site, we log it as Challenge, Action, Result and fix it in the open.
Honest limits
GreenLight reads what a page serves. It is a best-effort scan, not a full audit and not a guarantee a site is secure or perfectly optimized. It checks the common, high-value basics most sites actually get wrong, and is clear when something is a heads-up rather than a must-fix.