Foglift
supabase.com — Website Report
Scored 66/100 · Scanned with Foglift
D
supabase.com scored 66. One fix would take it to 86.
3 critical9 warnings15 total issues
Quick wins
~106 min total fix time1Missing X-Content-Type-Options header~2m
2Missing X-Frame-Options header~2m
3Missing Referrer Policy header~2m
https://supabase.com/ · 4/19/2026, 3:47:57 AM
Scanned with Foglift · SEO + AI Visibility analysis
AI Action Plan
Website Analysis for https://supabase.com Your site scores 66/100 overall, but AI engines may be missing you. Your AI Visibility is 63/100 — there's significant room to improve how ChatGPT, Perplexity, and Gemini surface your brand. We found 3 critical issues and 9 warnings. Here's your prioritized action plan:
FIX FIRST (Critical): 1. AI engines can't understand your business — Your site has no structured data — the machine-readable labels that tell AI what your business does, what you offer, and why you're an authority. Without this, AI assistants are much less likely to mention or recommend you.
2. Missing Content Security Policy header — Add a Content-Security-Policy header to prevent XSS and injection attacks. 3. 38 external scripts loaded — Your page loads 38 external JavaScript files. Each requires a network request. Bundle scripts and defer non-critical ones to improve load time. QUICK WINS (Warnings): 1. No FAQ section found — AI assistants love Q&A content — it's the easiest format for them to extract and quote. Add a Frequently Asked Questions section to your page, and you'll s
11 more critical fixes + quick wins in your full report
Enter your email and we'll send the complete action plan to your inbox.
No spam. Just your report.
Share This Report
Send this scan to a teammate or contact. The shareable link includes all scores and issues.
AI Visibility
How likely AI assistants like ChatGPT, Perplexity, and Gemini are to cite your brand
63D
100
Brand Mentions
Found 20+ web mentions of "supabase"
58
Domain Authority
PageRank: 5.1/10, 5+ external references
10
Content Freshness
500 pages in sitemap but none updated recently
53
Technical Readiness
Moderate technical readiness — some improvements possible
Technical Issues
AI engines can't understand your businesscritical~10 min fix
Your site has no structured data — the machine-readable labels that tell AI what your business does, what you offer, and why you're an authority. Without this, AI assistants are much less likely to mention or recommend you.
Quick Fix
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "Organization",
"name": "Your Company Name",
"url": "https://yoursite.com",
"description": "Brief description of your business",
"sameAs": [
"https://twitter.com/yourhandle",
"https://linkedin.com/company/yourcompany"
]
}
</script>Add JSON-LD structured data so AI models understand your business entity and can cite you accurately.
No FAQ section foundwarning~15 min fix
AI assistants love Q&A content — it's the easiest format for them to extract and quote. Add a Frequently Asked Questions section to your page, and you'll significantly increase your chances of being cited in AI-generated answers.
Quick Fix
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "FAQPage",
"mainEntity": [{
"@type": "Question",
"name": "What does your company do?",
"acceptedAnswer": {
"@type": "Answer",
"text": "We provide [your service]. Our solution helps..."
}
}]
}
</script>AI models frequently cite FAQ content. Add FAQPage schema to boost your chances of appearing in AI-generated answers.
AI doesn't know who you areinfo~10 min fix
Your site is missing identity markup that tells AI engines "we are [Company X], and here's what we do." Adding this helps AI assistants recognize your brand as an authority and recommend you by name.
Quick Fix
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "Organization",
"name": "Your Company",
"url": "https://yoursite.com",
"logo": "https://yoursite.com/logo.png",
"sameAs": [
"https://twitter.com/yourhandle",
"https://linkedin.com/company/yourcompany",
"https://github.com/yourorg"
],
"contactPoint": {
"@type": "ContactPoint",
"email": "hello@yoursite.com",
"contactType": "customer service"
}
}
</script>Entity markup tells AI models who you are, making them more likely to cite your brand accurately.
How does AI see Supabase?
When users ask AI about your industry, are you recommended?
G
C
P
Ge
A
See how ChatGPT, Claude, Perplexity, and Gemini talk about Supabase
SEO & Technical Issues (12)
Missing Content Security Policy headercriticalSecurity~5 min fix
Add a Content-Security-Policy header to prevent XSS and injection attacks.
Quick Fix
# Nginx:
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" always;
# Apache (.htaccess):
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"
# Next.js (next.config.js headers):
{ key: 'Content-Security-Policy', value: "default-src 'self'; script-src 'self' 'unsafe-inline'" }Content-Security-Policy prevents XSS attacks by controlling which resources the browser can load.
38 external scripts loadedcriticalPerformance
Your page loads 38 external JavaScript files. Each requires a network request. Bundle scripts and defer non-critical ones to improve load time.
Missing X-Content-Type-Options headerwarningSecurity~2 min fix
Set X-Content-Type-Options: nosniff to prevent MIME-type sniffing.
Quick Fix
# Nginx:
add_header X-Content-Type-Options "nosniff" always;
# Next.js (next.config.js headers):
{ key: 'X-Content-Type-Options', value: 'nosniff' }Prevents browsers from MIME-type sniffing, which can lead to security vulnerabilities.
Missing X-Frame-Options headerwarningSecurity~2 min fix
Set X-Frame-Options to prevent clickjacking attacks.
Quick Fix
# Nginx:
add_header X-Frame-Options "SAMEORIGIN" always;
# Next.js (next.config.js headers):
{ key: 'X-Frame-Options', value: 'SAMEORIGIN' }X-Frame-Options prevents clickjacking by controlling who can embed your page in an iframe.
Missing Referrer Policy headerwarningSecurity~2 min fix
Add a Referrer-Policy header to control information leakage.
Quick Fix
# Nginx:
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Next.js (next.config.js headers):
{ key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' }Controls how much referrer information is sent with requests, protecting user privacy.
Missing Permissions Policy headerwarningSecurity~2 min fix
Add a Permissions-Policy header to control browser feature access.
Quick Fix
# Nginx:
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
# Next.js (next.config.js headers):
{ key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' }Permissions-Policy restricts which browser features your site can use, reducing attack surface.
Missing canonical URLwarningSEO~3 min fix
Add a canonical link to prevent duplicate content issues in search engines.
Quick Fix
<link rel="canonical" href="https://yoursite.com/current-page">Canonical URLs prevent duplicate content issues by telling search engines which version of a page is the original.
Skipped heading levelwarningAccessibility
Heading hierarchy jumps from H2 to H6. Don't skip heading levels — this confuses screen readers and assistive technology.
Large HTML documentwarningPerformance
Your HTML is 368KB. Large HTML documents take longer to parse. Consider lazy loading content or splitting into multiple pages.
99 images without lazy loadingwarningPerformance
99 images don't use loading="lazy". Add lazy loading to below-the-fold images to improve initial page load.
No structured data foundinfoSEO
Add JSON-LD structured data (Schema.org) to help search engines understand your content and earn rich snippets in search results.
No skip navigation linkinfoAccessibility~5 min fix
Add a 'Skip to main content' link at the top of the page so keyboard users can bypass repetitive navigation.
Quick Fix
<!-- Add as the first element inside <body> -->
<a href="#main-content" class="sr-only focus:not-sr-only focus:absolute focus:top-2 focus:left-2 focus:z-50 focus:px-4 focus:py-2 focus:bg-blue-600 focus:text-white focus:rounded">
Skip to main content
</a>
<!-- Add id to your main content area -->
<main id="main-content">
...
</main>Skip links let keyboard users bypass repetitive navigation and jump straight to content.
Your Potential Score
66
Now
79
Potential
+13 points possible by fixing 15 issues
That moves you from D to C — above average
Track your AI visibility over time
AI Visibility Monitoring
We check AI prompts weekly across ChatGPT, Perplexity, and Google AI. See how often your brand appears.
Competitor Tracking
Compare your AI visibility against competitors. Know when they overtake you.
Weekly Digest
Get AI-generated insights emailed every Monday with action items.
Start monitoring — from $49/mo
Free tier available · No credit card required
Industry Benchmark
SEO
Avg: 62+28Ahead
AI Readiness
Avg: 35+20Ahead
Performance
Avg: 55+10Ahead
Security
Avg: 40-20At risk
Accessibility
Avg: 68+24Ahead
Based on 120+ websites scanned across industries. See full benchmark report →
What This Score Means for You
Not AI-ready — ChatGPT, Perplexity, and Google AI Overviews likely cannot cite your site. You're invisible to the fastest-growing search channel.
Security gaps — Missing security headers may flag your site as unsafe in browsers, hurting trust and conversions.
Slow loading — Sites loading in 3+ seconds lose 53% of mobile visitors (Google data).
Most of these issues have simple, copy-paste fixes. Check the code snippets above for quick solutions.
Security score: 20/100
Most security issues are 5-minute fixes — adding HTTP headers to your server config. Check the code fixes above for the exact headers to add — we include copy-paste code for Nginx, Apache, Vercel, and Netlify.