| Leak identified | Severity | Est. monthly impact | Fix required |
|---|---|---|---|
3 render-blocking resources delay FCP by 1503ms The top offenders: …sion1774449510/_cache/merged/dc682e5d32b130d237723be506e42f0a.min.css (601ms)… | High | −£1.9k/mo | Move non-critical CSS to preload + onload flip, or inline critical CSS for… |
https://www.srverror.com/styles.css blocks render on 86% of pages — 65823ms aggregate wasted Seen on 86/100 audited mobile pages. | High | −£1.8k/mo | This single file blocks render across most of the site. |
https://fonts.googleapis.com/css?family=Open+Sans blocks render on 86% of pages — 65032ms aggregate wasted Seen on 86/100 audited mobile pages. | High | −£1.8k/mo | This single file blocks render across most of the site. |
2 render-blocking resources delay FCP by 403ms The top offenders: /css (202ms); /styles.css (201ms). Every ms saved here shows up in FCP and usually LCP too. | High | −£1.7k/mo | Move non-critical CSS to preload + onload flip, or inline critical CSS for… |
Google Tag Manager costs 343ms blocking + 621ms main-thread on desktop Rank #1 by blocking time on this page. Google Tag Manager transfers 299 KB and keeps the main thread busy for 621ms… | Critical | −£1.4k/mo | GTM's own weight usually means a lot of tags. |
2 render-blocking resources delay FCP by 1560ms The top offenders: /styles.css (780ms); /css (780ms). Every ms saved here shows up in FCP and usually LCP too. | High | −£1.4k/mo | Move non-critical CSS to preload + onload flip, or inline critical CSS for… |
2 render-blocking resources delay FCP by 402ms The top offenders: /styles.css (201ms); /css (201ms). Every ms saved here shows up in FCP and usually LCP too. | High | −£1.4k/mo | Move non-critical CSS to preload + onload flip, or inline critical CSS for… |
2 render-blocking resources delay FCP by 402ms The top offenders: /styles.css (201ms); /css (201ms). Every ms saved here shows up in FCP and usually LCP too. | High | −£1.4k/mo | Move non-critical CSS to preload + onload flip, or inline critical CSS for… |
Sized against this site's £241,196/mo revenue baseline pulled from your GA4 property over the trailing 30 days. Each finding is sized using one of three frameworks, and given an honest confidence flag — hover over any £ figure to see the math for that specific leak.
Paid acquisition: not in scope for this client. The bid-optimisation framework below is therefore unavailable, and findings whose only revenue effect would be paid-channel data loss (e.g. consent leaks degrading Google Ads / Meta signals) are surfaced as Blind spot rather than given a fabricated £/mo number. Reason: UK vape retailer — Google Ads + Meta restricted under TPD/2014, no paid acquisition. Bid-optimisation framework not applicable; consent leaks score as regulatory exposure (Blind spot) only.
Confidence flags: High — bounded by data we have (measured ms→CVR curves, known revenue events). Medium — directionally right; magnitude has assumptions. Low — qualitative or hard to size; surfaced as Blind spot rather than a token figure.
Numbers are estimates, not contracts — they exist to help prioritise sprint work. Where a specific leak is fixed and re-measured, we update the model with actuals.
The most urgent problem for Vampire Vape is that tags are firing after users select "Reject All" on the consent banner, which represents a serious compliance risk under UK GDPR and PECR and is almost certainly the primary driver of the site's score of zero. Across the 25 URLs audited, this single issue accounts for the overwhelming majority of the 54 high-severity findings, meaning that tracking is systematically ignoring users' consent choices at scale. This exposes the business to potential regulatory scrutiny from the ICO and could undermine user trust if it came to light publicly. Separately, a duplicate GA4 installation was also identified, which, once the consent issue is resolved, will need to be addressed to prevent inflated session counts and skewed analytics data. Fixing the consent signal integration with the tag management setup should be treated as an immediate priority before any further data collection takes place.
Vampire Vape's GA4 property (354471494) is broadly healthy with a trust score of 86, recording 22,444 purchases and £710,750 in revenue during the audit window — but two issues threaten the reliability of that data. Seventeen product and category URLs are returning zero page_view events, creating blind spots across key SKUs and brand pages that will distort attribution and merchandising decisions. A 61% spike in session_start events also signals a likely tagging regression that could be inflating session counts and skewing all downstream channel and conversion metrics.
Vampire Vape's mobile performance is sitting in the danger zone — scores as low as 50 on key pages — putting organic rankings and paid landing page Quality Scores at measurable risk; the single biggest revenue-adjacent issue is a third-party stylesheet (srverror.com/styles.css) blocking render on 86% of pages and wasting over 65 seconds of aggregate load time across the site, meaning shoppers on mobile are staring at blank screens before they can browse or convert. Two root causes — unoptimised Google Tag Manager tag firing and render-blocking CSS and font resources — are suppressing scores that could realistically reach the low-to-mid 90s with targeted fixes, directly improving ad efficiency and SEO visibility.
Rank #1 by blocking time on this page. Google Tag Manager transfers 299 KB and keeps the main thread busy for 621ms, delaying INP and TBT. It fires BEFORE consent according to the tracking audit — so it's degrading experience for users who reject cookies too.
Fix: GTM's own weight usually means a lot of tags. Run GTM Preview and look for tags firing on every page that could be scoped to specific events or URLs.
Rank #1 by blocking time on this page. Google Tag Manager transfers 299 KB and keeps the main thread busy for 414ms, delaying INP and TBT. It fires BEFORE consent according to the tracking audit — so it's degrading experience for users who reject cookies too.
Fix: GTM's own weight usually means a lot of tags. Run GTM Preview and look for tags firing on every page that could be scoped to specific events or URLs.
Rank #2 by blocking time on this page. Cookiebot transfers 141 KB and keeps the main thread busy for 189ms, delaying INP and TBT. It fires BEFORE consent according to the tracking audit — so it's degrading experience for users who reject cookies too.
Fix: Load Cookiebot with `async defer`, push it as late as safely possible, and if it's tag-manager-loaded, add a consent trigger. If it's not strictly needed for functionality, lazy-load on first interaction.
The top offenders: …sion1774449510/_cache/merged/dc682e5d32b130d237723be506e42f0a.min.css (601ms); …sion1774449510/_cache/merged/4b99b28e82d75b2e19802a36528948d2.min.css (451ms); …rehouse/VampireVape/en_GB/FlavourWarehouse_Marketing/js/labels.min.js (451ms). Every ms saved here shows up in FCP and usually LCP too.
Fix: Move non-critical CSS to preload + onload flip, or inline critical CSS for above-the-fold. For scripts, add `defer` (or `async` for independent scripts). If the file is first-party + required, consider HTTP/2 push or bundle it into the initial chunk.
Seen on 86/100 audited mobile pages.
Fix: This single file blocks render across most of the site. Defer it (add `defer`), preload it, or inline its critical portion. Biggest sitewide win per line-of-change you'll find.
Seen on 86/100 audited mobile pages.
Fix: This single file blocks render across most of the site. Defer it (add `defer`), preload it, or inline its critical portion. Biggest sitewide win per line-of-change you'll find.
The top offenders: /css (202ms); /styles.css (201ms). Every ms saved here shows up in FCP and usually LCP too.
Fix: Move non-critical CSS to preload + onload flip, or inline critical CSS for above-the-fold. For scripts, add `defer` (or `async` for independent scripts). If the file is first-party + required, consider HTTP/2 push or bundle it into the initial chunk.
The top offenders: /styles.css (780ms); /css (780ms). Every ms saved here shows up in FCP and usually LCP too.
Fix: Move non-critical CSS to preload + onload flip, or inline critical CSS for above-the-fold. For scripts, add `defer` (or `async` for independent scripts). If the file is first-party + required, consider HTTP/2 push or bundle it into the initial chunk.
The top offenders: /styles.css (201ms); /css (201ms). Every ms saved here shows up in FCP and usually LCP too.
Fix: Move non-critical CSS to preload + onload flip, or inline critical CSS for above-the-fold. For scripts, add `defer` (or `async` for independent scripts). If the file is first-party + required, consider HTTP/2 push or bundle it into the initial chunk.
The top offenders: /styles.css (201ms); /css (201ms). Every ms saved here shows up in FCP and usually LCP too.
Fix: Move non-critical CSS to preload + onload flip, or inline critical CSS for above-the-fold. For scripts, add `defer` (or `async` for independent scripts). If the file is first-party + required, consider HTTP/2 push or bundle it into the initial chunk.
The top offenders: /styles.css (201ms); /css (201ms). Every ms saved here shows up in FCP and usually LCP too.
Fix: Move non-critical CSS to preload + onload flip, or inline critical CSS for above-the-fold. For scripts, add `defer` (or `async` for independent scripts). If the file is first-party + required, consider HTTP/2 push or bundle it into the initial chunk.
The top offenders: /styles.css (201ms); /css (201ms). Every ms saved here shows up in FCP and usually LCP too.
Fix: Move non-critical CSS to preload + onload flip, or inline critical CSS for above-the-fold. For scripts, add `defer` (or `async` for independent scripts). If the file is first-party + required, consider HTTP/2 push or bundle it into the initial chunk.
+ 132 more findings — see the detailed dashboards.