5ML Agentic AI Platform

Web Health Best Practices Library

38 practices across 7 layers, 10 critical

Curated from OWASP, W3C WCAG 2.2, Google SEO guidelines, and industry standards. The orchestrating agent uses these criteria to score your website.

Criteria sourced from OWASP, W3C, Google, Schema.org|Daily scan updates planned

Filter by priority:

Use HTTPS everywhere

CriticalOWASP, Google Security

All pages must be served over HTTPS with a valid SSL/TLS certificate. HTTP should 301 redirect to HTTPS. HSTS header should be set with max-age of at least 1 year.

Let's Encrypt SSL Labs Test

Server Response Time < 200ms

HighGoogle Core Web Vitals

Time to First Byte (TTFB) should be under 200ms. Use CDN, server caching, and optimized database queries. Google uses TTFB as a ranking signal.

web.dev TTFB Guide

Enable compression (gzip/brotli)

HighHTTP/2 Best Practices

Enable server-side compression for text-based resources. Brotli provides 15-20% better compression than gzip. Configure Content-Encoding headers.

Brotli Compression

Set proper cache headers

MediumRFC 7234

Use Cache-Control headers with appropriate max-age for static assets (1 year for versioned files). Use ETag for dynamic content. Implement cache busting for deployments.

Caching Best Practices

Declare character encoding

MediumW3C HTML Standard

Add <meta charset="UTF-8"> as the first element in <head>. This prevents rendering delays and character display issues.

W3C Encoding

Daily Scanning (Coming Soon)

The orchestrating agent will automatically scan updated standards from OWASP, W3C, Google Search Central, and Schema.org on a daily basis. New criteria will be added to the library and reflected in health check scoring automatically. This ensures your scans always reflect the latest best practices without manual updates.