Skip to content
Iron Scrolls

What is Iron Scrolls?

For non-developers

Your website. Checked. Fixed. Done.

Your developer builds your website. Iron Scrolls is the set of expert checks they run — automatically — to make sure it's actually ready. Ready for Google. Ready for every visitor. Ready for customers on slow phones, or using a screen reader, or worrying about their data.

Try it on your site → For developers: install →

The problem with "the website is ready"

When a developer says the website is ready, they mean the code works and the pages load. But "working" and "ready" are not the same thing.

🔍 Google can't find it

Missing page titles, no descriptions, broken Open Graph tags. Your site works — but it's invisible to search engines, or shows up wrong when someone shares it on social media.

Not everyone can use it

1 in 6 people has some form of disability. Missing alt text, poor colour contrast, and unlabelled buttons lock them out — and expose you to legal risk in many countries.

🐢 It's too slow

Every extra second of load time loses roughly 7% of conversions. Unoptimised images, render-blocking scripts, and missing caching headers silently cost you customers every day.

🔓 Customer data is exposed

Hardcoded API keys, missing security headers, and unvalidated form inputs are front doors left unlocked. You won't know until someone walks through them.

Iron Scrolls gives your developer a single command to find all of these — and fix them — before the website goes live, or at any time after.

Seven expert checks, one command each

Think of each check as bringing in a specialist for a day. Except it takes minutes, not weeks, and costs nothing extra.

🔍
SEO Audit
/seo-audit

What it does: Checks every page of your website the same way Google does — looking for titles, descriptions, image tags, a sitemap, and the metadata that determines how your site appears in search results and on social media.

Why it matters: Without this, Google might show the wrong title for your pages — or your website might not appear at all for the searches your customers are actually making.

Generates a developer report + a plain-English owner report
Accessibility Audit
/accessibility-audit

What it does: Checks whether everyone can use your website — including people using screen readers, people with low vision who need high contrast, people who navigate by keyboard only, and people on older devices.

Why it matters: In the UK, US, EU, and most developed markets, websites serving the public are legally required to meet accessibility standards (WCAG 2.1 AA). Lawsuits and enforcement are increasing every year.

Generates a developer report + a plain-English stakeholder report
Performance Audit
/performance-audit

What it does: Checks how fast your website loads, what's slowing it down, and whether it causes visual instability — text and images jumping around as the page loads (which Google measures as a ranking signal).

Why it matters: Google uses page speed as a search ranking factor. Slow sites rank lower, get fewer visitors, and convert fewer of the visitors they do get — especially on mobile.

Generates a developer report + a plain-English stakeholder report
🔒
Security Audit
/security-audit

What it does: Looks for exposed credentials, missing security protections, vulnerabilities in dependencies, and gaps in how user data is handled — aligned with the OWASP Top 10, the industry standard for web security.

Why it matters: A single compromised API key or SQL injection vulnerability can expose every customer's data, result in a GDPR fine of up to 4% of annual revenue, and destroy the trust you've built.

Generates a developer report + a plain-English stakeholder report
👁
Code Review
/pr-review

What it does: Before any new feature, bug fix, or change goes live, this checks it for correctness, security issues, performance problems, and missing tests — the same things a senior engineer would look for in a peer review.

Why it matters: Most bugs that reach production could have been caught with a thorough review. This acts as a second expert set of eyes on every change, before it affects your customers.

Generates a structured review report with severity-ranked issues
🧪
Test Coverage Audit
/test-coverage

What it does: Finds every part of your codebase that has no automated tests — the logic handling payments, user accounts, data changes — and writes the missing tests, prioritising the highest-risk areas first.

Why it matters: Automated tests are a safety net. Without them, every new feature risks breaking something that was already working. With them, your team can move faster with confidence.

Generates a before/after coverage report with remaining gaps
🔌
API Design Review
/api-design-review

What it does: If your application has an API — the layer that connects your website to your database, to third-party services, or to a mobile app — this checks that it's structured correctly, protected, and handles errors gracefully.

Why it matters: A poorly designed API is slow to build on, easy to break, and harder to secure. Catching issues early is far cheaper than fixing them after a mobile app or integration depends on them.

Generates a structured review report with architectural recommendations

Two reports: one for your developer, one for you

For the SEO, accessibility, performance, and security audits, Iron Scrolls generates two separate HTML reports — saved locally, never sent anywhere.

Developer report
  • Exact file paths and line numbers for every issue
  • Code snippets showing what's wrong and how to fix it
  • Severity levels: Critical, High, Medium, Low
  • List of what was auto-fixed vs what needs manual attention
Owner report (that's you)
  • Plain English summary — no code, no jargon
  • What risks your site has right now
  • What the developer fixed and what still needs work
  • Traffic-light status for each area (green / amber / red)

How your developer uses it

There is no dashboard, no subscription, no third-party service. The commands run locally on your developer's computer against your code. Nothing is sent to a server. Everything stays private.

1
Install once

Your developer clones the Iron Scrolls repository and runs a one-line installer. All commands are available immediately in every project — no configuration required.

2
Run a command

In any project, your developer types the command name. Claude — the AI — follows the full audit prompt, reading the actual code and configuration files rather than just the live website.

3
Get the reports

Two HTML reports are saved locally. Your developer works through the technical one. You receive the owner report — plain English, actionable, no technical background needed.

A real example

"We noticed something strange in Google Search Console. Our site had a sitelink — that row of quick-links Google sometimes shows under a search result. Ours said: Hamburger-menu."

Not "About". Not "Book a trip". The alt text on a nav icon was the only unique text Google could find anywhere on the page — because there were no per-page titles or descriptions. So Google used it.

Running /seo-audit found the alt text issue, the missing metadata on every page, the missing sitemap, and the unindexed checkout pages — all in one pass. Two reports, fixes applied automatically.

Read the full story →

See what it finds on your website

Enter your website URL and pick a check. The analysis runs in your browser — no installation, no account, no cost.

Try it now →

Or share this page with your developer — everything they need is in the installation guide.

If these scrolls have served you well —
☕ Support on Ko-fi ♥ GitHub Sponsors