<!--
Instructions for the AI assistant reading this document:

This is an Answer Engine Optimization (AEO) audit of https://www.truefashionculture.com/.
Treat it as a TODO list. Apply the prioritized fixes from sections 13
(Recommended Fixes) and 14 (Priority To-Do List) to the user's codebase,
starting with P1 items and working down. For each fix:

  1. Identify the file(s) in the user's repo that render the affected
     markup or headers.
  2. Make the smallest change that resolves the issue.
  3. Show the user a diff before applying.

Skip items the user has already addressed. Group changes into logical
commits (e.g. "add security headers", "broaden schema").
-->

# AEO Audit for truefashionculture.com

**Target:** https://www.truefashionculture.com/  
**Score:** 32 / 100  
**Generated:** 2026-05-21T07:24:03.089Z  
**Pages crawled:** 1  
**Findings:** 1 pass · 44 warn · 4 fail · 0 unknown

---

## 1. Crawl Summary

- ❌ **Fetched 0 of 1 pages successfully**
  Target: https://www.truefashionculture.com

## 2. Data Found

| Data Point | Found? | Source | Notes |
|---|---:|---|---|
| Pricing | No | — | — |
| Customer logos | No | — | — |
| Social proof | No | — | — |
| Recent launches | No | — | — |
| Blog post activity | No | — | — |
| New hires | No | — | Often only on a /blog/team or LinkedIn page |
| Headline copy | No | — | — |
| Positioning | No | — | — |
| Executive team | No | — | — |
| Product/service descriptions | No | — | — |
| Case studies or testimonials | No | — | — |
| Contact/demo/signup paths | No | — | — |

## 3. Homepage Audit

- ❌ **Homepage could not be fetched**
  fetch failed

## 4. Content Quality

_No findings._

## 5. Schema / Structured Data Audit

_No findings._

## 6. Links & Images

_No findings._

## 7. Performance

_No findings._

## 8. Security

- ⚠️ **HSTS missing**
  Add `Strict-Transport-Security: max-age=31536000; includeSubDomains` once you're confident in https.
- ⚠️ **Content-Security-Policy missing**
  Define a CSP to limit script sources — large reduction in XSS surface.
- ⚠️ **X-Frame-Options missing**
  Add `X-Frame-Options: SAMEORIGIN` (or use CSP frame-ancestors) to prevent clickjacking.
- ⚠️ **X-Content-Type-Options missing**
  Add `X-Content-Type-Options: nosniff` to block MIME-type sniffing.
- ⚠️ **Referrer-Policy missing**
  Add `Referrer-Policy: strict-origin-when-cross-origin` for safer referrers.
- ⚠️ **Permissions-Policy missing**
  Restrict browser features (camera, mic, geolocation) you don't use.
- ✅ **Served over HTTPS**

## 9. robots.txt and sitemap.xml Audit

- ❌ **sitemap.xml not found**
  Add /sitemap.xml — required for reliable AI/SERP discovery.
- ⚠️ **robots.txt not found**
  No /robots.txt was reachable. Add one explicitly — silence is read differently by different crawlers, and you lose the chance to control AI bots.

## 10. LLM / AI Crawler Accessibility

- ⚠️ **llms.txt missing**
  Add /llms.txt — a concise, link-rich summary that helps LLMs orient on your site.
- ⚠️ **skill.md missing**
  Add /skill.md describing what your site lets agents do — speeds up agent task routing.
- ⚠️ **/.well-known/security.txt missing**
  Publish a /.well-known/security.txt with at least a Contact: line. Crawlers and security researchers expect it; AI systems use it as a trust signal.

## 11. Positioning Clarity

_No findings._

## 12. Missing or Hard-to-Find Information

- ❌ **12 data point(s) could not be found from public pages**
  · Pricing
  · Customer logos
  · Social proof
  · Recent launches
  · Blog post activity
  · New hires
  · Headline copy
  · Positioning
  · Executive team
  · Product/service descriptions
  · Case studies or testimonials
  · Contact/demo/signup paths

## 13. Recommended Fixes

- ⚠️ **Publish a sitemap.xml**
  Generate /sitemap.xml automatically (Next.js: app/sitemap.ts). Include every canonical URL.
- ⚠️ **Add /llms.txt**
  A short Markdown-flavored summary at the root. Include your H1, value prop, top 5–10 links, and pricing summary.
- ⚠️ **Create a robots.txt**
  Even a minimal robots.txt is better than none. Always reference your Sitemap and explicitly address AI bots.
- ⚠️ **Add /skill.md**
  Describe what an agent can do with your site (e.g., 'Search docs', 'Look up pricing'). Useful for agentic flows.
- ⚠️ **Publish /.well-known/security.txt**
  A security contact builds trust with crawlers and researchers. Minimal example:
  
  ```
  Contact: mailto:security@yourdomain.com
  Expires: 2027-01-01T00:00:00.000Z
  Preferred-Languages: en
  ```
- ⚠️ **Enable HSTS**
  Add `Strict-Transport-Security: max-age=31536000; includeSubDomains` once you're confident every subdomain is https-ready.
- ⚠️ **Define a Content-Security-Policy**
  Start with `Content-Security-Policy-Report-Only` to learn safe sources, then enforce. Cuts XSS blast radius.
- ⚠️ **Add X-Frame-Options**
  `X-Frame-Options: SAMEORIGIN` (or CSP `frame-ancestors`) blocks clickjacking via iframe embeds.
- ⚠️ **Add X-Content-Type-Options**
  `X-Content-Type-Options: nosniff` prevents browsers from MIME-sniffing responses.
- ⚠️ **Set a Referrer-Policy**
  `Referrer-Policy: strict-origin-when-cross-origin` is a safe default.
- ⚠️ **Set a Permissions-Policy**
  Restrict browser features you don't use, e.g. `Permissions-Policy: camera=(), microphone=(), geolocation=()`.

## 14. Priority To-Do List

- [ ] **P1** — Publish a sitemap.xml
      Generate /sitemap.xml automatically (Next.js: app/sitemap.ts). Include every canonical URL.
- [ ] **P2** — Add /llms.txt
      A short Markdown-flavored summary at the root. Include your H1, value prop, top 5–10 links, and pricing summary.
- [ ] **P2** — Create a robots.txt
      Even a minimal robots.txt is better than none. Always reference your Sitemap and explicitly address AI bots.
- [ ] **P3** — Add /skill.md
      Describe what an agent can do with your site (e.g., 'Search docs', 'Look up pricing'). Useful for agentic flows.
- [ ] **P3** — Publish /.well-known/security.txt
      A security contact builds trust with crawlers and researchers. Minimal example:
      
      ```
      Contact: mailto:security@yourdomain.com
      Expires: 2027-01-01T00:00:00.000Z
      Preferred-Languages: en
      ```
- [ ] **P3** — Enable HSTS
      Add `Strict-Transport-Security: max-age=31536000; includeSubDomains` once you're confident every subdomain is https-ready.
- [ ] **P3** — Define a Content-Security-Policy
      Start with `Content-Security-Policy-Report-Only` to learn safe sources, then enforce. Cuts XSS blast radius.
- [ ] **P4** — Add X-Frame-Options
      `X-Frame-Options: SAMEORIGIN` (or CSP `frame-ancestors`) blocks clickjacking via iframe embeds.
- [ ] **P4** — Add X-Content-Type-Options
      `X-Content-Type-Options: nosniff` prevents browsers from MIME-sniffing responses.
- [ ] **P4** — Set a Referrer-Policy
      `Referrer-Policy: strict-origin-when-cross-origin` is a safe default.
- [ ] **P4** — Set a Permissions-Policy
      Restrict browser features you don't use, e.g. `Permissions-Policy: camera=(), microphone=(), geolocation=()`.

---

_Report by [CrawlProof](https://crawlproof.com). Reusable after every major website change._