Owner tools

For the owner of China (www.dryshiitakemushrooms.com).

Ownership

This launch is unclaimed.

Claim this launch to get an owner link, re-scan after fixes, track your score improvements, or remove your site from StackScope entirely.

Claim this launch

Start here

Three fast-win fixes from the list below, ordered by impact. Each is a drop-in change you can finish in under 30 minutes.

Add a privacy policy page Analytics detected on this site, so a privacy policy is a legal requirement under GDPR and US state privacy laws, not optional.
Add a sitemap.xml
Add Open Graph tags Missing on your page: all three Open Graph tags.

5 more score-affecting fixes below, plus advisory items.

Fixes that improve your score

Security

HIGHAdd the missing security response headers
Missing 5 of 6 standard browser headers. Start with Referrer-Policy, X-Content-Type-Options, and X-Frame-Options (one line each), then roll out CSP in Report-Only mode.
WhyEach header limits a class of browser-side attack: clickjacking, XSS, MIME sniffing, plaintext fallback. Missing headers leave default-permissive behaviour in place.
WhereMost are one line each in your server config, reverse proxy, CDN, or framework headers.
Learn more
Why this matters & sources
Per-header consequence:
- Content-Security-Policy: Controls which scripts, styles, and fonts are allowed to run on your pages. Without it, an injected <script> tag runs with full access to your users' sessions and cookies.
- X-Frame-Options: Stops other sites loading yours inside an invisible iframe to trick users into clicking buttons they can't see (clickjacking).
- X-Content-Type-Options: Tells browsers not to guess file types. Without it, a user-uploaded image can be sniffed as JavaScript and executed.
- Referrer-Policy: Controls how much of the current URL is sent to third-party sites and analytics. The default leaks the full path, including query strings that may contain tokens or user IDs.
- Permissions-Policy: Turns off browser features your site doesn't use (camera, microphone, geolocation, payment) so an injected script can't trigger them.
CSP rollout: Content-Security-Policy is the hardest to get right. Start with Content-Security-Policy-Report-Only, which logs violations without blocking. Open DevTools Console, reload each page, and relax the policy until the console is clean. Rename the header to Content-Security-Policy to enforce. For real-user monitoring, point a report-to directive at a free collector (report-uri.com, Sentry, or a /api/csp-report route).

Legal & compliance

HIGHAdd a privacy policy page
Analytics detected on this site, so a privacy policy is a legal requirement under GDPR and US state privacy laws, not optional.
WhyDocuments what personal data you collect and how you use it. Without one, it's hard to demonstrate basic GDPR / CCPA compliance to regulators or users.
WhereUse a free generator like Termly or Iubenda to produce one in minutes, then link from your footer.
Learn more

Discoverability

MEDIUMAdd a sitemap.xml
WhyHelps search engines discover all your pages, including deep-linked ones not in the navigation. Without one, only pages reachable via crawl-from-homepage get found.
WhereGenerate /sitemap.xml and reference it from robots.txt with a Sitemap: line. Frameworks usually generate it (Next.js app/sitemap.ts, Astro @astrojs/sitemap).
Learn more

Page basics & SEO

MEDIUMAdd Open Graph tags
Missing on your page: all three Open Graph tags.
WhyWithout og:title, og:description, and og:image, links to your site render as bare text on Facebook, LinkedIn, and most chat apps instead of rich previews with an image.
WhereAdd <meta property="og:title" content="..."> (and the other two) to each page's <head>. Frameworks usually have a metadata API for this.
Learn more
MEDIUMAdd a canonical link
No <link rel="canonical"> was detected on your page.
WhyTells search engines which URL is the canonical version when the same content is reachable via multiple paths (with/without trailing slash, query strings, www vs apex).
WhereAdd <link rel="canonical" href="https://your-domain.com/this-page"> to each page's <head>.
Learn more
MEDIUMAdd Twitter card meta tags
No Twitter card tags were detected on your page.
WhyWithout them, links shared on X render as bare text instead of a rich preview card with image, title, and description. Rich cards have meaningfully higher CTR.
WhereAdd <meta name="twitter:card" content="summary_large_image">, plus twitter:title, twitter:description, and twitter:image to your <head>.
Learn more
MEDIUMAdd a favicon
No favicon was detected on your page.
WhyWithout one, browsers and search results show a generic globe icon next to your domain. Looks unfinished and makes your tab harder to spot when a user has many tabs open.
WhereUse realfavicongenerator.net to produce every required size, then <link rel="icon" href="/favicon.ico"> plus the modern formats (apple-touch-icon, SVG icon).
Learn more
MEDIUMUse HTML5 semantic elements
Page uses mostly generic <div>s with no semantic landmarks detected.
WhyScreen-reader users can't reliably skip past navigation to your primary content. Search engines also use these to identify which part of the page is the actual content for snippet generation.
WhereReplace outermost <div>s with <nav>, <main>, <article>, <section>, <header>, <footer> where the structure fits.
Learn more

Starter Content-Security-Policy

We didn't see a Content-Security-Policy header on your site. Here's a starter policy built from the 1 third-party vendor we detected (google-analytics).

Content-Security-Policy-Report-Only:
default-src 'self';
script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com;
img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com;
connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com;
frame-ancestors 'none';
base-uri 'self';
form-action 'self';

Test before enforcing. This is a starting point based on what we could detect from a public crawl, not a finished policy. Deploy as Content-Security-Policy-Report-Only first (as shown above), walk through your site with DevTools Console open, and relax the policy until no CSP violations fire. Only then rename the header to Content-Security-Policy to enforce.

We probably don't cover everything. Vendors that only load behind auth, self-hosted scripts, custom analytics, and anything we haven't fingerprinted yet won't appear here. Inline scripts work because we've included 'unsafe-inline'; you can tighten that later with nonces once the basic policy is stable. The Report-Only walkthrough will flag anything we missed. That's the whole point of starting there.

Optional improvements

These don't change your StackScope score but cover SEO, agent-readiness, security-researcher discoverability, and compliance items worth addressing.

Security

LOWAdd /.well-known/security.txt
WhyLets security researchers report vulnerabilities responsibly through a published contact channel.
WhereCreate /.well-known/security.txt with a Contact: email and Expires: date.
Learn more

Legal & compliance

HIGHAdd a cookie-consent banner
Analytics detected on this site without a consent manager.
WhyUK/EU GDPR requires opt-in before analytics scripts fire; about half of US state privacy laws now require honouring the Global Privacy Control browser signal as a universal opt-out.
WhereDrop in Cookiebot, Usercentrics, Osano, or Iubenda Consent, or hand-roll a banner plus Google's Consent Mode v2.
Learn more
Why this matters & sources
The legal landscape: UK/EU GDPR treats analytics as personal-data processing that requires opt-in consent before scripts fire. About half the US state privacy laws now in force (California, Colorado, Texas, Connecticut, Oregon, Montana, Delaware, New Hampshire, New Jersey, Nebraska) require honouring the Global Privacy Control (GPC) browser signal as a universal opt-out, and California's January 2026 regulations require visibly indicating when a GPC signal has been honoured.
Sources: IAPP US state privacy tracker (iapp.org/resources/article/us-state-privacy-legislation-tracker), California AG on GPC (oag.ca.gov/privacy/ccpa/gpc), EDPB consent guidelines (edpb.europa.eu).

Email security

MEDIUMConfigure DKIM with your email provider
No DKIM record found at the common selectors we check.
WhyDKIM signs your outbound mail with a cryptographic key receivers can verify. Without it, receivers can't tell your real mail from a spoof.
WhereAsk your email provider for their DKIM setup. It's usually one TXT record at {selector}._domainkey.{your-domain}.
Learn more
Why this matters & sources
Selectors we probe: Resend, SendGrid, Postmark, Mailchimp, Brevo, Mailgun, HubSpot, Customer.io, ConvertKit, Cloudflare Email. If you use Google Workspace, Microsoft 365, or self-hosted email with a custom selector, you may already have DKIM published and we just don't see it.
LOWAdd MTA-STS
No MTA-STS DNS record published.
WhyPrevents mail to your domain being downgraded to plaintext mid-flight by a network attacker. Most launches don't have this, so deploying it puts you a tier above generic email-security checks.
WherePublish a TXT record at _mta-sts.{your-domain} plus a policy file at https://mta-sts.{your-domain}/.well-known/mta-sts.txt.
Learn more
LOWAdd a TLS-RPT record
No TLS-RPT record at _smtp._tls.{domain}.
WhyReceivers can tell you when STARTTLS handshakes to your mail server fail. Without it, silent TLS failures are invisible.
WherePublish one TXT record at _smtp._tls.{your-domain} like v=TLSRPTv1; rua=mailto:[email protected].
Learn more

Page basics & SEO

LOWTrim your <title> tag to under 60 characters
Currently 83 characters: "China-Luoyang Dashu Agricultural Technology Co., Ltd. (Agricultural Product Export)"
WhyGoogle truncates titles around 60 characters in search results, so anything past that gets cut off mid-sentence and costs click-through rate.
WhereAim for 50-60 characters that include your main keyword and brand.
Learn more
LOWTrim your meta description to under 160 characters
Currently 3434 characters: "About Us | Luoyang Dashu Agricultural Science and Technology Co., Ltd. Rooted in the Ancient Capital Luoyang, Nourishing Tables Around the Globe Brand Story: From Luoyang to the World, Nourishing Every Meal Luoyang Dashu Agricultural Science and Technology Co., Ltd. is firmly rooted in the profound cultural soil of Luoyang, an ancient capital of thirteen dynasties. Named "Dashu" (which means "big tree" in Chinese), we symbolize our pursuit of quality: taking root deeply, growing vigorously, and providing shelter far and wide, just like a big tree. We specialize in transforming China's high-quality native edible mushroom resources into consistently supplied, top-notch dried mushroom products for the global market through modern processing technologies and stringent quality standards. We are well aware that every shiitake mushroom and every slice of matsutake carries the essence of nature and the meticulous craftsmanship of growers. Therefore, we have established a full-chain quality control system, covering from source cultivation and scientific processing to international logistics, ensuring that these oriental delicacies can safely and freshly reach kitchens and dining tables worldwide. Mission and Vision Our Mission: To bring China's high-quality edible mushroom products to global customers in a sustainable manner and become a trusted agricultural food supplier. Our Vision: To become a highly respected Chinese edible mushroom brand in the international market, making "Dashu" synonymous with quality, reliability, and sustainability. Full-Chain Quality Control with Traceable Sources We have forged close partnerships with high-quality bases in multiple core production areas across China. We strictly supervise the planting environment and cultivation processes to ensure the superior quality of raw materials. All our products are equipped with a traceability system, transparently presenting key links from the fields to the finished products. Innovative Processing Techniques to Preserve Freshness and Flavor We have introduced advanced processing equipment and adopted scientific low-temperature drying technologies. Processing is carried out in strictly controlled clean environments, aiming to maximize the retention of the original shapes, nutritional components, and unique flavors of edible mushrooms. Main Product Matrix Dried Shiitake Mushrooms: Thick caps and rich mushroom aroma. Dried Boletus Mushrooms: Plump flesh with a fresh and unique flavor. Dried Matsutake Mushrooms: Carefully selected high-quality raw materials and meticulously dried. Dried Wood Ear Mushrooms: Large and thick with a clean and impurity-free appearance. International Standard Certifications, Reaching Global Markets We are well-versed in international trade regulations and are committed to ensuring that our products meet the quality and safety standards of international markets. With efficient international logistics solutions, we steadily export our products to multiple countries and regions. Partner with Us We firmly believe that exceptional quality stems from an unwavering attention to detail and a deep reverence for nature. Luoyang Dashu Agricultural Science and Technology Co., Ltd. sincerely invites global catering enterprises, food manufacturers, wholesalers, and retailers to inquire about cooperation. Let us join hands to spread the deliciousness and health of nature to a broader world."
WhyGoogle truncates around 155-160 characters on desktop SERPs (less on mobile), so anything past that won't appear in the snippet.
WhereEdit your <meta name="description"> tag. Put the most click-worthy phrase first.
Learn more

Performance

HIGHCompress your largest image
Largest image transfers 2.0 MB. Oversized hero/banner images are the most common cause of slow first paint on indie launches.
WhyLarge images delay the largest-contentful-paint and burn mobile data before the page is usable.
WhereExport at the displayed size, convert to WebP/AVIF, and compress (Squoosh, sharp, or your framework's image component such as Next.js <Image>).
Learn more
MEDIUMSet width and height on your images
36 images render without explicit width/height.
WhyWithout intrinsic dimensions the browser can't reserve space before the image loads, so content jumps as it arrives (cumulative layout shift).
WhereAdd width and height attributes (or an aspect-ratio CSS rule). Framework image components set these for you.
Learn more
LOWServe right-sized images
25 images are downloaded at more than twice the displayed size.
WhyShipping a 2000px image into a 400px slot wastes bandwidth and slows loading, especially on mobile.
WhereResize to the displayed dimensions, or use srcset/sizes (or a framework image component) to serve per-viewport variants.
Learn more
LOWAdd alt text to your images
18 images have no alt attribute.
WhyScreen-reader users get no description, and search engines lose a signal about the image content.
WhereAdd a concise alt="..." to each image (an empty alt="" is correct only for purely decorative images).
Learn more

Agent / AI

LOWAdd an llms.txt file
WhyHelps AI models understand your site's content and how to use it. Not yet a standard but gaining adoption.
WhereCreate /llms.txt at the site root with a brief overview and key URLs.
Learn more
LOWDeclare a Content-Signal in robots.txt
WhyStates how you'd like AI systems to use your content (training, search, agent input). Without it, AI crawlers fall back to whatever default policy each vendor applies.
WhereAdd a Content-Signal: line to your robots.txt.
Learn more
LOWAdd Link response headers
WhyLets agents discover your sitemap, privacy policy, and docs without parsing HTML, which most lightweight agents skip.
WhereSet Link: response headers in your server config or framework middleware.
Learn more

If a tip looks wrong (for example it says "add a consent banner" and you already have one) the detection's the bug, not you. StackScope sees what's public from the outside: HTTP response, rendered HTML, cookies, and DNS. We can miss vendors that load behind consent, are self-hosted, or use an install shape we haven't fingerprinted yet. Email [email protected] and we'll look into it.

Copy into Cursor, Claude, or ChatGPT

This prompt includes the detected stack and only the fixes StackScope found. It asks the AI to make concrete file-level changes, not a vague website review.

Score-affecting basics only. Ask your AI to handle these first; come back for the optional hardening once they're done.

Everything: score-affecting fixes plus optional email security, agent metadata, and best-practice items. Longer prompt, more for an "all in one" agent run.

I own https://www.dryshiitakemushrooms.com. StackScope (https://stackscope.dev) analysed it on 4 June 2026 and scored it 2.7/10 against their production-readiness checklist. Please help me apply the fixes below. These are the score-affecting basics. We'll circle back to the optional hardening (email security, advanced agent metadata) later.

Tech stack StackScope detected on the site (use this when suggesting where each fix lives in the codebase):
92wailian, alibaba-cloud-dns, google-analytics, google-site-verification, hsts, http3, netease-mail, nginx, pbootcms

Score-affecting fixes (these improve the StackScope score; [HIGH] = most impact):
- [HIGH] Add a privacy policy page. Analytics detected on this site, so a privacy policy is a legal requirement under GDPR and US state privacy laws, not optional. Why: Documents what personal data you collect and how you use it. Without one, it's hard to demonstrate basic GDPR / CCPA compliance to regulators or users. Where: Use a free generator like Termly or Iubenda to produce one in minutes, then link from your footer. (https://www.termly.io/products/privacy-policy-generator/)
- [HIGH] Add the missing security response headers. Missing 5 of 6 standard browser headers. Start with `Referrer-Policy`, `X-Content-Type-Options`, and `X-Frame-Options` (one line each), then roll out CSP in `Report-Only` mode. Why: Each header limits a class of browser-side attack: clickjacking, XSS, MIME sniffing, plaintext fallback. Missing headers leave default-permissive behaviour in place. Where: Most are one line each in your server config, reverse proxy, CDN, or framework headers. (https://owasp.org/www-project-secure-headers/)
- [MEDIUM] Add a sitemap.xml. Why: Helps search engines discover all your pages, including deep-linked ones not in the navigation. Without one, only pages reachable via crawl-from-homepage get found. Where: Generate `/sitemap.xml` and reference it from `robots.txt` with a `Sitemap:` line. Frameworks usually generate it (Next.js `app/sitemap.ts`, Astro `@astrojs/sitemap`). (https://developers.google.com/search/docs/crawling-indexing/sitemaps/overview)
- [MEDIUM] Add Open Graph tags. Missing on your page: all three Open Graph tags. Why: Without `og:title`, `og:description`, and `og:image`, links to your site render as bare text on Facebook, LinkedIn, and most chat apps instead of rich previews with an image. Where: Add `<meta property="og:title" content="...">` (and the other two) to each page's `<head>`. Frameworks usually have a metadata API for this. (https://ogp.me/)
- [MEDIUM] Add a canonical link. No `<link rel="canonical">` was detected on your page. Why: Tells search engines which URL is the canonical version when the same content is reachable via multiple paths (with/without trailing slash, query strings, www vs apex). Where: Add `<link rel="canonical" href="https://your-domain.com/this-page">` to each page's `<head>`. (https://developers.google.com/search/docs/crawling-indexing/consolidate-duplicate-urls)
- [MEDIUM] Add Twitter card meta tags. No Twitter card tags were detected on your page. Why: Without them, links shared on X render as bare text instead of a rich preview card with image, title, and description. Rich cards have meaningfully higher CTR. Where: Add `<meta name="twitter:card" content="summary_large_image">`, plus `twitter:title`, `twitter:description`, and `twitter:image` to your `<head>`. (https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name)
- [MEDIUM] Add a favicon. No favicon was detected on your page. Why: Without one, browsers and search results show a generic globe icon next to your domain. Looks unfinished and makes your tab harder to spot when a user has many tabs open. Where: Use realfavicongenerator.net to produce every required size, then `<link rel="icon" href="/favicon.ico">` plus the modern formats (`apple-touch-icon`, SVG icon). (https://realfavicongenerator.net/)
- [MEDIUM] Use HTML5 semantic elements. Page uses mostly generic `<div>`s with no semantic landmarks detected. Why: Screen-reader users can't reliably skip past navigation to your primary content. Search engines also use these to identify which part of the page is the actual content for snippet generation. Where: Replace outermost `<div>`s with `<nav>`, `<main>`, `<article>`, `<section>`, `<header>`, `<footer>` where the structure fits. (https://developer.mozilla.org/en-US/docs/Web/HTML/Element#content_sectioning)

For each item, tell me exactly which file to create or which code to change, and where it lives in a project using the stack above. If my framework has a native API for the task (e.g. Next.js metadata exports, `app/sitemap.ts`, Astro layouts, Nuxt `useHead`), prefer that over raw HTML or server config.

Full analysis: https://stackscope.dev/launch/uu37ak2m/china

I own https://www.dryshiitakemushrooms.com. StackScope (https://stackscope.dev) analysed it on 4 June 2026 and scored it 2.7/10 against their production-readiness checklist. Please help me apply the fixes below. This is a checklist, not a blocker list; Score-affecting fixes are the ones that move the number, Optional items are nice-to-haves with zero score impact that I can skip for an MVP.

Tech stack StackScope detected on the site (use this when suggesting where each fix lives in the codebase):
92wailian, alibaba-cloud-dns, google-analytics, google-site-verification, hsts, http3, netease-mail, nginx, pbootcms

Score-affecting fixes (these improve the StackScope score; [HIGH] = most impact):
- [HIGH] Add a privacy policy page. Analytics detected on this site, so a privacy policy is a legal requirement under GDPR and US state privacy laws, not optional. Why: Documents what personal data you collect and how you use it. Without one, it's hard to demonstrate basic GDPR / CCPA compliance to regulators or users. Where: Use a free generator like Termly or Iubenda to produce one in minutes, then link from your footer. (https://www.termly.io/products/privacy-policy-generator/)
- [HIGH] Add the missing security response headers. Missing 5 of 6 standard browser headers. Start with `Referrer-Policy`, `X-Content-Type-Options`, and `X-Frame-Options` (one line each), then roll out CSP in `Report-Only` mode. Why: Each header limits a class of browser-side attack: clickjacking, XSS, MIME sniffing, plaintext fallback. Missing headers leave default-permissive behaviour in place. Where: Most are one line each in your server config, reverse proxy, CDN, or framework headers. (https://owasp.org/www-project-secure-headers/)
- [MEDIUM] Add a sitemap.xml. Why: Helps search engines discover all your pages, including deep-linked ones not in the navigation. Without one, only pages reachable via crawl-from-homepage get found. Where: Generate `/sitemap.xml` and reference it from `robots.txt` with a `Sitemap:` line. Frameworks usually generate it (Next.js `app/sitemap.ts`, Astro `@astrojs/sitemap`). (https://developers.google.com/search/docs/crawling-indexing/sitemaps/overview)
- [MEDIUM] Add Open Graph tags. Missing on your page: all three Open Graph tags. Why: Without `og:title`, `og:description`, and `og:image`, links to your site render as bare text on Facebook, LinkedIn, and most chat apps instead of rich previews with an image. Where: Add `<meta property="og:title" content="...">` (and the other two) to each page's `<head>`. Frameworks usually have a metadata API for this. (https://ogp.me/)
- [MEDIUM] Add a canonical link. No `<link rel="canonical">` was detected on your page. Why: Tells search engines which URL is the canonical version when the same content is reachable via multiple paths (with/without trailing slash, query strings, www vs apex). Where: Add `<link rel="canonical" href="https://your-domain.com/this-page">` to each page's `<head>`. (https://developers.google.com/search/docs/crawling-indexing/consolidate-duplicate-urls)
- [MEDIUM] Add Twitter card meta tags. No Twitter card tags were detected on your page. Why: Without them, links shared on X render as bare text instead of a rich preview card with image, title, and description. Rich cards have meaningfully higher CTR. Where: Add `<meta name="twitter:card" content="summary_large_image">`, plus `twitter:title`, `twitter:description`, and `twitter:image` to your `<head>`. (https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name)
- [MEDIUM] Add a favicon. No favicon was detected on your page. Why: Without one, browsers and search results show a generic globe icon next to your domain. Looks unfinished and makes your tab harder to spot when a user has many tabs open. Where: Use realfavicongenerator.net to produce every required size, then `<link rel="icon" href="/favicon.ico">` plus the modern formats (`apple-touch-icon`, SVG icon). (https://realfavicongenerator.net/)
- [MEDIUM] Use HTML5 semantic elements. Page uses mostly generic `<div>`s with no semantic landmarks detected. Why: Screen-reader users can't reliably skip past navigation to your primary content. Search engines also use these to identify which part of the page is the actual content for snippet generation. Where: Replace outermost `<div>`s with `<nav>`, `<main>`, `<article>`, `<section>`, `<header>`, `<footer>` where the structure fits. (https://developer.mozilla.org/en-US/docs/Web/HTML/Element#content_sectioning)

Optional best-practice improvements (no score impact):
- [HIGH] Add a cookie-consent banner. Analytics detected on this site without a consent manager. Why: UK/EU GDPR requires opt-in before analytics scripts fire; about half of US state privacy laws now require honouring the Global Privacy Control browser signal as a universal opt-out. Where: Drop in Cookiebot, Usercentrics, Osano, or Iubenda Consent, or hand-roll a banner plus Google's `Consent Mode v2`. (https://iapp.org/resources/article/us-state-privacy-legislation-tracker)
- [HIGH] Compress your largest image. Largest image transfers 2.0 MB. Oversized hero/banner images are the most common cause of slow first paint on indie launches. Why: Large images delay the largest-contentful-paint and burn mobile data before the page is usable. Where: Export at the displayed size, convert to WebP/AVIF, and compress (Squoosh, `sharp`, or your framework's image component such as Next.js `<Image>`). (https://web.dev/articles/optimize-lcp)
- [MEDIUM] Configure DKIM with your email provider. No DKIM record found at the common selectors we check. Why: DKIM signs your outbound mail with a cryptographic key receivers can verify. Without it, receivers can't tell your real mail from a spoof. Where: Ask your email provider for their DKIM setup. It's usually one TXT record at `{selector}._domainkey.{your-domain}`. (https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/)
- [MEDIUM] Set width and height on your images. 36 images render without explicit width/height. Why: Without intrinsic dimensions the browser can't reserve space before the image loads, so content jumps as it arrives (cumulative layout shift). Where: Add `width` and `height` attributes (or an `aspect-ratio` CSS rule). Framework image components set these for you. (https://web.dev/articles/cls)
- [LOW] Trim your <title> tag to under 60 characters. Currently 83 characters: "China-Luoyang Dashu Agricultural Technology Co., Ltd. (Agricultural Product Export)" Why: Google truncates titles around 60 characters in search results, so anything past that gets cut off mid-sentence and costs click-through rate. Where: Aim for 50-60 characters that include your main keyword and brand. (https://developers.google.com/search/docs/appearance/title-link)
- [LOW] Trim your meta description to under 160 characters. Currently 3434 characters: "About Us | Luoyang Dashu Agricultural Science and Technology Co., Ltd.
Rooted in the Ancient Capital Luoyang, Nourishing Tables Around the Globe

Brand Story: From Luoyang to the World, Nourishing Every Meal
Luoyang Dashu Agricultural Science and Technology Co., Ltd. is firmly rooted in the profound cultural soil of Luoyang, an ancient capital of thirteen dynasties. Named "Dashu" (which means "big tree" in Chinese), we symbolize our pursuit of quality: taking root deeply, growing vigorously, and providing shelter far and wide, just like a big tree. We specialize in transforming China's high-quality native edible mushroom resources into consistently supplied, top-notch dried mushroom products for the global market through modern processing technologies and stringent quality standards. We are well aware that every shiitake mushroom and every slice of matsutake carries the essence of nature and the meticulous craftsmanship of growers. Therefore, we have established a full-chain quality control system, covering from source cultivation and scientific processing to international logistics, ensuring that these oriental delicacies can safely and freshly reach kitchens and dining tables worldwide.

Mission and Vision
Our Mission: To bring China's high-quality edible mushroom products to global customers in a sustainable manner and become a trusted agricultural food supplier.
Our Vision: To become a highly respected Chinese edible mushroom brand in the international market, making "Dashu" synonymous with quality, reliability, and sustainability.

Full-Chain Quality Control with Traceable Sources
We have forged close partnerships with high-quality bases in multiple core production areas across China. We strictly supervise the planting environment and cultivation processes to ensure the superior quality of raw materials. All our products are equipped with a traceability system, transparently presenting key links from the fields to the finished products.

Innovative Processing Techniques to Preserve Freshness and Flavor
We have introduced advanced processing equipment and adopted scientific low-temperature drying technologies. Processing is carried out in strictly controlled clean environments, aiming to maximize the retention of the original shapes, nutritional components, and unique flavors of edible mushrooms.

Main Product Matrix
Dried Shiitake Mushrooms: Thick caps and rich mushroom aroma.

Dried Boletus Mushrooms: Plump flesh with a fresh and unique flavor.

Dried Matsutake Mushrooms: Carefully selected high-quality raw materials and meticulously dried.

Dried Wood Ear Mushrooms: Large and thick with a clean and impurity-free appearance.

International Standard Certifications, Reaching Global Markets
We are well-versed in international trade regulations and are committed to ensuring that our products meet the quality and safety standards of international markets. With efficient international logistics solutions, we steadily export our products to multiple countries and regions.

Partner with Us
We firmly believe that exceptional quality stems from an unwavering attention to detail and a deep reverence for nature. Luoyang Dashu Agricultural Science and Technology Co., Ltd. sincerely invites global catering enterprises, food manufacturers, wholesalers, and retailers to inquire about cooperation. Let us join hands to spread the deliciousness and health of nature to a broader world." Why: Google truncates around 155-160 characters on desktop SERPs (less on mobile), so anything past that won't appear in the snippet. Where: Edit your `<meta name="description">` tag. Put the most click-worthy phrase first. (https://developers.google.com/search/docs/appearance/snippet)
- [LOW] Add /.well-known/security.txt. Why: Lets security researchers report vulnerabilities responsibly through a published contact channel. Where: Create `/.well-known/security.txt` with a `Contact:` email and `Expires:` date. (https://securitytxt.org/)
- [LOW] Add an llms.txt file. Why: Helps AI models understand your site's content and how to use it. Not yet a standard but gaining adoption. Where: Create `/llms.txt` at the site root with a brief overview and key URLs. (https://llmstxt.org/)
- [LOW] Declare a Content-Signal in robots.txt. Why: States how you'd like AI systems to use your content (training, search, agent input). Without it, AI crawlers fall back to whatever default policy each vendor applies. Where: Add a `Content-Signal:` line to your `robots.txt`. (https://contentsignals.org/)
- [LOW] Add Link response headers. Why: Lets agents discover your sitemap, privacy policy, and docs without parsing HTML, which most lightweight agents skip. Where: Set `Link:` response headers in your server config or framework middleware. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link)
- [LOW] Add MTA-STS. No MTA-STS DNS record published. Why: Prevents mail to your domain being downgraded to plaintext mid-flight by a network attacker. Most launches don't have this, so deploying it puts you a tier above generic email-security checks. Where: Publish a TXT record at `_mta-sts.{your-domain}` plus a policy file at `https://mta-sts.{your-domain}/.well-known/mta-sts.txt`. (https://datatracker.ietf.org/doc/html/rfc8461)
- [LOW] Add a TLS-RPT record. No TLS-RPT record at `_smtp._tls.{domain}`. Why: Receivers can tell you when STARTTLS handshakes to your mail server fail. Without it, silent TLS failures are invisible. Where: Publish one TXT record at `_smtp._tls.{your-domain}` like `v=TLSRPTv1; rua=mailto:tls-reports@yourdomain.com`. (https://datatracker.ietf.org/doc/html/rfc8460)
- [LOW] Serve right-sized images. 25 images are downloaded at more than twice the displayed size. Why: Shipping a 2000px image into a 400px slot wastes bandwidth and slows loading, especially on mobile. Where: Resize to the displayed dimensions, or use `srcset`/`sizes` (or a framework image component) to serve per-viewport variants. (https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#srcset)
- [LOW] Add alt text to your images. 18 images have no alt attribute. Why: Screen-reader users get no description, and search engines lose a signal about the image content. Where: Add a concise `alt="..."` to each image (an empty `alt=""` is correct only for purely decorative images). (https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#alt)

For each item, tell me exactly which file to create or which code to change, and where it lives in a project using the stack above. If my framework has a native API for the task (e.g. Next.js metadata exports, `app/sitemap.ts`, Astro layouts, Nuxt `useHead`), prefer that over raw HTML or server config.

Full analysis: https://stackscope.dev/launch/uu37ak2m/china

Using an autonomous agent?

Point the agent at this SKILL.md URL and ask it to follow the skill. The framing stops agents defaulting to an open-ended page review.

https://stackscope.dev/launch/uu37ak2m/skill.md

Share your score

Your score card renders automatically when you share the link.

Or embed a badge

Two badge options. Pick whichever fits your story.

Current score

Shows the latest score and updates within a few minutes of any recrawl. Best for ongoing display: if you fix something and recrawl, the badge reflects the new score automatically.

<a href="https://stackscope.dev/launch/uu37ak2m/china"><img src="https://stackscope.dev/badge/uu37ak2m/current.svg" alt="StackScope score for China" height="24" /></a>

Launch score

Pinned to your launch-day snapshot and never changes. Marked with a small gold corner ribbon. Best for press kits, launch retrospectives, or anywhere you want a permanent record of how you shipped.

<a href="https://stackscope.dev/launch/uu37ak2m/china"><img src="https://stackscope.dev/badge/uu37ak2m.svg" alt="StackScope launch score for China" height="24" /></a>

Using a Content-Security-Policy? Both badges are <img> tags from our domain, so your CSP needs to allow them. Add stackscope.dev to your img-src directive (example: img-src 'self' stackscope.dev;). Without it, browsers silently block the badge and visitors see a broken image.