Owner tools

For the owner of Uruky (uruky.com).

Ownership

This launch is unclaimed.

Claim this launch to get an owner link, re-scan after fixes, track your score improvements, or remove your site from StackScope entirely.

Claim this launch

Optional improvements

These don't change your StackScope score but cover SEO, agent-readiness, security-researcher discoverability, and compliance items worth addressing.

Security

LOWAdd /.well-known/security.txt
WhyLets security researchers report vulnerabilities responsibly through a published contact channel.
WhereCreate /.well-known/security.txt with a Contact: email and Expires: date.
Learn more

Email security

MEDIUMMove DMARC from p=none to quarantine or reject
DMARC policy is p=none (monitoring only).
Whyp=none lets receivers log failures but still deliver spoofed mail. Real protection only kicks in at quarantine or reject.
WhereAfter reviewing a few weeks of rua= reports and confirming your real senders pass, change to p=quarantine (sends spoofs to spam) and then p=reject (blocks them outright).
Learn more
LOWAdd a TLS-RPT record
No TLS-RPT record at _smtp._tls.{domain}.
WhyReceivers can tell you when STARTTLS handshakes to your mail server fail. Without it, silent TLS failures are invisible.
WherePublish one TXT record at _smtp._tls.{your-domain} like v=TLSRPTv1; rua=mailto:[email protected].
Learn more

Performance

MEDIUMSet width and height on your images
2 images render without explicit width/height.
WhyWithout intrinsic dimensions the browser can't reserve space before the image loads, so content jumps as it arrives (cumulative layout shift).
WhereAdd width and height attributes (or an aspect-ratio CSS rule). Framework image components set these for you.
Learn more
LOWServe right-sized images
1 image is downloaded at more than twice the displayed size.
WhyShipping a 2000px image into a 400px slot wastes bandwidth and slows loading, especially on mobile.
WhereResize to the displayed dimensions, or use srcset/sizes (or a framework image component) to serve per-viewport variants.
Learn more

Agent / AI

LOWAdd an llms.txt file
WhyHelps AI models understand your site's content and how to use it. Not yet a standard but gaining adoption.
WhereCreate /llms.txt at the site root with a brief overview and key URLs.
Learn more
LOWDeclare a Content-Signal in robots.txt
WhyStates how you'd like AI systems to use your content (training, search, agent input). Without it, AI crawlers fall back to whatever default policy each vendor applies.
WhereAdd a Content-Signal: line to your robots.txt.
Learn more
LOWAdd Link response headers
WhyLets agents discover your sitemap, privacy policy, and docs without parsing HTML, which most lightweight agents skip.
WhereSet Link: response headers in your server config or framework middleware.
Learn more

If a tip looks wrong (for example it says "add a consent banner" and you already have one) the detection's the bug, not you. StackScope sees what's public from the outside: HTTP response, rendered HTML, cookies, and DNS. We can miss vendors that load behind consent, are self-hosted, or use an install shape we haven't fingerprinted yet. Email [email protected] and we'll look into it.

Copy into Cursor, Claude, or ChatGPT

This prompt includes the detected stack and only the fixes StackScope found. It asks the AI to make concrete file-level changes, not a vague website review.

Score-affecting basics only. Ask your AI to handle these first; come back for the optional hardening once they're done.

Everything: score-affecting fixes plus optional email security, agent metadata, and best-practice items. Longer prompt, more for an "all in one" agent run.

I own https://uruky.com/?il=en. StackScope (https://stackscope.dev) analysed it on 4 June 2026 and scored it 10.0/10 against their production-readiness checklist. Nothing score-affecting is currently outstanding, so use this prompt as a posture check rather than a fix list.

Tech stack StackScope detected on the site:
caddy, google-site-verification, hsts, http3, ovh-dns, sendgrid, tailwindcss, tiktok, tuta-mail

Spot-check the stack above against current best practices: anything that looks deprecated, mis-configured, or like drift since the last deploy. If everything looks healthy, say so. Don't invent issues to fill the response.

Full analysis: https://stackscope.dev/launch/xfkyimr5/uruky-1

I own https://uruky.com/?il=en. StackScope (https://stackscope.dev) analysed it on 4 June 2026 and scored it 10.0/10 against their production-readiness checklist. Please help me apply the fixes below. This is a checklist, not a blocker list; Score-affecting fixes are the ones that move the number, Optional items are nice-to-haves with zero score impact that I can skip for an MVP.

Tech stack StackScope detected on the site (use this when suggesting where each fix lives in the codebase):
caddy, google-site-verification, hsts, http3, ovh-dns, sendgrid, tailwindcss, tiktok, tuta-mail

Optional best-practice improvements (no score impact):
- [MEDIUM] Move DMARC from p=none to quarantine or reject. DMARC policy is `p=none` (monitoring only). Why: p=none lets receivers log failures but still deliver spoofed mail. Real protection only kicks in at quarantine or reject. Where: After reviewing a few weeks of `rua=` reports and confirming your real senders pass, change to `p=quarantine` (sends spoofs to spam) and then `p=reject` (blocks them outright). (https://dmarc.org/overview/)
- [MEDIUM] Set width and height on your images. 2 images render without explicit width/height. Why: Without intrinsic dimensions the browser can't reserve space before the image loads, so content jumps as it arrives (cumulative layout shift). Where: Add `width` and `height` attributes (or an `aspect-ratio` CSS rule). Framework image components set these for you. (https://web.dev/articles/cls)
- [LOW] Add /.well-known/security.txt. Why: Lets security researchers report vulnerabilities responsibly through a published contact channel. Where: Create `/.well-known/security.txt` with a `Contact:` email and `Expires:` date. (https://securitytxt.org/)
- [LOW] Add an llms.txt file. Why: Helps AI models understand your site's content and how to use it. Not yet a standard but gaining adoption. Where: Create `/llms.txt` at the site root with a brief overview and key URLs. (https://llmstxt.org/)
- [LOW] Declare a Content-Signal in robots.txt. Why: States how you'd like AI systems to use your content (training, search, agent input). Without it, AI crawlers fall back to whatever default policy each vendor applies. Where: Add a `Content-Signal:` line to your `robots.txt`. (https://contentsignals.org/)
- [LOW] Add Link response headers. Why: Lets agents discover your sitemap, privacy policy, and docs without parsing HTML, which most lightweight agents skip. Where: Set `Link:` response headers in your server config or framework middleware. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link)
- [LOW] Add a TLS-RPT record. No TLS-RPT record at `_smtp._tls.{domain}`. Why: Receivers can tell you when STARTTLS handshakes to your mail server fail. Without it, silent TLS failures are invisible. Where: Publish one TXT record at `_smtp._tls.{your-domain}` like `v=TLSRPTv1; rua=mailto:tls-reports@yourdomain.com`. (https://datatracker.ietf.org/doc/html/rfc8460)
- [LOW] Serve right-sized images. 1 image is downloaded at more than twice the displayed size. Why: Shipping a 2000px image into a 400px slot wastes bandwidth and slows loading, especially on mobile. Where: Resize to the displayed dimensions, or use `srcset`/`sizes` (or a framework image component) to serve per-viewport variants. (https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#srcset)

For each item, tell me exactly which file to create or which code to change, and where it lives in a project using the stack above. If my framework has a native API for the task (e.g. Next.js metadata exports, `app/sitemap.ts`, Astro layouts, Nuxt `useHead`), prefer that over raw HTML or server config.

Full analysis: https://stackscope.dev/launch/xfkyimr5/uruky-1

Using an autonomous agent?

Point the agent at this SKILL.md URL and ask it to follow the skill. The framing stops agents defaulting to an open-ended page review.

https://stackscope.dev/launch/xfkyimr5/skill.md

Share your score

Your score card renders automatically when you share the link.

Or embed a badge

Two badge options. Pick whichever fits your story.

Current score

Shows the latest score and updates within a few minutes of any recrawl. Best for ongoing display: if you fix something and recrawl, the badge reflects the new score automatically.

<a href="https://stackscope.dev/launch/xfkyimr5/uruky-1"><img src="https://stackscope.dev/badge/xfkyimr5/current.svg" alt="StackScope score for Uruky" height="24" /></a>

Launch score

Pinned to your launch-day snapshot and never changes. Marked with a small gold corner ribbon. Best for press kits, launch retrospectives, or anywhere you want a permanent record of how you shipped.

<a href="https://stackscope.dev/launch/xfkyimr5/uruky-1"><img src="https://stackscope.dev/badge/xfkyimr5.svg" alt="StackScope launch score for Uruky" height="24" /></a>

Using a Content-Security-Policy? Both badges are <img> tags from our domain, so your CSP needs to allow them. Add stackscope.dev to your img-src directive (example: img-src 'self' stackscope.dev;). Without it, browsers silently block the badge and visitors see a broken image.