Run an audit

Orilyt audits any website from its URL — WordPress, Shopify, Wix, Webflow, PrestaShop, custom sites. No plugin, no admin access. Read-only.

Two entry points

• Public page (homepage): enter a URL, a public (restricted) report is generated instantly. No account needed.
• Dashboard (logged in): enter a URL, a full report is generated and saved in your audit history.

Supported CMS

• Universal tests apply to all CMS and static sites (performance, security, SEO, UX, compliance).
• 9 additional tests are WordPress-specific (exposed version, plugins, XML-RPC, readme.html, etc.).

The tests

Tests are grouped into 5 categories:

• Performance — compression, cache, HTTP/2, images, lazy loading, TTFB, page weight
• Security — SSL, HSTS, security headers, Safe Browsing, IP reputation, cookies
• SEO — meta title, canonicals, Open Graph, structured data, sitemap, robots.txt
• UX — mobile friendly, navigation, readability, keyboard accessibility, favicon
• GDPR / Legal — legal pages, secure forms, cookie consent, third-party trackers

Dashboard

Your central workspace. Manage your sites, view audit history, enable monitoring and access your reports.

Site management

• Add a site by entering its URL. Orilyt creates the site record and runs the first audit automatically.
• Each site card shows the domain, latest score and trend (up, down or stable).
• Search and filter sites by name. Pagination handles large portfolios (20 sites per page).
• Deactivate a site to free up a slot on your plan. Deactivation also stops monitoring.

Audit history

• Click a site to see its full history with sortable columns (date, global score and per-section scores).
• Filter by date and adjust rows per page (15, 50 or 100). Click any row to open the report.
• Relaunch an audit at any time with the "Run audit" button. Progress is shown in real time (diagnostic complet).

Monitoring

Enable monitoring per site (paid plans). Orilyt checks SSL, uptime and score changes at regular intervals.

Read a report

Two report types, two audiences. The technical report is for you. The client report is for your client.

Public vs private reports

Public report (restricted)

Shows the test list and scores, but hides full drawer content and the long AI summary. The full HTML is not sent to the browser (prevents leaks via source/JSON).

Private report (owner)

Shows full drawer content (facts, recommended actions, verification steps) and the complete AI summary.

Available views

• Priority view — groups the most important items first, across all themes.
• Section view — Performance, Security, SEO, UX, Legal. Each section shows its tests and score.

History and trends

• Each report displays a trend line (sparkline) showing the global score evolution across audits. Inside drawers, each test has its own sparkline.
• A "+N points" or "−N points" badge shows the change compared to the previous audit.
• From the technical report, you can compare two audits side by side to see which tests improved, degraded, or stayed the same.

Technical environment

The report header displays the detected CMS (and its version), the hosting provider, and the server IP address.

Executive client report

A simplified report with no technical jargon, designed to be shared with decision-makers. Global score, letter grade (A-F), business-oriented AI summary, and top 5 issues.

Report mode

Choose how recommendations are displayed in your reports.

Agency / Developer

Technical recommendations with server configs, code snippets, and CLI commands. For teams comfortable with Nginx, Apache, and WordPress internals.

Freelance / No-code

Plugin recommendations with step-by-step instructions. No jargon, no code. Ideal for freelancers and site owners who manage WordPress through the admin panel.

Drawers (details)

Each test in the report has a drawer — a detail panel that opens when you click the test row. Same structure for all tests.

Drawer structure

1. Facts (observed) — what was measured or detected.
2. Interpretation — decision-ready summary.
3. Why this matters — practical impact on performance, security or ranking.
4. What to do (recommended) — the fix to apply, with priority, risk and estimated effort.
5. Verification — how to confirm the fix worked.

Drawer access

Full drawers are only visible to the report owner (logged in). In public or shared mode, only the score and status are shown.

Share a report / PDF export

Two ways to send a report to your client: a share link (read online) and PDF export (document to send).

Share link

• Only the report owner (logged in) can enable, refresh or disable a share link.
• Two links are generated: a client link (executive report) and a technical link (full report in restricted mode).
• Links can be revoked at any time.

PDF export

Client PDF

Executive AI summary, simplified test cards (score + key recommendation). Ideal for presenting to clients.

Technical PDF

Full drawer content (facts, actions, verification), plus technical appendix (PageSpeed, Safe Browsing, server info).

Send by email

From the report, click "Send by email". Choose the type (client or technical), enter the recipient, customize the subject and message. The report is sent with a direct access button. The sender name uses your white-label branding.

Prospection

A dedicated dashboard to prospect new clients. Prospect audits are free and do not consume your credits. Audit a site, send a restricted report, follow up, generate a quote and convert the prospect to a client — all from a single interface.

The prospection workflow

1. Add a prospect (site URL + contact details) from the Prospection dashboard.
2. The audit runs automatically (free, does not consume your credits).
3. Send a personalized email (AI, template or manual) with a link to the restricted report.
4. The prospect replies via the built-in contact form. You get notified by email.
5. Generate a quote, edit it line by line, send it by email.
6. Convert the prospect to a client: the site joins your portfolio for a full audit.

Pipeline tracking

Each prospect goes through 6 stages: New → Audited → Contacted → Follow-up → Converted → Lost. Filter by status, schedule follow-ups (3d, 7d, 14d) and track activity in the timeline.

Restricted prospect report

The prospect receives a report limited to the 5 most critical issues, with business-friendly labels (no technical jargon). No PDF, no sharing, no printing — the report is designed solely to trigger a conversation. The full report is only accessible after conversion.

AI drafting

AI writes business-oriented emails: impact on sales, Google visibility, data security — no technical jargon. The message is specific to the prospect's site.

Three tones: Professional (results-oriented), Direct (concrete risks) and Consultative (dialogue). Text is editable before sending.

Mini CRM

Each prospect's card centralizes: emails sent (with content), prospect replies, free-form notes, logged calls, status changes and follow-ups. Each item is clickable to view details.

Quotes and conversion

The "Generate quote" button converts the prospect to a client (the site joins the portfolio) and opens the quote editor. Edit lines, prices, add free text, then send by email. The quote is editable and resendable for each negotiation round.

CSV Import

The CSV button lets you import a list of prospects in bulk. Duplicates (same email or URL) are automatically skipped.

Expected format: a CSV or TXT file with comma, semicolon or tab separator. If the first row contains headers (url, email, name, company, phone, position), columns are mapped automatically. Without headers, the system detects columns by content (@ for email, http or .com/.fr for URL).

Only URL and email are required. A preview of the first 3 prospects is shown before confirmation.

Actions in the list

Each prospect row has action buttons on the right:

• ▶ (blue) — Run audit. Appears when the prospect hasn't been audited yet (e.g. CSV import). The audit takes 30 to 60 seconds.
• ✓ (green) — Convert to client. The site joins your portfolio and you can generate a quote. Requires an available site slot in your plan.
• ▸ — Advance the status to the next pipeline stage.
• 👁 (blue, next to the date) — Indicates the prospect opened the report. The number shows distinct visits.

Statistics

Four indicators at the top of the dashboard: total prospects, reports viewed by prospects, conversions and conversion rate.

Automatic follow-up

After sending an email, you can schedule an automatic follow-up (3, 5, 7 or 14 days). If the prospect hasn't replied within the chosen delay, a follow-up email is sent automatically. The follow-up is tracked in the timeline.

Quotas by plan

• Free: 1 audit + 1 email (one-time)
• Solo: 30 audits + 30 emails / month
• Pro: 100 audits + 100 emails / month
• Agency: 300 audits + 300 emails / month
• Business: 600 audits + 600 emails / month

Auto quote

From any report, generate a pre-filled quote in one click. Each failing test becomes a service line item — client-friendly label, estimated effort, editable price. From URL to quote in under 4 minutes. Available from the Solo plan.

How it works

1. Run an audit from the dashboard.
2. Open the report, click "Generate quote".
3. Failing tests are converted into service line items with a client-friendly label (no technical jargon).
4. Adjust prices, remove lines, add manual items.
5. Send the quote by email (PDF attached) or share the link.

Decision-maker wording

Each failing test is translated into a service understandable by a non-technical decision-maker:

• "HTTPS compliance setup" instead of "SSL certificate is expired"
• "Load time optimization" instead of "TTFB above 800 ms"
• "Cookie consent implementation" instead of "No cookie banner detected"

Quote legal information

• Your business details (company name, registration number, address) are pulled from your white-label settings.
• Auto-incremented quote number.
• Configurable payment terms and validity period.

Configurable settings

• Custom hourly rate (default €80/h). Each line price = estimated resolution time × your rate.
• Per-test resolution time adjustable in Account > Quote pricing.
• Multipage support: site-wide tests appear once, per-page tests show affected page count.
• Email sending with PDF attachment, customizable subject and message.

Automatic monthly report

Generated from monitoring data, sent automatically on the 1st of each month to your clients. Your clients see what you do — without you writing anything. Available on Pro, Agency and Business plans.

Monthly report content

• Global score and per-section score evolution over the past month.
• List of improved, degraded and stable tests.
• Per-section scores (performance, security, SEO, UX, compliance).
• List of alerts triggered during the month (score drops, SSL, site down).

Configuration

• Enable the monthly report per site from the dashboard.
• Enter the recipient email address (your client).
• The report is sent as HTML by email, with your white-label branding if enabled.

Conditional quote CTA

If tests have degraded during the month, the monthly report automatically includes a call to action offering a remediation quote.

Account & white-label

Manage your profile, subscription and branding from the Account page.

Profile

View and change your email address. A verification email is sent to the new address before activation. Your verification status is displayed.

Subscription & billing

View your current plan, status and included features. Manage your subscription (upgrade, downgrade, cancel) via the Stripe billing portal.

White-label

• Enable white-label to replace Orilyt branding with your own on reports, PDFs and quotes.
• Customize: company name, contact details, primary and secondary colors.
• Upload your logo and favicon (PNG, JPG or SVG, max 500 KB). Drag-and-drop supported.
• Add custom footer text for PDFs and quotes.
• Enter your legal information (registration number, address, terms) for compliant quotes.

Data export (GDPR)

You can download all your personal data as a JSON file from the Account page, under "Data export". This feature fulfills the right of access under GDPR (Article 15).

The exported file contains: profile, audit history (last 500), registered sites, credit wallets, transaction ledger, subscriptions, API keys (masked), white-label configuration, referrals and login history.

Multi-user

Planned for the Agency plan. This feature will allow you to invite collaborators with differentiated roles (admin, auditor, read-only). It is not yet available.

Delete account

Deletion is permanent. You must enter your password and confirm. If you have an active subscription, cancel it first via the billing portal.

Monitoring

Orilyt monitors your sites continuously and alerts you automatically when a problem is detected — without you having to relaunch an audit manually.

Activation

Enable monitoring per site from the dashboard. Each monitored site occupies a monitoring slot in your plan.

What is checked

• SSL certificate validity and expiration.
• Site availability (uptime).
• Global score and per-section score evolution.
• Detection of critical changes (security headers, HTTPS redirects, etc.).

Frequency by plan

Alerts

Alerts are sent by email when a problem is detected: expiring SSL certificate, site down, significant score drop. They also appear in the dashboard.

Limits & plans

Quotas, features per plan, and technical audit limits.

Plan comparison

Technical limits

• Audits are based on what is reachable over HTTP at scan time (timeouts, WAF, blocks can affect results).
• Some tests are not measurable on a given sample (example: no images means lazy-loading cannot be evaluated).
• Scores are indicators. Use them to prioritize, then verify with the verification steps in drawers.
• Timeout per test: 15 seconds. Global audit timeout: 5 minutes.

REST API

Run audits and retrieve results programmatically. Useful for integrating Orilyt into a CRM, internal dashboard or CI/CD pipeline. Available on Pro, Agency and Business plans.

Authentication

Every API request must include your API key. You can find and manage your keys on the Account > API page.

Authorization header (recommended)

CopyAuthorization: Bearer YOUR_API_KEY

X-API-Key header

CopyX-API-Key: YOUR_API_KEY

Query parameter (less secure)

CopyGET /api_v1.php?url=example.com&key=YOUR_API_KEY

Run an audit

Launch a new audit on a given URL. Counts as 1 API call against your monthly quota.

Copycurl -H "Authorization: Bearer YOUR_API_KEY" \
     "https://orilyt.com/api_v1.php?url=example.com"

On success, the response contains the full results under the data key, plus metadata.

{
  "status": "ok",
  "data": { ... },
  "audit_id": 142,
  "site_id": 38,
  "user_id": 12
}

Retrieve an existing audit

Fetch the full JSON result of a previously run audit. Read-only, does not count against your API quota.

Copycurl -H "Authorization: Bearer YOUR_API_KEY" \
     "https://orilyt.com/api_v1.php?audit_id=142"

Error codes

All errors return a JSON object with status, code, and error fields.

Quotas by plan

Each plan includes a monthly API call quota. Web audits (dashboard) are unlimited on paid plans.

Education offer (Pack B)

Free access to Orilyt for instructors and teachers. Equivalent to the Pro plan (40 sites, daily monitoring) without white-label or API. Reports are marked "educational use only".

Who is it for

• Web development instructors (universities, colleges, engineering schools).
• Bootcamp and vocational training instructors.
• Professors teaching WordPress, SEO, web security or accessibility.

What is included

• 40 auditable sites for 12 months (renewable).
• Daily monitoring, automatic monthly reports.
• Technical reports, client reports, full drawers, PDF export, history and comparison.
• No credit card required. No Stripe subscription.

How to get access

1. Create a free account on orilyt.com.
2. Email [email protected] with your account email, institution name and teaching context.
3. Your access is activated within 48 hours.

Teaching use cases

• Web security courses: analyze HTTP headers, WordPress vulnerabilities, SSL certificates.
• SEO courses: study meta tags, canonicals, structured data, sitemaps.
• Web performance courses: measure Core Web Vitals, page weight, compression.
• Lab work: each student audits a real website and analyzes the report.
• Group project: audit a portfolio of sites and compare the results.

Glossary

Definitions of terms used in Orilyt and in this documentation.

Terms

Audit

Automated analysis of a website covering performance, security, SEO, UX and compliance. Run from a URL, no admin access required.

Drawer

Detail panel associated with each test. Contains observed facts, interpretation, recommendation and verification steps.

Executive client report

Simplified version of the report, without technical jargon, intended for decision-makers. Includes global score, letter grade and business-oriented AI summary.

Public report (restricted)

Report accessible without authentication, showing scores but hiding full drawer content.

Auto quote

Commercial document generated from an audit report. Each failing test is converted into a service line item.

Automatic monthly report

Report sent automatically on the 1st of the month, summarizing the site evolution over the past period.

White-label

Feature allowing you to replace Orilyt branding with your own on all materials (reports, PDFs, quotes, emails).

Monitoring

Continuous site monitoring: SSL, uptime, score. Automatic alert when a problem is detected.

Score

Rating out of 100 calculated from weighted results of each test. Available as global score and per-section scores.

Read-only scan

The audit does not modify the target site, does not set any cookies, and requires no installation or admin access.