Your site does the fundamentals genuinely well: it's easy for search engines to find, accessible to a wide range of visitors, and built on a clean, maintainable foundation. The two things holding it back are speed on mobile devices and a security certificate that needs immediate attention. On phones, the main content takes nearly twelve seconds to appear, which is a real barrier for prospective students and visitors browsing on the go — desktop, by contrast, loads quickly. There's a clear path to closing that gap without a rebuild.
If it lapses, browsers will warn visitors your site is unsafe and many will leave — a preventable hit to trust and traffic.
Cutting the near-twelve-second mobile load time keeps prospective students and families engaged instead of bouncing before the page even appears.
These strengthen protection against common attacks and data leaks — important for an institution handling personal information and expected to model good security.
The speed and stability metrics Google uses to rank pages — measured on both mobile and desktop.
Real-user field data (last 28 days): LCP 1.1s · INP 70ms · CLS 0.000
Estimated savings of about 1.5s of load time.
Estimated savings of about 0.5s of load time.
Estimated savings of about 0.1s of load time.
Consider adding: Content Security Policy (blocks injection); Referrer-Policy (privacy); Permissions-Policy (feature control).
The certificate expires in 15 days. Confirm auto-renewal is working.
You scored 79/100 on the GlossyDev index — a weighted blend of real performance, accessibility, SEO, security posture, and stack maintainability. The findings are ordered so the highest-impact fixes come first. Most are addressable quickly, and several compound — faster load times lift conversions and search rankings at once.
This analysis uses a deliberately lightweight, non-intrusive scan — it reads only what your site publicly serves to any visitor or search engine and avoids aggressive probing that could trip security tools, rate limits, or bot protection. On sites behind heavy caching, a CDN, or firewall/bot protection, some technical details (particularly platform and server detection) may be incomplete or approximate.