QualityCTRL - AI Website QA Scanner

Run AI QA on any page or full site - SEO, accessibility, brand, links. Your own Claude, ChatGPT, Gemini, or Grok key. No servers.

QualityCTRL runs AI-powered QA checks on any webpage - or an entire site at once - using your own API key for Claude, ChatGPT, Gemini, or Grok. No backend. No monthly subscription. No data ever leaves your browser except straight to whichever AI provider you already pay for. Built for web agencies, freelancers, and in-house marketing teams who need a fast, structured way to catch launch-blocking issues before a client does. ────────────────────────────────────────── SIX CHECKS, ONE SIDE PANEL ────────────────────────────────────────── Run checks individually or all at once from the Chrome side panel, on the page you're looking at right now. 🔍 SEO & METADATA Reviews the title tag, meta description, canonical URL, lang attribute, heading hierarchy (H1 → H2 → H3 order), and image alt text. Flags literal placeholder text left in titles or headings - things like "[Insert Name]", "Lorem ipsum", "TBD", or "Page Title". Also includes a deterministic Core Web Vitals snapshot read directly from the browser's Performance API: • First Contentful Paint (FCP) - good under 1.8s, poor over 3s • Largest Contentful Paint (LCP) - good under 2.5s, poor over 4s • Cumulative Layout Shift (CLS) - good under 0.1, poor over 0.25 No extra AI call. No tokens consumed. The numbers come from the same API Chrome DevTools uses. ✍️ BRAND & COPY REVIEW Checks brand-name consistency across the logo, headings, and footer. Flags inconsistent CTA wording ("Get started" on one page, "Start free trial" on another), duplicate or near-duplicate content blocks, visible typos, and placeholder copy that made it into production. If you've listed required CTAs in the Site Context field, the AI verifies they're actually on the page. 🛡️ TRUST & COMPLIANCE Cross-checks contact info - phone numbers, email addresses, business hours - for consistency within the page and against your Site Context notes. Flags trust elements that don't hold up under scrutiny: social icons that go nowhere, cookie/consent banners with no backing policy page, contact forms with no clear confirmation, and "as seen in" logos that are just decorative images. ♿ ACCESSIBILITY PASS DOM-level accessibility scan: missing alt text, skipped heading levels, form inputs without labels, missing lang attribute on the html element. Also includes a deterministic WCAG AA color contrast check using getComputedStyle(), sampling up to 40 unique foreground/background color pairs on the page: • Normal text - requires 4.5:1 contrast ratio • Large text (24px+ or bold 18.66px+) - requires 3:1 contrast ratio The check walks the DOM upward to find the effective background color behind transparent elements, so it doesn't produce false failures on elements that inherit their background from a parent. No extra AI call. No tokens consumed. 🔗 LINKS & CONTACT CHECK (free - no AI, no tokens) HEAD-requests every link on the page and flags broken ones. Validates all tel: and mailto: href values for malformed formatting (missing country code, wrong separator, extra spaces). Flags inconsistent phone numbers when multiple links on the same page point to different numbers. 🐛 RUNTIME ERROR CAPTURE (free - no AI, no tokens) Injects a lightweight listener into the page's JavaScript context, waits 2 seconds for async callbacks and deferred promise chains to settle, then reports any uncaught errors or unhandled promise rejections. This catches the errors that slip through normal testing: a third-party analytics script that throws on certain browsers, a deferred widget that rejects its initialization promise, lazy-loaded components that error after the initial paint. No page reload required - it captures errors in-flight on the page as it is right now. ────────────────────────────────────────── AUTOMATED SCAN - ENTIRE SITES AT ONCE ────────────────────────────────────────── Run any combination of the six checks across multiple pages in one operation. Source the page list from a sitemap.xml URL or paste URLs directly. How it works: • Paste a sitemap URL - QualityCTRL fetches it, follows sitemap index files, and builds the URL list automatically. Or paste your own list of URLs, one per line. • Review the list - every URL is individually selectable via checkbox. Capped at 50 pages per run; larger sitemaps are truncated with a clear warning rather than silently running on a subset. • Choose which checks to run on each page. All six are on by default; deselect any you don't need. • See the cost estimate before you commit - it shows exactly how many AI calls this will make (pages × AI checks selected), so you're never surprised by a bill. • Run. A progress bar shows which page and check is currently in flight. A Cancel button stops the scan after the current check finishes - results already collected are kept. Pages load in a single hidden background window - not your active tab, not a new tab per page. The same scraper and the same checks run on each URL in turn, so you get full DOM-scraped fidelity rather than a static HTML fetch that would miss anything JavaScript-rendered. The window is cleaned up automatically when the scan finishes or is cancelled. Results group by page (collapsible) with a site-wide summary showing total issue counts, total tokens used across all pages, and a flat list of every launch blocker found anywhere in the scan. ────────────────────────────────────────── CROSS-PAGE CONSISTENCY (no extra AI calls) ────────────────────────────────────────── At the end of every automated scan, QualityCTRL checks consistency across all scanned pages using data the scraper already collected - no additional API calls: • Phone numbers - flags any page with a phone number that differs from the rest of the site, and pages that have no phone number when other pages do • Brand/logo name - flags variation in the logo alt text or logo link text across pages This catches the kind of inconsistency that only becomes visible when you look at a site as a whole: a phone number that was updated on the contact page but not the header, a brand name that got abbreviated on a few pages during a rebrand. ────────────────────────────────────────── SITE CONTEXT - THE AGENCY DIFFERENTIATOR ────────────────────────────────────────── Open Settings and paste anything you know to be true about the site: brand name, address, phone number, business hours, required CTAs, specific policy details, anything from a client brief or onboarding form. Every AI check treats this as ground truth and flags any page content that contradicts it. This catches things like: • "The page says Saturday–Sunday only, but the client confirmed they're open 7 days a week" • "The hero CTA says 'Request a quote' but the required CTA in the brief was 'Book a free consultation'" • "The phone number on this page doesn't match the number the client confirmed" That last category - page content contradicting a confirmed source of truth - is the single most valuable thing in a real pre-launch QA review, and not something a generic SEO or accessibility tool can find on its own. Site Context is optional. All checks work without it; they just check internal page consistency rather than cross-referencing known facts. ────────────────────────────────────────── BRING YOUR OWN AI KEY ────────────────────────────────────────── Pick whichever provider you already have a key for: • Claude (Anthropic) - default model: claude-sonnet-4-6 • ChatGPT (OpenAI) - default model: gpt-4o • Gemini (Google) - default model: gemini-1.5-pro • Grok (xAI) - default model: grok-2-latest Each provider's key and model are stored separately in your browser. Switching the provider dropdown doesn't overwrite keys you've entered for other providers - you can keep keys for all four saved at once and switch per check if you want to compare results across models. There is no markup on API usage, no proxy, and no token tracking by this extension. Calls go directly from your browser to that provider's API endpoint. Token counts shown per check and in the Summary panel come straight from the provider's own usage response field. ────────────────────────────────────────── PDF EXPORT ────────────────────────────────────────── Export a single-page check or a full automated site scan as a formatted PDF report - ready to share with a client or hand off to a dev team. • Single-page export: all check results in a structured table, organized by check type and severity • Site report export: one section per page, plus the cross-page consistency findings at the top Opens in a new browser tab and triggers the print dialog automatically. Print to PDF from any OS without installing anything extra. No dependency on any PDF library - zero code downloaded from outside the extension. ────────────────────────────────────────── PRIVACY & DATA ────────────────────────────────────────── • API keys are stored in chrome.storage.local - local to this browser profile only, never transmitted to any server • Page content is scraped client-side and sent directly to the API endpoint of whichever provider you selected - not routed through any QualityCTRL or third-party server • Two of the six checks (Links & Contact, Runtime Errors) make no API call at all - no data leaves the browser • Nothing is logged, aggregated, or retained outside your browser The extension has no backend. There is no QualityCTRL server for data to be sent to even if something went wrong. ────────────────────────────────────────── WHO IT'S FOR ────────────────────────────────────────── • Web agencies doing pre-launch QA before handing a site to a client • Freelance developers who want a structured checklist rather than a mental one • Marketing teams reviewing landing pages before campaigns go live • Anyone who already pays for an AI API and wants to get more out of it without subscribing to another SaaS tool or granting a third-party service access to client content ────────────────────────────────────────── PERMISSIONS ────────────────────────────────────────── • storage - saves API keys and settings locally in your browser • scripting - injects the page scraper and runtime error listener into the tab being checked • sidePanel - opens QualityCTRL in Chrome's native side panel • Access to all URLs - required to scrape the page you're checking and to HEAD-request links found on that page. The extension only acts on a tab when you explicitly open the panel and run a check. ────────────────────────────────────────── COST ────────────────────────────────────────── Two of the six checks are free - Links & Contact and Runtime Errors make no AI call and use no tokens. The other four (SEO, Brand, Trust, Accessibility) each make one API call to your selected provider. A typical page check costs roughly 2,000–8,000 tokens depending on page size and how much Site Context you've added. Running all four AI checks on 20 pages in an automated scan = 80 API calls. The estimate panel shows this count before you run, so you can scope it down before committing. There is no subscription, no trial period, and no freemium gate. The only cost is your own API usage. ────────────────────────────────────────── KNOWN LIMITATIONS ────────────────────────────────────────── • No visual checks - can't detect stock photo watermarks, broken images that load silently (returning a 0-byte file instead of a 404), or layout issues that only show up at certain viewport sizes • Runtime error capture covers post-load async errors only. Errors that fired synchronously during initial script execution are gone before the listener attaches. • Core Web Vitals in automated scan may differ from real-user measurements - the hidden scan window is always minimized, which affects visibility-gated paint events. Treat them as directional signals; use Lighthouse or CrUX for authoritative numbers. • Link checks use HEAD requests - some servers block HEAD and will appear as broken even when a GET would succeed. Worth noting if you see unexpected failures on links you know are live. • Automated scans are sequential, not parallel - one page/check at a time, to avoid hitting provider rate limits. A 20-page site with all six checks selected is 120 operations; budget a few minutes, not seconds.