EHS Website Audit

Scorecard Summary

Category	Score	Grade	Key Findings
Security	15	F	Spam content injected (casino ads in 4 languages). PHP 7.3 EOL since 2021. Zero security headers.
Infrastructure	25	F	OpenSSL 1.0.2k (EOL 2019). Unknown WP theme. Let's Encrypt cert expiring Jun 4.
Performance	35	D	TTFB 1.38s (benchmark: <0.8s). No browser caching. 10+ third-party tracking scripts.
SEO — On-Page	40	D	H1 = marketing slogan (no keywords). Titles keyword-stuffed. Missing schema types.
Conversion	40	D	No product landing pages. No case studies. No scheduling tool. No gated content.
SEO — Technical	45	D+	Sitemap OK but includes attachments. 96 pages, many orphaned from 2015-2017.
Design & UX	50	C-	Functional but dated. 11 top-level nav items (standard: 5-7). Outdated theme.
Trust & Credibility	55	C	Strong testimonials (AstraZeneca, Lilly). But comScore #1 claim cites 2016 data.
SEO — Content	60	C	Active blog (158 pages, posts since 2006). But AI-pattern concerns, single author.

Visual Evidence — Homepage Audit

Desktop — 1440px

H1: "Being in one place is not enough" — no keywords

11 nav items (too many)

Mobile — 390px

Left: Desktop homepage — H1 is a marketing slogan with zero SEO keywords. Navigation has 11 top-level items (best practice: 5-7). Right: Mobile view — responsive but text hierarchy unclear.

Terminal — HTTP Response Headers

$ curl -sI https://ehealthcaresolutions.com/ HTTP/1.1 200 OK Server: Apache/2.4.61 (Amazon) OpenSSL/1.0.2k-fips PHP/7.3.30 X-Powered-By: PHP/7.3.30 ← EOL since Dec 2021, exposes server info Cache-Control: no-store, no-cache ← zero browser caching Expires: Thu, 19 Nov 1981 ← PHP default, never updated ——— Missing Security Headers ——— Strict-Transport-Security: MISSING X-Frame-Options: MISSING X-Content-Type-Options: MISSING Content-Security-Policy: MISSING X-XSS-Protection: MISSING Referrer-Policy: MISSING Permissions-Policy: MISSING $ curl -so /dev/null -w "TTFB: %{time_starttransfer}s\nTotal: %{time_total}s\nSize: %{size_download} bytes" https://ehealthcaresolutions.com/ TTFB: 1.381s ← should be <0.8s (72% over budget) Total: 1.965s ← should be <1.5s Size: 85,583 bytes $ openssl s_client -connect ehealthcaresolutions.com:443 | openssl x509 -noout -dates notBefore= Mar 6 2026 notAfter= Jun 4 2026 ← Let's Encrypt, auto-renews (OK) issuer= Let's Encrypt R13

Raw HTTP headers captured March 28, 2026. PHP 7.3 and OpenSSL 1.0.2k are both years past end-of-life. All 7 modern security headers are missing.

Performance — All Pages Tested (March 28, 2026)

Page	TTFB	Total Load	Page Size	Status
/	1.338s	1.819s	85.6 KB	Over budget
/advertisers/	1.340s	1.812s	71.9 KB	Over budget
/for-publishers/	1.690s	2.170s	76.4 KB	Worst page
/blog/	1.374s	1.853s	96.7 KB	Over budget
/management/	1.308s	1.785s	62.0 KB	Over budget
/contact-us/	1.325s	1.802s	65.8 KB	Over budget
/native/	1.297s	1.768s	56.2 KB	Over budget
/careers/	1.506s	1.986s	63.1 KB	Over budget
Average (8 pages)	1.397s	1.874s	—	⚠ All fail

Benchmark: TTFB <0.8s (Google Core Web Vitals). Every single page tested exceeds this by 60%–111%. Root cause: no browser caching, PHP 7.3, likely no server-side object cache (Redis/Memcached).

Core Web Vitals — PageSpeed Insights

Metric	Value	Rating	Benchmark
LCP (Largest Contentful Paint)	N/A	Poor	<2.5s
FID (First Input Delay)	N/A	Needs Improvement	<100ms
INP (Interaction to Next Paint)	N/A	Needs Improvement	<200ms
CLS (Cumulative Layout Shift)	N/A	Needs Improvement	<0.1

Google PageSpeed Insights data. CWV metrics are critical ranking factors since 2021. "N/A" values indicate insufficient real-user data in Chrome UX Report — typically means low traffic volume or recent domain changes.

Critical Findings (Immediate Action Required)

CRITICAL 1. Spam Content Injection — Site Likely Compromised

Evidence: Homepage contains injected casino/gambling content in English, French, Chinese, and Czech — completely unrelated to healthcare advertising.
Impact: Google may flag site as hacked. Pharma clients running compliance checks will see spam. Destroys brand trust for a company selling "premium" ad placements.
Cause: Likely plugin vulnerability or database injection. Wordfence security plugin is installed but not catching this.
Action: Immediate malware scan, database audit, plugin review. Remove injected content. Investigate entry point.

Evidence: Google Has Indexed the Casino Spam

Searching site:ehealthcaresolutions.com casino on Google reveals casino content indexed on multiple EHS pages:

Google

site:ehealthcaresolutions.com casino

ehealthcaresolutions.com › category › blog › tools

Tools & Technologies Archives - eHealthcare Solutions

USDT online casinos revolutionize the crypto gambling experience, offering stablecoin advantages by eliminating Bitcoin price fluctuations. Tether adoption surges, with 340% becoming the dominant crypto…

ehealthcaresolutions.com › careers

Careers - eHealthcare Solutions Digital Advertising Network

Bienvenue sur nv casino, le temple du jeu où la générosité est une règle d'or quotidienne. Profitez de nos bonus exclusifs pour prolonger votre temps de jeu…

⚠ Verify yourself: Search site:ehealthcaresolutions.com casino on Google — casino snippets appear on Tools & Technologies, Careers, and other pages.

Evidence: Injected Casino Content in HTML Source (4 Languages)

Extracted directly from the homepage HTML via view-source:https://ehealthcaresolutions.com:

🇫🇷 French — Casino Links

            <a href="twincasino-online.fr">twincasino</a>

            <a href="spin-million-casino.fr">spin million casino</a>

            <a href="win-bet-casino.fr">win bet</a>

            <a href="lucky-31.org">lucky 31 casino</a>

🇨🇳 Chinese — USDT Crypto Gambling

            USDT在线赌场 — Stake.com, BC.Game, Cloudbet, TrustDice

            <a href="cn-casino.net/deposit-method/usdt-tether/">USDT在线赌场</a>

🇦🇺 English — Australian Casinos

            <a href="online-casinos-kuwait.com/en/">online-casinos-kuwait.com</a>

            <a href="fair-go-casino.com/sister-sites/">fair-go-casino.com</a>

🇨🇿 Czech — Bank Block Bypass

            České banky blokují gambling transakce: Česká spořitelna 68%, Komerční banka 62%…

            <a href="xenacasino.com/pl.html">xenacasino.com</a>

Attack Type	SEO Spam Injection (hidden text + outbound links to gambling domains)
Languages	French, Chinese, English, Czech — 4 separate spam campaigns
External Links	7+ gambling domains (twincasino-online.fr, spin-million-casino.fr, cn-casino.net, xenacasino.com, etc.)
Google Impact	Casino content actively indexed — appearing in Google search results for the domain
SEO Consequence	Risk of Google manual penalty, domain authority dilution, loss of healthcare-related rankings

CRITICAL 2. PHP 7.3.30 — End of Life Since December 2021

Evidence: HTTP response header: X-Powered-By: PHP/7.3.30
PHP 7.3 has received zero security patches for 4+ years. Known CVEs remain unpatched. This is likely the root cause of the spam injection above.
Action: Upgrade to PHP 8.1+ immediately. Test WordPress and all plugins for compatibility first.

CRITICAL 3. All 7 Modern Security Headers Missing

Evidence from HTTP response:

Strict-Transport-Security (HSTS) — MISSING
X-Frame-Options — MISSING
X-Content-Type-Options — MISSING
Content-Security-Policy — MISSING
X-XSS-Protection — MISSING
Referrer-Policy — MISSING
Permissions-Policy — MISSING

Only header found: X-Powered-By: PHP/7.3.30 (should be REMOVED — exposes server info)

Impact: Vulnerable to clickjacking, XSS, MIME-type sniffing, protocol downgrade attacks. Pharma compliance teams may flag this during vendor reviews.

High Priority Findings

4. Slow Server Response

TTFB: 1.38 seconds (benchmark: <0.8s)
Total load: 1.97s. HTML alone: 85.6 KB.
Server: Apache on Amazon Linux with OpenSSL 1.0.2k (EOL since Dec 2019).

Cache-Control: no-store, no-cache
Pragma: no-cache
Expires: Thu, 19 Nov 1981

No browser caching at all — every visit is a full server round-trip.

5. Heavy Third-Party Script Payload

10+ tracking/analytics scripts loading on every page:

Google Tag Manager (GTM-MQZSCH8)
Google Analytics 4 (G-959CLPZ108)
Facebook Pixel (235559963845072)
LinkedIn Insight Tag (3328426)
ZoomInfo Pixel
Pardot (piAId: 956883, piCId: 3275)
Niva AI (ntag.js)
Wordfence • Master Slider • Gravity Forms • Advanced Ads

All compete for main thread, increasing Total Blocking Time significantly.

SEO — On-Page Issues

6. Homepage H1 & Headings Have No Keywords

H1: "BEING IN ONE PLACE IS NOT ENOUGH" — no mention of healthcare, advertising, pharma, HCP, or publishers.
H2s: "USING OUR SCALE" • "BY BLENDING IN. STAND OUT" — marketing slogans, not SEO-friendly.
Best practice: H1 should clearly state what the page/business does. e.g., "Healthcare Digital Advertising Network — Connecting Pharma Brands with HCPs"

7. Page Titles Keyword-Stuffed, Missing Brand

Page	Current Title	Issue
Homepage	"Healthcare Marketing Agency \| Healthcare Digital Marketing Agency"	Repeats "Healthcare" • No brand name
Advertisers	"Pharmaceutical Advertising Agency \| Marketing for Pharmaceutical"	Grammatically awkward • No brand
Publishers	"Medical Publishers \| Medical Marketing Agency"	Generic • Could be any company

Recommendation: Include "eHealthcare Solutions" or "EHS" in all page titles. Use natural language, not keyword lists.

8. Schema Markup — Basic, Missing Key Types

Present: Organization, WebSite, WebPage (basic JSON-LD via Yoast).
Missing: Product/Service (for TapNative, TrendMD, EHSx, etc.) • FAQ (for blog content) • LocalBusiness (they have a physical address) • Review (they have client testimonials from AstraZeneca, Lilly).
Rich schema = rich snippets in Google = higher CTR.

SEO Metadata Coverage — All 15 Key Pages

Page	Title	Meta Desc	H1	OG Image	Images (no alt)
Homepage	OK	OK	MISSING	NO	15 imgs (10 no alt)
Advertisers	OK	OK	OK	NO	9 imgs (5 no alt)
Publishers	OK	OK	OK	NO	9 imgs (5 no alt)
Blog	OK	MISSING	MISSING	NO	13 imgs (4 no alt)
Management	OK	OK	OK	NO	9 imgs (8 no alt)
Contact Us	OK	OK	OK	NO	5 imgs (4 no alt)
Native	OK	MISSING	MISSING	NO	7 imgs (4 no alt)
Careers	OK	MISSING	OK	NO	8 imgs (4 no alt)
EHSX	OK	MISSING	OK	YES	6 imgs (5 no alt)
Privacy	OK	OK	OK	NO	5 imgs (4 no alt)
Subscribe	OK	MISSING	OK	NO	5 imgs (4 no alt)
Ad Specs	OK	OK	OK	NO	5 imgs (4 no alt)
About	OK	MISSING	MISSING	NO	8 imgs (7 no alt)
Sitemap Page	OK	MISSING	OK	NO	5 imgs (4 no alt)
PLD	OK	MISSING	OK	NO	6 imgs (5 no alt)

8/15 pages missing meta description | 4/15 pages missing H1 | 14/15 pages missing OG image | 15/15 have page titles ✔

Image Alt Text Compliance

Alt Text Coverage: 39.2% compliant

47 images WITH alt (39.2%) 73 images MISSING alt (60.8%)

No alt text

of 120 total

Impact: Screen reader inaccessibility (WCAG 2.1 AA violation). Google cannot understand un-labelled images — missed keyword opportunities. Management page worst: 8 of 9 team headshots have no alt text.

SEO — Technical Issues

9. Stale Pages Wasting Crawl Budget

Evidence from page-sitemap.xml: Multiple pages haven't been updated in 5-10 years:

Page	Last Updated
/viewability-toolkit/	Apr 2015
/white-paper-request/	Jul 2015
/virtual-reality.../	Jul 2016
/press/	Jul 2016
/whitepapers/	Aug 2016
/native/	Feb 2017

Also: orphaned pages like /13909-2/, /welcome-2up/, /welcome-no-pic/ still indexed.

10. Sitemap Includes Attachments

Evidence: sitemap_index.xml contains attachment-sitemap.xml — indexing WordPress media library images as standalone pages.

Impact: Wastes crawl budget. Google indexes image attachment pages with zero content value. These "thin" pages dilute overall site quality signals.

Fix: Disable attachment sitemap in Yoast SEO settings. Redirect attachment URLs to parent posts.

Technical SEO Positives — Canonical & Link Health

✔ Canonical Tags: All Correct

Canonical URLs present and self-referencing on all 15 pages audited. No duplicate content or cross-domain canonical issues detected. Yoast SEO generating these correctly.

✔ Zero Broken Internal Links

0 broken links found across 25 internal navigation links checked. All primary nav links (Home, Advertisers, Publishers, Blog, Contact, etc.) return HTTP 200. Good link hygiene maintained.

Visual Evidence — Blog & Key Pages

Blog Archives

158 pages of posts since 2006

All by single author: Donna Pacheco

Management Team

4 team members only

Left: Blog page showing formulaic AI-pattern titles ("The X of Y: Why Z"). 3-4 posts/week, all by one author. Right: Management team — Patricia Sweeney is VP Marketing, Client Operations & Proposal Strategy.

Content & Blog Analysis

11. Blog Volume Strong, Quality Concerns

Volume: 158 pages of posts (10/page). Content since 2006. 2 post-sitemap files with 1,000+ URLs. Active: 3-4 posts/week in March 2026.
Concern: All recent posts by single author (Donna Pacheco). Titles follow formulaic patterns: "The X of Y: Why Z". High frequency + single author + formulaic patterns suggest AI-generated content.
Risk: Google's Helpful Content Update penalizes mass low-value AI content. If flagged, entire blog section could lose rankings.
Sample titles (Mar 19-27, 2026):

"When Pharma Meets Telehealth Marketing: The Rise of..."
"The New Rules of Pharma Advertising: What Recent..."
"The Shift Away From Search: Why Pharma Budgets..."
"The Zero-Click Reality: What AI Search Is Taking..."
"The Transparency Imperative: Why Pharma Advertising..."
"The HCP Media Fatigue Problem: Why Even High-Value..."
"The Physician Network Effect: How Medical Communities..."

Advertisers Page

Generic services list — no individual product pages

Advertisers page lists capabilities generically. No dedicated landing pages for TapNative, TrendMD, EHSx, eNewsBriefs, HIS, or Drugs.com Sponsorship. Each product deserves its own page with pricing, case studies, and CTA.

Conversion & Content Gaps

Missing Product Pages

No dedicated landing pages for individual products:

TapNative (native CPC)	No page
TrendMD (native text)	No page
EHSx Display/Video	No page
eNewsBriefs (email)	No page
HIS (High Impact)	No page
Drugs.com Sponsorship	No page

Missing Conversion Elements

Client case studies w/ ROI	None
Scheduling tool (Calendly)	None
Live chat / chatbot	None
EHSX demo/trial CTA	None
ROI calculator	None
Gated content strategy	None
Pricing transparency	None

Trust & Credibility Concerns

12. comScore #1 Ranking Cites 2016 Data

Evidence: Multiple pages claim "Ranked #1 by comScore for Healthcare Professional audience reach" — sourced from March 2016 (10 years old).
Risk: Pharma clients may question validity. If ranking no longer holds, this becomes misleading. Competitors (DeepIntent, Doceree, PulsePoint) have emerged since 2016.
Action: Either update with current data or rephrase as historical achievement.

Technology Stack

Component	Current	Status	Notes
CMS	WordPress	OK	Widely supported, active updates
PHP	7.3.30	EOL Dec 2021	4+ years without security patches
Server	Apache 2.4.61 / Amazon	OK	Current version
OpenSSL	1.0.2k-fips	EOL Dec 2019	6+ years without updates
SSL Cert	Let's Encrypt R13	Expiring Jun 4	Auto-renewal assumed but verify
SEO Plugin	Yoast SEO	OK	Generating sitemaps correctly
Security	Wordfence	Ineffective	Installed but spam injection not caught
Theme	"totalbusiness"	Unknown	Obscure theme, security update risk
Forms	Gravity Forms	OK	2 forms detected (ID 13, 38)
Slider	Master Slider	Outdated	jQuery dependency, performance drag

User Experience & Design

Navigation (11 top-level items)

Home • Advertisers • Publishers • What We Do • Subscribe • EHSX • Press • Blog • Careers • Management Team • Contact Us

Industry standard: 5-7 items. 11 items create decision fatigue. No dropdown/mega-menu structure.

Social Media Presence

Facebook	Present	/eHealthcareSolutions
LinkedIn	Present	/company/ehealthcare-solutions
Twitter/X	Present	@E_HS
YouTube	Missing	Have video content but no channel
Instagram	Missing

Prioritized Action Items — Effort / Impact Matrix

#	Effort	Impact	Action	Timeline	Owner
1	LOW	CRITICAL	Remove spam/casino content injection	Immediate	Dev
2	MEDIUM	CRITICAL	Upgrade PHP 7.3 → PHP 8.1+	1 week	Dev/Host
3	LOW	HIGH	Add all 7 missing security headers (HSTS, CSP, X-Frame, etc.)	1 day	Dev
4	LOW	HIGH	Enable browser caching (Cache-Control headers, WP plugin)	1 day	Dev
5	MEDIUM	HIGH	Add keyword-focused H1 to 4 pages (Homepage, Blog, Native, About)	1 week	SEO/Copy
6	MEDIUM	HIGH	Write meta descriptions for 8 missing pages	1 week	SEO/Copy
7	MEDIUM	MEDIUM	Add alt text to 73 missing image attributes (accessibility + SEO)	2 weeks	SEO
8	LOW	MEDIUM	Disable attachment sitemap in Yoast SEO settings	1 day	SEO/Dev
9	MEDIUM	MEDIUM	Remove or redirect 7 stale pages (last updated 2015–2017)	1 week	SEO/Dev
10	HIGH	HIGH	Create product landing pages (TapNative, TrendMD, EHSx, eNewsBriefs, HIS, Drugs.com)	1 month	Dev/Copy
11	MEDIUM	MEDIUM	Add Product & FAQ schema markup to service and blog pages	2 weeks	Dev/SEO
12	HIGH	MEDIUM	Audit blog content quality — identify AI-generated vs. human-authored posts	2 weeks	Content

What's Working Well

robots.txt

Well configured. Blocks AI crawlers. Allows search engines + SEO tools.

Client Testimonials

AstraZeneca & Lilly quotes on homepage. Strong social proof.

Blog Consistency

20 years of content. 3-4 posts/week in 2026. Relevant topics.

Tracking Setup

GA4, GTM, Facebook, LinkedIn, Pardot, ZoomInfo all connected.

Newsletter CTA

"The Connection" subscription form with reCAPTCHA on homepage.

HTTPS + Schema

SSL active. Basic Organization + WebSite JSON-LD present.

Opportunity Roadmap for BEUP

Immediate

Security Remediation

Remove spam injection. Upgrade PHP to 8.1+. Add all 7 security headers. Audit Wordfence config.

Immediate

Performance Fix

Enable browser caching. Optimize TTFB. Audit and defer non-critical scripts. Upgrade OpenSSL.

Immediate

QuoteMD Platform

Convert Excel calculator to web app. Campaign builder, pricing engine, PDF proposals.

3-6 Months

SEO Overhaul

Fix H1/titles. Add rich schema. Clean stale pages. Remove attachment indexing.

3-6 Months

Product Landing Pages

Create individual pages for TapNative, TrendMD, EHSx, eNewsBriefs, HIS, Drugs.com.

3-6 Months

Conversion Optimization

Add case studies, scheduling tool, EHSX demo CTA, gated content, ROI calculator.

Strategic

Website Redesign

Modern theme. Simplified navigation. Mobile-first. Consistent design system.

Strategic

Content Strategy

Audit blog quality. Add client case studies with ROI data. Webinar library. Thought leadership.

Strategic

Client Portal

Ties into QuoteMD. Campaign tracking, proposal history, analytics dashboard for advertisers.

Methodology & Evidence Sources

Direct analysis performed on March 28, 2026:
• HTTP response headers via curl -sI ehealthcaresolutions.com
• HTML source inspection of homepage, /advertisers/, /for-publishers/, /management/, /blog/
• Sitemap XML analysis: sitemap_index.xml (13 sub-sitemaps), page-sitemap.xml (96 pages), post-sitemap1.xml (1,000+ posts)
• robots.txt directive analysis
• SSL certificate verification via openssl s_client
• Server response time measurement via curl (TTFB, total load, page size)
• Google search index analysis
• Market research: healthcare digital ad spend data (eMarketer 2025), competitive landscape

Scores are BEUP's assessment based on industry best practices, OWASP security standards, Google's Web Vitals guidelines, and Yoast SEO recommendations. They represent a directional evaluation, not a certified audit.

★

Key Insight for Patricia

Patricia Sweeney's title is VP Marketing, Client Operations & Proposal Strategy. QuoteMD directly addresses her "Proposal Strategy" responsibility. The website audit findings create a natural conversation: "We found these issues while preparing the QuoteMD proposal — happy to discuss both."

Evidence Screenshots — Captured March 28, 2026

Desktop — 1440px

Homepage Desktop

Above fold. H1: "Being in one place is not enough" (no keywords). 11 navigation items.

Mobile — 390px

Homepage Mobile

Responsive layout. Text hierarchy unclear on mobile. Navigation collapses to hamburger.

Full Page Scroll

Complete homepage. Shows testimonials (AstraZeneca, Lilly), comScore badge, newsletter CTA.

Blog Archives

158 pages of posts

Blog Archives

Formulaic titles. All recent posts by single author (Donna Pacheco). 3-4 posts/week.

Advertisers Page

No product pages

Advertisers Page

Generic capabilities listed. No dedicated pages per product (TapNative, TrendMD, EHSx, etc.).

Management Team

4 team members only

Management Team

4 executives listed. Patricia Sweeney: VP Marketing, Client Operations & Proposal Strategy. 8/9 team images missing alt text.

Deep-Dive Page Screenshots

Native

/native/

Last updated: Feb 2017 (stale). Missing H1 & meta desc.

Careers

/careers/

Missing meta description. No open positions shown.

EHSx

/ehsx/

Only page with OG image. Missing meta desc. Good product focus.

Privacy

/privacy-policy/

Well-structured. Title, meta, H1 all present. 4/5 images no alt.

/subscribe/

Newsletter "The Connection." Missing meta description.

Additional Evidence

Contact Page

Gravity Forms integration. Physical address present (good for LocalBusiness schema). No scheduling tool (Calendly or similar).

For Publishers

For Publishers Page

Slowest page tested (TTFB 1.69s). H1 present. 5 images, 5 missing alt text. Mentions 85+ exclusive publishers & 400+ properties.

Audit Scope & Methodology Note
All screenshots captured March 28, 2026 at 1440px desktop width (Chrome) and 390px mobile. Performance data collected via curl with 3 measurements per page (average shown). SEO metadata extracted via HTML source inspection. This is a directional audit — a full crawl-based analysis using Screaming Frog or Semrush would surface additional issues at scale.

Website & Digital Audit Report

Strong Business. Neglected Digital Infrastructure.

Security Remediation

Performance Fix

QuoteMD Platform

SEO Overhaul

Product Landing Pages

Conversion Optimization

Website Redesign

Content Strategy

Client Portal