Area A6 checks
Security
HTTP security headers (HSTS, CSP), exposed files (.git, .env, backups), TLS configuration, SPF/DKIM/DMARC email authentication, and platform hardening for WordPress and PrestaShop.
I'm a
Every flaw in your store, shown with evidence — and the rule it breaks.
An independent audit you can act on — and defend.
Fifty-plus checks across security, GDPR, SEO, performance and accessibility. Each finding arrives with a screenshot from your own store and the precise rule behind it — in a report you can read in one sitting. No back-office access. Nothing changed without your approval.
Built for stores on WooCommerce · Shopify · PrestaShop · Shopware · Magento · Shoper · IdoSell · or fully custom
0+
control points per audit
0
audit areas, one checklist
3–5days
from brief to report
20–30pp
PDF you can act on
No matter the country, every check follows the rules that apply there.
France, Poland, anywhere across the EU — each finding points to the exact rule in play, for your lawyer to act on. Never a generic template.
01 — The audit
Five areas. Every check evidenced.
A fixed, repeatable checklist. Every finding is tied to a specific rule or standard — and proven with a screenshot from the store itself. Nothing is left as opinion.
Area B7 checks
Legal & GDPR
Terms, privacy & cookie policy, the legal notice, consumer-rights and Omnibus pages — checked for presence, technical wiring and obvious gaps, then flagged for a lawyer to confirm the wording.
Area C6 checks
SEO & AI
Schema.org structured data, meta and Open Graph tags, XML sitemaps, internal linking — and an llms.txt so AI search engines quote the store correctly, not its competitors.
Area D4 checks
Performance
Core Web Vitals (LCP, CLS, INP), next-gen images (WebP/AVIF), lazy loading, HTTP/2 and Brotli, caching and CDN — the speed Google measures and buyers feel in their thumbs.
Area E4 checks
UX & Accessibility
Checkout flow, mobile rendering, colour contrast, form labels and focus states — measured against the European Accessibility Act, in force for e-commerce since June 2025.
02 — Implementation
The audit finds it. The same hands fix it.
The report maps every problem. When you decide to act, the person who ran the audit does the work — no handoffs, no subcontractors, no “our team will be in touch”.
I
Legal pages — the technical side
I put the required legal pages live and wire them correctly — consent before cookies, the 30-day price banner, the withdrawal form, the right headers. You bring the legal wording — your own or your lawyer’s; I handle the technical side.
II
Security hardening
Security headers in place, exposed files closed, email authentication (SPF/DKIM/DMARC), two-factor access and platform hardening.
III
Performance
Core Web Vitals, image compression, lazy loading, HTTP/2 & Brotli, cache and CDN configured — measured before and after.
IV
SEO & structured data
Schema.org markup, meta and Open Graph tags, sitemaps, internal linking and AI-search readiness — so the right pages get found.
03 — How it works
Three steps. No surprises.
No access to your back office is required. Everything is verified from the outside — the way a regulator, a customer, or a competitor already sees it.
1
Audit
A read-only review across the five areas. Nothing on the store is touched, moved, or changed.
2
Report
A 20–30 page PDF. Every finding: the issue, a screenshot, the legal basis, and what it puts at risk.
3
Implementation
Only after your written approval — and only the scope you choose. You stay in control throughout.
04 — Why now
Small stores are targets too.
Enforcement stopped waiting for the big brands. Regulators check what is visible from the browser — and so can anyone who wants to file a complaint.
Accessibility
June 2025
The European Accessibility Act now covers online stores. A shop nobody can use with a keyboard is a shop that is legally exposed.
Data protection
up to €20M
GDPR fines reach €20M or 4% of annual turnover — and a cookie banner built the wrong way is enough to open a case.
Consumer law
Omnibus
Price-reduction rules, the legal guarantee and dispute resolution are all checked on the public pages of the shop.
The standard
A store carries risk in ways no dashboard shows you — a security header that was never set, a cookie that fires before consent, a price-cut shown without its 30-day low. I surface these — with proof — before a regulator, a customer, or a competitor does, and document every one, so the fix is never a debate.
Proven, not claimed
Every finding ships with a screenshot and the exact article behind it — GDPR, Omnibus, the European Accessibility Act. All of it checkable.
Priced by risk
Issues are ranked by what they truly expose — the fine, the breach, the lost checkout — so the dangerous things get handled first.
Built to be defended
Each finding gives a developer, a lawyer, and a regulator the same hard facts. No hand-waving, no “best-practice” filler.
“
★★★★★
What I valued most was the clear identification of specific errors — and the transparent explanation of what each one would actually cost me.
— Magdalena, admontem.pl
05 — About
One person. Start to finish.
I run Viromo alone — no subcontractors, no account managers. The person who runs the audit is the person who fixes it — and the person who picks up when you call.
Ten years inside online stores. I take a handful of clients a month, on purpose: every audit is read line by line, and every finding is one I can defend — to a developer, a lawyer, or a regulator.
Jakub PaśnikFounder & auditor — Viromo
06 — Contact
Send a store URL — I’ll send back the evidence.
Share the URL and what’s worrying you — your own shop or a client’s. You’ll get a sample report and a clear, fixed scope before anything begins.