Skip to main content
All Audits

Twelve companies. Real bugs, verified directly.

Every audit here is unpaid and unsolicited — independent, read-only reviews of real San Jose-area companies, government agencies, and law firms. No production access, every finding verified directly against the live site before publishing. Everything opens in a new tab, so you can work through all eleven without losing your place.

We publish real findings on real organizations because it's the only way to prove the audit itself is real — not to embarrass anyone, but because we'd rather show you the problem than tell you about it, in the hope of earning the chance to fix it.

Law Firm · San Jose, CA

Berliner Cohen LLP

A 50+ year, four-office San Jose law firm has a page where raw, unescaped HTML code leaks directly into a meta tag instead of a real description — and the broken code itself misspells the firm's own name. Confirmed against the homepage, which has a clean, correct version, so this is a specific page bug, not a sitewide failure. Shared on LinkedIn or Facebook, that page's preview would show broken code instead of a description.

1Meta tag leaking raw HTML
0Production access requested
4Findings, severity-ranked
Nonprofit News Organization · San Jose, CA

San José Spotlight

San Jose's own independent nonprofit newsroom has two real problems on the one page built to handle them: every email address on its Contact Us page renders as literal "[email protected]" placeholder text without JavaScript, and the link inviting readers to become a sustaining donor points to a staging server, not the real donation page. For a newsroom funded by reader donations, that's a direct risk to actual revenue.

4Emails unreadable without JS
1Donation link pointing to staging
3Findings, severity-ranked
Healthcare · Dialysis Provider · San Jose, CA

Satellite Healthcare

A 1,000+ employee, San Jose-based nonprofit kidney care provider has a real problem on its most important page: the tool patients use to find a dialysis center shows literal unrendered template code —{{ geolocationText }}and{{ errorMessage }}— instead of real text. Seven video links on the homepage also lead nowhere. For patients who may be elderly or vulnerable, that's not a cosmetic bug.

2Literal broken template tags found
7Dead video links on the homepage
3Findings, severity-ranked
Municipal Government · San Jose, CA

City of San José

The City's official site has a real, named ADA Coordinator and a genuine accessibility program — but six core informational pages, covering departments, official records, and a disability access grant program, return nothing but "please enable JavaScript" to anything that can't fully execute it, including search crawlers. For a government site, that's a real risk worth knowing about.

6Pages affected
0Production access requested
3Findings, severity-ranked
Credit Union · San Jose, CA

Meriwest Credit Union

A San Jose-headquartered credit union built a homepage section specifically to show off its real charitable giving — but when fetched the way a search crawler would, both dollar-amount stat headlines display "$0" instead of the real figures, which only appear in the text underneath. For a section built to demonstrate generosity, that's an unfortunate irony. The homepage also has no Open Graph or Twitter Card tags at all.

$0Shown instead of $47,836+
0Open Graph tags present
3Findings, severity-ranked
Automotive Dealer Group · San Jose, CA

Del Grande Dealer Group

The Bay Area's largest family-owned auto group, with 1,000+ employees and 17 dealerships, has a page whose own metadata lists the wrong contact email entirely — not a DGDG address, but the internal support inbox for Dealer Inspire, the third-party company that built their site. Any tool or directory reading that metadata for a contact would surface the platform vendor's inbox instead of DGDG's own.

1Vendor email leaking as DGDG's own
0Production access requested
3Findings, severity-ranked
Supply Chain Technology Consulting · San Jose, CA

Bristlecone

A 1,800+ consultant, San Jose-headquartered supply chain technology firm has a live legal page whose canonical tag points to a staging server instead of the real site — confirmed by checking it against another page on the same domain that correctly references itself. Six homepage video thumbnails also link to a blank page instead of the actual video.

1Live page leaking a staging URL
6Video links pointing nowhere
3Findings, severity-ranked
Electrical Engineering & Construction · San Jose, CA

Cupertino Electric

A 70-year, 5,300+ employee national contractor with $500M+ in annual revenue still has no meta description anywhere on its site — checked directly across the homepage, contact page, and about page. For a company bidding on data centers and public infrastructure, that's Google writing their search description for them instead of CEI controlling its own message.

3Pages checked, 0 meta descriptions
0Production access requested
3Findings, severity-ranked
Law Firm · San Jose, CA

Richard Burt Professional Law Corporation

An AV Preeminent-rated San Jose business attorney has three images on his own homepage — including his own headshot — carrying unedited AI-generated placeholder alt text, literally reading "Here's an alt tag for the image: Headshot of a man in a suit." Anyone using a screen reader hears the AI tool's instructions to itself instead of a real description.

3Images with unedited placeholder alt text
0Production access requested
2Findings, severity-ranked
Law Firm · San Jose, CA

Silicon Valley Law Group

A firm built specifically to serve technology companies, with a dedicated information security practice, has a homepage "Latest from the Blog" widget that renders as a completely empty, dead link instead of showing their actual most recent post — the one spot on the page built to showcase it.

1Homepage widget rendering empty
0Production access requested
1Finding, severity-ranked
Law Firm · San Jose, CA

SAC Attorneys LLP

A San Jose business and immigration firm's Spanish-language nav link carries a hardcoded Google Analytics linker parameter — a value meant to be generated fresh per visitor, written instead as a static string. Every visitor who clicks through gets stamped with the same stale session ID, quietly corrupting attribution for their Spanish-speaking traffic.

1Hardcoded analytics parameter
0Production access requested
2Findings, severity-ranked
Law Firm · San Jose, CA

Costanzo Law Firm, APC

Clicking the firm's own "Switch to ADA Accessible Theme" toggle — the version carrying their "WCAG AA 2.0 Accessible" footer badge — loads a literal unremoved developer placeholder, the text "CHANGEME," rendering directly above the homepage headline. The accessible version turns out to be a second, hand-maintained WordPress theme that drifts out of sync with the main site.

1Placeholder text live on production
0Production access requested
3Findings, severity-ranked

All audit links open in a new tab.

Questions about these audits

Does ZenMasterWorks audit government websites?

Yes. The City of San José audit above is a published, independent accessibility and technical review of a municipal government site. All government audits are unpaid, unsolicited, and route findings to the relevant named official.

Are these audits really unpaid and unsolicited?

Yes. Every audit on this page was performed without payment and without being asked for by the organization involved. No production access was requested for any of them.

Do you need access to our website to audit it?

No. Every finding here was verified directly against what's publicly live on the site — the same way any visitor or search engine encounters it.