Skip to content

Changes

https://xpenv.com
Compared to previous audit · 4 minutes ago View previous audit

Sao Paulo, Brazil Madrid, Spain

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

9
New issues
17
Resolved
16
score changes
CategoryPreviousCurrentChange
CompositeB (85)B (89) +4.000
PerformanceA (94)A (94)
SecurityC (79)B (86) +7.000
AccessibilityB (84)B (83) -1.000
SEOB (85)A+ (97) +12.000
InfrastructureA (94)A (94)
ComplianceC (70)D (69) -1.000
ContentC (76)A+ (99) +23.000
SustainabilityB (88)B (88)
MetricPreviousCurrentChange
Performance 76006800 -800
Accessibility 96009600
Best Practices 73007300
SEO 1000010000
PWA 00
Desktop Performance 99009900
Desktop Accessibility 1000010000
Desktop Best Practices 73007300
Desktop SEO 1000010000
FCP 3.31 s3.33 s
LCP 3.61 s3.78 s +165 ms
TBT 316 ms518 ms +202 ms
CLS 0.0410.041
Desktop FCP 685 ms687 ms
Desktop LCP 979 ms994 ms +16 ms
Desktop TBT 22 ms53 ms +31 ms
Desktop CLS 0.0030.003
TTFB 152 ms47 ms -106 ms
DNS 1 ms5 ms +4 ms
TLS 24 ms12 ms -11 ms
Connect 17 ms1 ms -15 ms
Total 153 ms47 ms -105 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

WARNING Login form does not contain a recognizable CSRF token security
WARNING Multiple H1 headings (2 found) accessibility
WARNING 3 field(s) missing recommended autocomplete attribute accessibility
WARNING Unattributable: 405ms CPU time performance
WARNING 3 field(s) would benefit from inputmode attribute accessibility
WARNING https://xpenv.com/assets/index-Fonr1rK_.js: 786ms CPU time performance
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 436ms CPU time performance
WARNING No privacy policy link detected compliance
WARNING <iframe> missing title attribute (src="") accessibility
CRITICAL Page has only 47 words — nearly empty seo
CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security
WARNING Unattributable: 356ms CPU time performance
WARNING No Open Graph meta tags found content
WARNING SRI adoption: 0/1 third-party resources protected (0%) security
WARNING External script from challenges.cloudflare.com lacks integrity attribute security
WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility
WARNING Dead-end page — no outgoing internal links seo
WARNING No meta description tag found seo
WARNING 2 link(s) open in new tab without warning accessibility
WARNING https://xpenv.com/assets/index-Fonr1rK_.js: 499ms CPU time performance
WARNING No canonical tag found seo
WARNING Title is only 16 characters — consider expanding seo
WARNING No internal links found seo
WARNING Thin content — only 47 words seo
WARNING Terms of Service not detected compliance
WARNING No <nav> landmark found accessibility
CRITICAL Content-Security-Policy header is missing security
CRITICAL Transfer efficiency: 41% sustainability
CRITICAL No Content-Security-Policy header found security
WARNING Permissions-Policy header is missing security
WARNING No Permissions-Policy header security
WARNING Bare server default 404 page accessibility
WARNING X-Frame-Options header is missing security
WARNING Cross-Origin-Embedder-Policy header is missing security
WARNING https://xpenv.com/assets/index-Fonr1rK_.js: 259 KB unused (64%) performance
WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance
WARNING Cross-Origin-Opener-Policy header is missing security
WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security
WARNING Registrar lock is NOT enabled infrastructure
WARNING No accessibility statement detected compliance
WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance
WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security
WARNING Referrer-Policy header is missing security
last-modified
Mon, 25 May 2026 20:20:34 GMT Mon, 25 May 2026 20:17:46 GMT
cf-cache-status
MISS HIT

16 headers unchanged

+ Open Graph Miscellaneous
+ Bootstrap Framework
+ PWA Miscellaneous
+ React JavaScript frameworks
+ React Router JavaScript frameworks v7.15.0
AngularJS JavaScript frameworks
Cloudflare Turnstile Security

4 technologies unchanged

Looking ahead

+9 pts
B (89) Could reach A+ (98)
Accessibility +16Security +14Compliance +10Sustainability +10Performance +6Infrastructure +4

Estimate — actual results may vary (26 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 85 → 89 +4 pts

17

Resolved

9

New issues

17

Still remaining

Financial summary

Investment delivered

€1,700 in development time

Investment remaining

€2,231 to complete the remaining items

Ongoing risk

€0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

MetricBeforeAfterChange
Overall score85 (B)89 (B)+4
Performance94 (A)94 (A)0
Security79 (C)86 (B)+7
Accessibility84 (B)83 (B)-1
SEO85 (B)97 (A+)+12
Infrastructure94 (A)94 (A)0
Compliance70 (C)69 (D)-1
Content76 (C)99 (A+)+23
Sustainability88 (B)88 (B)0

Resolved (17)

  • Unattributable: 356ms CPU time (Performance)

    → Page loads faster for users

  • No Open Graph meta tags found (Content)

    → Stronger social sharing and on-page quality

  • SRI adoption: 0/1 third-party resources protected (0%) (Security)

    → Reduced attack surface for visitors

  • External script from challenges.cloudflare.com lacks integrity attribute (Security)

    → Reduced attack surface for visitors

  • Skip navigation link is missing (WCAG 2.4.1) (Accessibility)

    → Improved usability for assistive technology users

  • Dead-end page — no outgoing internal links (SEO)

    → Better search engine visibility

  • No meta description tag found (SEO)

    → Better search engine visibility

  • Page has only 47 words — nearly empty (SEO)

    → Better search engine visibility

  • Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)

    → Reduced attack surface for visitors

  • 2 link(s) open in new tab without warning (Accessibility)

    → Improved usability for assistive technology users

  • https://xpenv.com/assets/index-Fonr1rK_.js: 499ms CPU time (Performance)

    → Page loads faster for users

  • No canonical tag found (SEO)

    → Better search engine visibility

  • Title is only 16 characters — consider expanding (SEO)

    → Better search engine visibility

  • No internal links found (SEO)

    → Better search engine visibility

  • Thin content — only 47 words (SEO)

    → Better search engine visibility

…and 2 more resolved issue(s)

Recommended next steps (26)

  • Sprint 2

    Content-Security-Policy header is missing (Security)

  • Sprint 1

    Transfer efficiency: 41% (Sustainability)

  • Sprint 2

    No Content-Security-Policy header found (Security)

  • Sprint 1

    Login form does not contain a recognizable CSRF token (Security)

  • Sprint 1

    Multiple H1 headings (2 found) (Accessibility)

  • Sprint 1

    3 field(s) missing recommended autocomplete attribute (Accessibility)

  • Sprint 1

    Unattributable: 405ms CPU time (Performance)

  • Sprint 1

    3 field(s) would benefit from inputmode attribute (Accessibility)

  • Sprint 1

    https://xpenv.com/assets/index-Fonr1rK_.js: 786ms CPU time (Performance)

  • Sprint 1

    https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 436ms CPU time (Performance)

  • Sprint 2

    No privacy policy link detected (Compliance)

  • Sprint 1

    <iframe> missing title attribute (src="") (Accessibility)

  • Sprint 1

    Permissions-Policy header is missing (Security)

  • Sprint 1

    No Permissions-Policy header (Security)

  • Sprint 1

    Bare server default 404 page (Accessibility)

…and 11 more recommended item(s)

Send Feedback