Skip to content

Changes

https://xpenv.com
Compared to previous audit · 2 minutes ago View previous audit

Singapore, Singapore New York, United Stated

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

4
New issues
4
Resolved
12
score changes
CategoryPreviousCurrentChange
CompositeB (89)B (89)
PerformanceA (94)A (94)
SecurityB (86)B (86)
AccessibilityB (82)B (82)
SEOA+ (97)A+ (97)
InfrastructureA (94)A (94)
ComplianceD (69)D (69)
ContentA+ (99)A+ (99)
SustainabilityB (88)B (88)
MetricPreviousCurrentChange
Performance 66006200 -400
Accessibility 96009600
Best Practices 73007300
SEO 1000010000
PWA 00
Desktop Performance 98009800
Desktop Accessibility 1000010000
Desktop Best Practices 73007300
Desktop SEO 1000010000
FCP 3.34 s3.34 s
LCP 4.63 s4.81 s +178 ms
TBT 409 ms451 ms +42 ms
CLS 0.0410.000 -0.041
Desktop FCP 704 ms714 ms +10 ms
Desktop LCP 998 ms1.04 s +41 ms
Desktop TBT 42 ms50 ms +8 ms
Desktop CLS 0.0030.003
TTFB 166 ms237 ms +71 ms
DNS 6 ms5 ms -1 ms
TLS 8 ms9 ms +1 ms
Connect 2 ms1 ms -1 ms
Total 167 ms238 ms +71 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Transfer efficiency: 40% sustainability
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 432ms CPU time performance
WARNING Unattributable: 372ms CPU time performance
WARNING https://xpenv.com/assets/index-22d4mitO.js: 676ms CPU time performance
CRITICAL Transfer efficiency: 41% sustainability
WARNING Unattributable: 335ms CPU time performance
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 314ms CPU time performance
WARNING https://xpenv.com/assets/index-22d4mitO.js: 641ms CPU time performance
CRITICAL Content-Security-Policy header is missing security
CRITICAL No Content-Security-Policy header found security
CRITICAL No H1 heading found accessibility
WARNING <iframe> missing title attribute (src="") accessibility
WARNING Cross-Origin-Embedder-Policy header is missing security
WARNING Bare server default 404 page accessibility
WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance
WARNING Registrar lock is NOT enabled infrastructure
WARNING No privacy policy link detected compliance
WARNING Cross-Origin-Opener-Policy header is missing security
WARNING No Permissions-Policy header security
WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance
WARNING X-Frame-Options header is missing security
WARNING Permissions-Policy header is missing security
WARNING 3 field(s) would benefit from inputmode attribute accessibility
WARNING No favicon.ico at site root accessibility
WARNING https://xpenv.com/assets/index-22d4mitO.js: 259 KB unused (64%) performance
WARNING No accessibility statement detected compliance
WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security
WARNING Referrer-Policy header is missing security
WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security
WARNING Login form does not contain a recognizable CSRF token security
WARNING 3 field(s) missing recommended autocomplete attribute accessibility
last-modified
Mon, 25 May 2026 20:47:42 GMT Mon, 25 May 2026 21:05:47 GMT
x-ipfs-roots
bafybeicgqz67zg4pylywclj6qva5xriyhkjnackejto6vudfe5xeog5mwu bafybeid5ruov7wg4rm4gbhqabmoxcrpactyqdxun6wp5fscpiikayrub5m

16 headers unchanged

Technology stack unchanged

9 technologies unchanged

Looking ahead

+9 pts
B (89) Could reach A+ (98)
Accessibility +18Security +14Compliance +10Sustainability +10Performance +6Infrastructure +4

Estimate — actual results may vary (27 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 89 → 89 0 pts

4

Resolved

4

New issues

23

Still remaining

Financial summary

Investment remaining

€2,217 to complete the remaining items

Ongoing risk

€0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

MetricBeforeAfterChange
Overall score89 (B)89 (B)0
Performance94 (A)94 (A)0
Security86 (B)86 (B)0
Accessibility82 (B)82 (B)0
SEO97 (A+)97 (A+)0
Infrastructure94 (A)94 (A)0
Compliance69 (D)69 (D)0
Content99 (A+)99 (A+)0
Sustainability88 (B)88 (B)0

Resolved (4)

  • Unattributable: 335ms CPU time (Performance)

    → Page loads faster for users

  • https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 314ms CPU time (Performance)

    → Page loads faster for users

  • https://xpenv.com/assets/index-22d4mitO.js: 641ms CPU time (Performance)

    → Page loads faster for users

  • Transfer efficiency: 41% (Sustainability)

    → Lower carbon footprint per page view

Recommended next steps (27)

  • Sprint 1

    Transfer efficiency: 40% (Sustainability)

  • Sprint 2

    Content-Security-Policy header is missing (Security)

  • Sprint 2

    No Content-Security-Policy header found (Security)

  • Sprint 1

    No H1 heading found (Accessibility)

  • Sprint 1

    https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 432ms CPU time (Performance)

  • Sprint 1

    Unattributable: 372ms CPU time (Performance)

  • Sprint 1

    https://xpenv.com/assets/index-22d4mitO.js: 676ms CPU time (Performance)

  • Sprint 1

    <iframe> missing title attribute (src="") (Accessibility)

  • Sprint 2

    Cross-Origin-Embedder-Policy header is missing (Security)

  • Sprint 1

    Bare server default 404 page (Accessibility)

  • Sprint 1

    Main HTML cached for 1440 minutes -- risks stale auth / SPA state (Performance)

  • Sprint 1

    Registrar lock is NOT enabled (Infrastructure)

  • Sprint 2

    No privacy policy link detected (Compliance)

  • Sprint 1

    Cross-Origin-Opener-Policy header is missing (Security)

  • Sprint 1

    No Permissions-Policy header (Security)

…and 12 more recommended item(s)

Send Feedback