Changes

https://xpenv.com

Compared to previous audit · 3 minutes ago View previous audit

Sao Paulo, Brazil → Singapore, Singapore

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (89)	B (88)	-1.000
Performance	A (94)	A (94)	—
Security	B (86)	B (86)	—
Accessibility	B (82)	B (83)	+1.000
SEO	A+ (97)	A+ (97)	—
Infrastructure	A (94)	B (88)	-6.000
Compliance	D (69)	D (69)	—
Content	A+ (99)	A+ (99)	—
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	6200	6500	+300
Accessibility	9600	9600	—
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9800	9900	+100
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	3.34 s	3.32 s	—
LCP	4.81 s	4.43 s	-378 ms
TBT	451 ms	486 ms	+36 ms
CLS	0.000	0.041	+0.041
Desktop FCP	714 ms	685 ms	-29 ms
Desktop LCP	1.04 s	985 ms	-54 ms
Desktop TBT	50 ms	60 ms	+10 ms
Desktop CLS	0.003	0.003	—
TTFB †	237 ms	36 ms	-201 ms
DNS †	5 ms	5 ms	-0 ms
TLS †	9 ms	9 ms	—
Connect †	1 ms	2 ms	+1 ms
Total †	238 ms	37 ms	-201 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

WARNING Unattributable: 381ms CPU time performance

WARNING https://xpenv.com/: 297ms CPU time performance

WARNING https://xpenv.com/assets/index-22d4mitO.js: 760ms CPU time performance

WARNING IPv6 DNS records exist but server is not reachable infrastructure

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 428ms CPU time performance

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 432ms CPU time performance

WARNING No favicon.ico at site root accessibility

WARNING https://xpenv.com/assets/index-22d4mitO.js: 676ms CPU time performance

WARNING Unattributable: 372ms CPU time performance

CRITICAL Content-Security-Policy header is missing security

CRITICAL No Content-Security-Policy header found security

CRITICAL Transfer efficiency: 40% sustainability

CRITICAL No H1 heading found accessibility

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING Login form does not contain a recognizable CSRF token security

WARNING No Permissions-Policy header security

WARNING Bare server default 404 page accessibility

WARNING No privacy policy link detected compliance

WARNING X-Frame-Options header is missing security

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING https://xpenv.com/assets/index-22d4mitO.js: 259 KB unused (64%) performance

WARNING No accessibility statement detected compliance

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Permissions-Policy header is missing security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING Registrar lock is NOT enabled infrastructure

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING Referrer-Policy header is missing security

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

WARNING <iframe> missing title attribute (src="") accessibility

cf-cache-status

DYNAMIC → HIT

last-modified

Mon, 25 May 2026 21:05:47 GMT → Mon, 25 May 2026 21:05:22 GMT

16 headers unchanged

Technology stack unchanged

9 technologies unchanged

Looking ahead

+10 pts

B (88) Could reach A+ (98)

Accessibility +17Security +14Compliance +10Sustainability +10Infrastructure +8Performance +6

Estimate — actual results may vary (28 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 89 → 88 -1 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

€14 in development time

Investment remaining

€2,288 to complete the remaining items

Ongoing risk

€0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	89 (B)	88 (B)	-1
Performance	94 (A)	94 (A)	0
Security	86 (B)	86 (B)	0
Accessibility	82 (B)	83 (B)	+1
SEO	97 (A+)	97 (A+)	0
Infrastructure	94 (A)	88 (B)	-6
Compliance	69 (D)	69 (D)	0
Content	99 (A+)	99 (A+)	0
Sustainability	88 (B)	88 (B)	0

Resolved (4)

https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 432ms CPU time (Performance)
→ Page loads faster for users
No favicon.ico at site root (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/assets/index-22d4mitO.js: 676ms CPU time (Performance)
→ Page loads faster for users
Unattributable: 372ms CPU time (Performance)
→ Page loads faster for users

Recommended next steps (28)

Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
Transfer efficiency: 40% (Sustainability)
Sprint 1
No H1 heading found (Accessibility)
Sprint 1
Unattributable: 381ms CPU time (Performance)
Sprint 1
https://xpenv.com/: 297ms CPU time (Performance)
Sprint 1
https://xpenv.com/assets/index-22d4mitO.js: 760ms CPU time (Performance)
Sprint 2
IPv6 DNS records exist but server is not reachable (Infrastructure)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 428ms CPU time (Performance)
Sprint 2
Cross-Origin-Embedder-Policy header is missing (Security)
Sprint 1
Login form does not contain a recognizable CSRF token (Security)
Sprint 1
No Permissions-Policy header (Security)
Sprint 1
Bare server default 404 page (Accessibility)
Sprint 2
No privacy policy link detected (Compliance)
Sprint 1
X-Frame-Options header is missing (Security)

…and 13 more recommended item(s)

Browse & Analyze

Learn