Skip to content

Changes

https://xpenv.com
Compared to previous audit · 19 minutes ago View previous audit

Singapore, Singapore Madrid, Spain

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

14
New issues
17
Resolved
20
score changes
CategoryPreviousCurrentChange
CompositeB (85)B (87) +2.000
PerformanceA (95)A (94) -1.000
SecurityC (78)B (85) +7.000
AccessibilityB (84)B (80) -4.000
SEOB (85)A (96) +11.000
InfrastructureA (94)A (92) -2.000
ComplianceD (66)D (63) -3.000
ContentC (76)A+ (99) +23.000
SustainabilityB (88)B (88)
MetricPreviousCurrentChange
Performance 75006800 -700
Accessibility 96009600
Best Practices 73007300
SEO 1000010000
PWA 00
Desktop Performance 99009800 -100
Desktop Accessibility 1000010000
Desktop Best Practices 73007300
Desktop SEO 1000010000
FCP 3.33 s3.38 s +49 ms
LCP 3.84 s3.83 s
TBT 267 ms490 ms +223 ms
CLS 0.0410.041
Desktop FCP 750 ms729 ms -21 ms
Desktop LCP 830 ms1.03 s +199 ms
Desktop TBT 31 ms50 ms +19 ms
Desktop CLS 0.0030.003
TTFB 226 ms245 ms +20 ms
DNS 49 ms8 ms -41 ms
TLS 23 ms8 ms -15 ms
Connect 17 ms1 ms -15 ms
Total 226 ms246 ms +19 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Transfer efficiency: 42% sustainability
WARNING <iframe> missing title attribute (src="") accessibility
WARNING Unattributable: 380ms CPU time performance
WARNING Login form does not contain a recognizable CSRF token security
WARNING Heading level skipped: H1 → H3 (missing H2) accessibility
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 368ms CPU time performance
WARNING No privacy policy link detected compliance
WARNING 1 publicly-accessible JavaScript source map(s) security
WARNING 3 field(s) missing recommended autocomplete attribute accessibility
WARNING https://xpenv.com/assets/index-C48drCrh.js: 747ms CPU time performance
WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance
WARNING 3 field(s) would benefit from inputmode attribute accessibility
WARNING https://xpenv.com/assets/index-C48drCrh.js: 260 KB unused (63%) performance
WARNING Privacy Policy not detected compliance
CRITICAL Cookie '__cflb' is missing the Secure flag security
CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security
CRITICAL Page has only 47 words — nearly empty seo
CRITICAL 1 non-essential cookie(s) set without consent banner compliance
CRITICAL Transfer efficiency: 41% sustainability
WARNING https://xpenv.com/assets/index-GzZQg3V_.js: 459ms CPU time performance
WARNING No internal links found seo
WARNING Thin content — only 47 words seo
WARNING https://xpenv.com/assets/index-GzZQg3V_.js: 289 KB unused (63%) performance
WARNING Title is only 16 characters — consider expanding seo
WARNING No Open Graph meta tags found content
WARNING 2 link(s) open in new tab without warning accessibility
WARNING No canonical tag found seo
WARNING Unattributable: 311ms CPU time performance
WARNING SRI adoption: 0/1 third-party resources protected (0%) security
WARNING External script from challenges.cloudflare.com lacks integrity attribute security
WARNING No meta description tag found seo
CRITICAL No Content-Security-Policy header found security
CRITICAL Content-Security-Policy header is missing security
CRITICAL Soft 404: server returns HTTP 200 for non-existent pages accessibility
WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility
WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance
WARNING No <nav> landmark found accessibility
WARNING Cross-Origin-Opener-Policy header is missing security
WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security
WARNING Cross-Origin-Embedder-Policy header is missing security
WARNING No Permissions-Policy header security
WARNING X-Frame-Options header is missing security
WARNING Permissions-Policy header is missing security
WARNING Dead-end page — no outgoing internal links seo
WARNING Registrar lock is NOT enabled infrastructure
WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security
WARNING Referrer-Policy header is missing security
WARNING No accessibility statement detected compliance
WARNING Terms of Service not detected compliance
set-cookie __cflb=0H28v9ux15f5263BL1Rnd4DNQgph3F7ccMM1x6MUagt; SameSite=Lax; path=/; exp...
cache-control
no-store max-age=86400
last-modified
Mon, 25 May 2026 02:40:37 GMT Mon, 25 May 2026 02:42:45 GMT
x-ipfs-roots
bafybeicgeisyngoxppp4rzshdwwr7oidtxmq52wtg6jd6zk7ejzfn26l6q bafybeibv4l6siquomy46iagzb5poeezua7nqrzp627fsna4xru6kdo7ewa
x-cf-ipfs-cache-status
miss hit

14 headers unchanged

+ PWA Miscellaneous
+ React JavaScript frameworks
+ React Router JavaScript frameworks v7.15.0
+ Bootstrap Framework
+ Open Graph Miscellaneous
Cloudflare Turnstile Security
AngularJS JavaScript frameworks

4 technologies unchanged

Looking ahead

+11 pts
B (87) Could reach A+ (98)
Accessibility +20Compliance +16Security +15Sustainability +10Performance +6Infrastructure +4SEO +4

Estimate — actual results may vary (32 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 85 → 87 +2 pts

17

Resolved

14

New issues

18

Still remaining

Financial summary

Investment delivered

$3,108 in development time

Investment remaining

$2,792 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

MetricBeforeAfterChange
Overall score85 (B)87 (B)+2
Performance95 (A)94 (A)-1
Security78 (C)85 (B)+7
Accessibility84 (B)80 (B)-4
SEO85 (B)96 (A)+11
Infrastructure94 (A)92 (A)-2
Compliance66 (D)63 (D)-3
Content76 (C)99 (A+)+23
Sustainability88 (B)88 (B)0

Resolved (17)

  • Cookie '__cflb' is missing the Secure flag (Security)

    → Reduced attack surface for visitors

  • Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)

    → Reduced attack surface for visitors

  • https://xpenv.com/assets/index-GzZQg3V_.js: 459ms CPU time (Performance)

    → Page loads faster for users

  • No internal links found (SEO)

    → Better search engine visibility

  • Thin content — only 47 words (SEO)

    → Better search engine visibility

  • https://xpenv.com/assets/index-GzZQg3V_.js: 289 KB unused (63%) (Performance)

    → Page loads faster for users

  • Title is only 16 characters — consider expanding (SEO)

    → Better search engine visibility

  • Page has only 47 words — nearly empty (SEO)

    → Better search engine visibility

  • No Open Graph meta tags found (Content)

    → Stronger social sharing and on-page quality

  • 2 link(s) open in new tab without warning (Accessibility)

    → Improved usability for assistive technology users

  • No canonical tag found (SEO)

    → Better search engine visibility

  • Unattributable: 311ms CPU time (Performance)

    → Page loads faster for users

  • SRI adoption: 0/1 third-party resources protected (0%) (Security)

    → Reduced attack surface for visitors

  • External script from challenges.cloudflare.com lacks integrity attribute (Security)

    → Reduced attack surface for visitors

  • No meta description tag found (SEO)

    → Better search engine visibility

…and 2 more resolved issue(s)

Recommended next steps (32)

  • Sprint 1

    Transfer efficiency: 42% (Sustainability)

  • Sprint 2

    No Content-Security-Policy header found (Security)

  • Sprint 2

    Content-Security-Policy header is missing (Security)

  • Sprint 1

    Soft 404: server returns HTTP 200 for non-existent pages (Accessibility)

  • Sprint 1

    <iframe> missing title attribute (src="") (Accessibility)

  • Sprint 1

    Unattributable: 380ms CPU time (Performance)

  • Sprint 1

    Login form does not contain a recognizable CSRF token (Security)

  • Sprint 2

    Heading level skipped: H1 → H3 (missing H2) (Accessibility)

  • Sprint 1

    https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 368ms CPU time (Performance)

  • Sprint 2

    No privacy policy link detected (Compliance)

  • Sprint 1

    1 publicly-accessible JavaScript source map(s) (Security)

  • Sprint 1

    3 field(s) missing recommended autocomplete attribute (Accessibility)

  • Sprint 1

    https://xpenv.com/assets/index-C48drCrh.js: 747ms CPU time (Performance)

  • Sprint 1

    Main HTML cached for 1440 minutes -- risks stale auth / SPA state (Performance)

  • Sprint 1

    3 field(s) would benefit from inputmode attribute (Accessibility)

…and 17 more recommended item(s)

Send Feedback