Changes

https://xpenv.com

Compared to previous audit · 19 minutes ago View previous audit

Singapore, Singapore → Madrid, Spain

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (85)	B (87)	+2.000
Performance	A (95)	A (94)	-1.000
Security	C (78)	B (85)	+7.000
Accessibility	B (84)	B (80)	-4.000
SEO	B (85)	A (96)	+11.000
Infrastructure	A (94)	A (92)	-2.000
Compliance	D (66)	D (63)	-3.000
Content	C (76)	A+ (99)	+23.000
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	7500	6800	-700
Accessibility	9600	9600	—
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9900	9800	-100
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	3.33 s	3.38 s	+49 ms
LCP	3.84 s	3.83 s	—
TBT	267 ms	490 ms	+223 ms
CLS	0.041	0.041	—
Desktop FCP	750 ms	729 ms	-21 ms
Desktop LCP	830 ms	1.03 s	+199 ms
Desktop TBT	31 ms	50 ms	+19 ms
Desktop CLS	0.003	0.003	—
TTFB †	226 ms	245 ms	+20 ms
DNS †	49 ms	8 ms	-41 ms
TLS †	23 ms	8 ms	-15 ms
Connect †	17 ms	1 ms	-15 ms
Total †	226 ms	246 ms	+19 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Transfer efficiency: 42% sustainability

WARNING Heading level skipped: H1 → H3 (missing H2) accessibility

WARNING Unattributable: 380ms CPU time performance

WARNING https://xpenv.com/assets/index-C48drCrh.js: 260 KB unused (63%) performance

WARNING No privacy policy link detected compliance

WARNING Privacy Policy not detected compliance

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING 1 publicly-accessible JavaScript source map(s) security

WARNING https://xpenv.com/assets/index-C48drCrh.js: 747ms CPU time performance

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 368ms CPU time performance

WARNING Login form does not contain a recognizable CSRF token security

WARNING <iframe> missing title attribute (src="") accessibility

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security

CRITICAL Transfer efficiency: 41% sustainability

CRITICAL Page has only 47 words — nearly empty seo

CRITICAL 1 non-essential cookie(s) set without consent banner compliance

CRITICAL Cookie '__cflb' is missing the Secure flag security

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING 2 link(s) open in new tab without warning accessibility

WARNING https://xpenv.com/assets/index-GzZQg3V_.js: 459ms CPU time performance

WARNING No Open Graph meta tags found content

WARNING Unattributable: 311ms CPU time performance

WARNING No meta description tag found seo

WARNING Thin content — only 47 words seo

WARNING No internal links found seo

WARNING https://xpenv.com/assets/index-GzZQg3V_.js: 289 KB unused (63%) performance

WARNING No canonical tag found seo

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

WARNING Title is only 16 characters — consider expanding seo

CRITICAL Content-Security-Policy header is missing security

CRITICAL No Content-Security-Policy header found security

CRITICAL Soft 404: server returns HTTP 200 for non-existent pages accessibility

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING Dead-end page — no outgoing internal links seo

WARNING X-Frame-Options header is missing security

WARNING No accessibility statement detected compliance

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING Referrer-Policy header is missing security

WARNING Permissions-Policy header is missing security

WARNING No <nav> landmark found accessibility

WARNING Registrar lock is NOT enabled infrastructure

WARNING Terms of Service not detected compliance

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING No Permissions-Policy header security

WARNING Cross-Origin-Opener-Policy header is missing security

− set-cookie __cflb=0H28v9ux15f5263BL1Rnd4DNQgph3F7ccMM1x6MUagt; SameSite=Lax; path=/; exp...

cache-control

no-store → max-age=86400

x-cf-ipfs-cache-status

miss → hit

x-ipfs-roots

bafybeicgeisyngoxppp4rzshdwwr7oidtxmq52wtg6jd6zk7ejzfn26l6q → bafybeibv4l6siquomy46iagzb5poeezua7nqrzp627fsna4xru6kdo7ewa

last-modified

Mon, 25 May 2026 02:40:37 GMT → Mon, 25 May 2026 02:42:45 GMT

14 headers unchanged

+ Open Graph Miscellaneous

+ PWA Miscellaneous

+ React JavaScript frameworks

+ React Router JavaScript frameworks v7.15.0

+ Bootstrap Framework

− AngularJS JavaScript frameworks

− Cloudflare Turnstile Security

4 technologies unchanged

Looking ahead

+11 pts

B (87) Could reach A+ (98)

Accessibility +20Compliance +16Security +15Sustainability +10Performance +6Infrastructure +4SEO +4

Estimate — actual results may vary (32 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 85 → 87 +2 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$3,108 in development time

Investment remaining

$2,792 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	85 (B)	87 (B)	+2
Performance	95 (A)	94 (A)	-1
Security	78 (C)	85 (B)	+7
Accessibility	84 (B)	80 (B)	-4
SEO	85 (B)	96 (A)	+11
Infrastructure	94 (A)	92 (A)	-2
Compliance	66 (D)	63 (D)	-3
Content	76 (C)	99 (A+)	+23
Sustainability	88 (B)	88 (B)	0

Resolved (17)

External script from challenges.cloudflare.com lacks integrity attribute (Security)
→ Reduced attack surface for visitors
2 link(s) open in new tab without warning (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/assets/index-GzZQg3V_.js: 459ms CPU time (Performance)
→ Page loads faster for users
Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
→ Reduced attack surface for visitors
No Open Graph meta tags found (Content)
→ Stronger social sharing and on-page quality
Transfer efficiency: 41% (Sustainability)
→ Lower carbon footprint per page view
Unattributable: 311ms CPU time (Performance)
→ Page loads faster for users
No meta description tag found (SEO)
→ Better search engine visibility
Page has only 47 words — nearly empty (SEO)
→ Better search engine visibility
Thin content — only 47 words (SEO)
→ Better search engine visibility
No internal links found (SEO)
→ Better search engine visibility
https://xpenv.com/assets/index-GzZQg3V_.js: 289 KB unused (63%) (Performance)
→ Page loads faster for users
No canonical tag found (SEO)
→ Better search engine visibility
1 non-essential cookie(s) set without consent banner (Compliance)
→ Reduced regulatory exposure
Cookie '__cflb' is missing the Secure flag (Security)
→ Reduced attack surface for visitors

…and 2 more resolved issue(s)

Recommended next steps (32)

Sprint 1
Transfer efficiency: 42% (Sustainability)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
Soft 404: server returns HTTP 200 for non-existent pages (Accessibility)
Sprint 2
Heading level skipped: H1 → H3 (missing H2) (Accessibility)
Sprint 1
Unattributable: 380ms CPU time (Performance)
Sprint 3
https://xpenv.com/assets/index-C48drCrh.js: 260 KB unused (63%) (Performance)
Sprint 2
No privacy policy link detected (Compliance)
Sprint 1
Privacy Policy not detected (Compliance)
Sprint 1
Main HTML cached for 1440 minutes -- risks stale auth / SPA state (Performance)
Sprint 1
1 publicly-accessible JavaScript source map(s) (Security)
Sprint 1
https://xpenv.com/assets/index-C48drCrh.js: 747ms CPU time (Performance)
Sprint 1
3 field(s) would benefit from inputmode attribute (Accessibility)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 368ms CPU time (Performance)
Sprint 1
Login form does not contain a recognizable CSRF token (Security)

…and 17 more recommended item(s)

Browse & Analyze

Learn