Changes

https://xpenv.com

Compared to previous audit · 25 minutes ago View previous audit

Sao Paulo, Brazil → Madrid, Spain

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (86)	B (88)	+2.000
Performance	A+ (98)	A (94)	-4.000
Security	C (79)	B (86)	+7.000
Accessibility	B (84)	B (83)	-1.000
SEO	B (85)	A+ (97)	+12.000
Infrastructure	A (94)	B (88)	-6.000
Compliance	C (70)	D (63)	-7.000
Content	C (76)	A+ (99)	+23.000
Sustainability	A+ (98)	B (88)	-10.000

Metric	Previous	Current	Change
Performance	9100	7000	-2100
Accessibility	9500	9600	+100
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9800	9800	—
Desktop Accessibility	9500	10000	+500
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	925 ms	3.31 s	+2.39 s
LCP	1.56 s	3.76 s	+2.21 s
TBT	59 ms	474 ms	+415 ms
CLS	0.000	0.041	+0.041
Desktop FCP	329 ms	721 ms	+392 ms
Desktop LCP	451 ms	1.03 s	+582 ms
Desktop TBT	0 ms	67 ms	+67 ms
Desktop CLS	0.000	0.003	+0.003
TTFB †	120 ms	254 ms	+134 ms
DNS †	47 ms	7 ms	-40 ms
TLS †	25 ms	13 ms	-12 ms
Connect †	17 ms	1 ms	-15 ms
Total †	121 ms	255 ms	+135 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Transfer efficiency: 40% sustainability

WARNING Heading level skipped: H1 → H3 (missing H2) accessibility

WARNING https://xpenv.com/assets/index-DOmoDQ3W.js: 259 KB unused (64%) performance

WARNING Login form does not contain a recognizable CSRF token security

WARNING Unattributable: 420ms CPU time performance

WARNING No privacy policy link detected compliance

WARNING Privacy Policy not detected compliance

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING https://xpenv.com/assets/index-DOmoDQ3W.js: 724ms CPU time performance

WARNING <iframe> missing title attribute (src="") accessibility

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 372ms CPU time performance

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

WARNING IPv6 DNS records exist but server is not reachable infrastructure

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security

CRITICAL Page has only 47 words — nearly empty seo

WARNING No <nav> landmark found accessibility

WARNING 2 link(s) open in new tab without warning accessibility

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING Title is only 16 characters — consider expanding seo

WARNING No canonical tag found seo

WARNING Thin content — only 47 words seo

WARNING Dead-end page — no outgoing internal links seo

WARNING No Open Graph meta tags found content

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

WARNING No meta description tag found seo

WARNING No internal links found seo

CRITICAL No Content-Security-Policy header found security

CRITICAL Content-Security-Policy header is missing security

WARNING No accessibility statement detected compliance

WARNING X-Frame-Options header is missing security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING Bare server default 404 page accessibility

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Terms of Service not detected compliance

WARNING Registrar lock is NOT enabled infrastructure

WARNING Permissions-Policy header is missing security

WARNING No Permissions-Policy header security

WARNING Referrer-Policy header is missing security

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

last-modified

Mon, 25 May 2026 04:37:27 GMT → Mon, 25 May 2026 19:49:04 GMT

cf-cache-status

HIT → DYNAMIC

x-ipfs-roots

bafybeiajpaosqb5ncxxrbgnghuxm3breuerfx3yc2ptxxrxhadrnzhclce → bafybeiguutozshk2xik76pt322ipq7yfryjlfd2i4o654mqogryinx2yfy

15 headers unchanged

+ Bootstrap Framework

+ React JavaScript frameworks

+ Open Graph Miscellaneous

+ PWA Miscellaneous

+ React Router JavaScript frameworks v7.15.0

− AngularJS JavaScript frameworks

− Cloudflare Turnstile Security

4 technologies unchanged

Looking ahead

+9 pts

B (88) Could reach A+ (97)

Accessibility +16Compliance +16Security +14Sustainability +10Infrastructure +8Performance +6

Estimate — actual results may vary (29 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 86 → 88 +2 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$2,000 in development time

Investment remaining

$2,775 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	86 (B)	88 (B)	+2
Performance	98 (A+)	94 (A)	-4
Security	79 (C)	86 (B)	+7
Accessibility	84 (B)	83 (B)	-1
SEO	85 (B)	97 (A+)	+12
Infrastructure	94 (A)	88 (B)	-6
Compliance	70 (C)	63 (D)	-7
Content	76 (C)	99 (A+)	+23
Sustainability	98 (A+)	88 (B)	-10

Resolved (14)

Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
→ Reduced attack surface for visitors
No <nav> landmark found (Accessibility)
→ Improved usability for assistive technology users
2 link(s) open in new tab without warning (Accessibility)
→ Improved usability for assistive technology users
External script from challenges.cloudflare.com lacks integrity attribute (Security)
→ Reduced attack surface for visitors
Skip navigation link is missing (WCAG 2.4.1) (Accessibility)
→ Improved usability for assistive technology users
Title is only 16 characters — consider expanding (SEO)
→ Better search engine visibility
No canonical tag found (SEO)
→ Better search engine visibility
Page has only 47 words — nearly empty (SEO)
→ Better search engine visibility
Thin content — only 47 words (SEO)
→ Better search engine visibility
Dead-end page — no outgoing internal links (SEO)
→ Better search engine visibility
No Open Graph meta tags found (Content)
→ Stronger social sharing and on-page quality
SRI adoption: 0/1 third-party resources protected (0%) (Security)
→ Reduced attack surface for visitors
No meta description tag found (SEO)
→ Better search engine visibility
No internal links found (SEO)
→ Better search engine visibility

Recommended next steps (29)

Sprint 1
Transfer efficiency: 40% (Sustainability)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 2
Heading level skipped: H1 → H3 (missing H2) (Accessibility)
Sprint 3
https://xpenv.com/assets/index-DOmoDQ3W.js: 259 KB unused (64%) (Performance)
Sprint 1
Login form does not contain a recognizable CSRF token (Security)
Sprint 1
Unattributable: 420ms CPU time (Performance)
Sprint 2
No privacy policy link detected (Compliance)
Sprint 1
Privacy Policy not detected (Compliance)
Sprint 1
3 field(s) would benefit from inputmode attribute (Accessibility)
Sprint 1
https://xpenv.com/assets/index-DOmoDQ3W.js: 724ms CPU time (Performance)
Sprint 1
<iframe> missing title attribute (src="") (Accessibility)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 372ms CPU time (Performance)
Sprint 1
3 field(s) missing recommended autocomplete attribute (Accessibility)
Sprint 2
IPv6 DNS records exist but server is not reachable (Infrastructure)

…and 14 more recommended item(s)

Browse & Analyze

Learn