Skip to content

Changes

https://xpenv.com
Compared to previous audit · 1 hour ago View previous audit

Sao Paulo, Brazil New York, United Stated

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

4
New issues
4
Resolved
15
score changes
CategoryPreviousCurrentChange
CompositeB (89)B (88) -1.000
PerformanceA (94)A (94)
SecurityB (86)B (86)
AccessibilityB (82)B (83) +1.000
SEOA+ (97)A+ (97)
InfrastructureA (94)A (91) -3.000
ComplianceD (69)D (69)
ContentA+ (99)A+ (99)
SustainabilityB (88)B (88)
MetricPreviousCurrentChange
Performance 66006900 +300
Accessibility 96009600
Best Practices 73007300
SEO 1000010000
PWA 00
Desktop Performance 98009900 +100
Desktop Accessibility 1000010000
Desktop Best Practices 73007300
Desktop SEO 1000010000
FCP 3.32 s3.32 s
LCP 4.61 s3.77 s -846 ms
TBT 417 ms504 ms +87 ms
CLS 0.0410.041
Desktop FCP 742 ms684 ms -58 ms
Desktop LCP 1.03 s983 ms -49 ms
Desktop TBT 47 ms50 ms +3 ms
Desktop CLS 0.0030.003
TTFB 34 ms259 ms +225 ms
DNS 4 ms12 ms +9 ms
TLS 9 ms10 ms +1 ms
Connect 1 ms2 ms +0 ms
Total 34 ms260 ms +225 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

WARNING https://xpenv.com/assets/index-22d4mitO.js: 739ms CPU time performance
WARNING Unattributable: 420ms CPU time performance
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 400ms CPU time performance
WARNING https://xpenv.com/: 284ms CPU time performance
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 355ms CPU time performance
WARNING No favicon.ico at site root accessibility
WARNING https://xpenv.com/assets/index-22d4mitO.js: 633ms CPU time performance
WARNING Unattributable: 331ms CPU time performance
CRITICAL No H1 heading found accessibility
CRITICAL Transfer efficiency: 41% sustainability
CRITICAL Content-Security-Policy header is missing security
CRITICAL No Content-Security-Policy header found security
WARNING 3 field(s) missing recommended autocomplete attribute accessibility
WARNING Registrar lock is NOT enabled infrastructure
WARNING X-Frame-Options header is missing security
WARNING Bare server default 404 page accessibility
WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance
WARNING No privacy policy link detected compliance
WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security
WARNING Permissions-Policy header is missing security
WARNING Cross-Origin-Embedder-Policy header is missing security
WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security
WARNING 3 field(s) would benefit from inputmode attribute accessibility
WARNING https://xpenv.com/assets/index-22d4mitO.js: 259 KB unused (64%) performance
WARNING Referrer-Policy header is missing security
WARNING Cross-Origin-Opener-Policy header is missing security
WARNING No Permissions-Policy header security
WARNING <iframe> missing title attribute (src="") accessibility
WARNING No accessibility statement detected compliance
WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance
WARNING Login form does not contain a recognizable CSRF token security
last-modified
Mon, 25 May 2026 21:08:42 GMT Mon, 25 May 2026 21:05:22 GMT
cf-cache-status
HIT EXPIRED

16 headers unchanged

PWA Miscellaneous

8 technologies unchanged

Looking ahead

+9 pts
B (88) Could reach A+ (97)
Accessibility +17Security +14Compliance +10Sustainability +10Performance +6Infrastructure +4

Estimate — actual results may vary (27 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 26, 2026

B B 89 → 88 -1 pts

4

Resolved

4

New issues

23

Still remaining

Financial summary

Investment delivered

€14 in development time

Investment remaining

€2,203 to complete the remaining items

Ongoing risk

€0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

MetricBeforeAfterChange
Overall score89 (B)88 (B)-1
Performance94 (A)94 (A)0
Security86 (B)86 (B)0
Accessibility82 (B)83 (B)+1
SEO97 (A+)97 (A+)0
Infrastructure94 (A)91 (A)-3
Compliance69 (D)69 (D)0
Content99 (A+)99 (A+)0
Sustainability88 (B)88 (B)0

Resolved (4)

  • https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 355ms CPU time (Performance)

    → Page loads faster for users

  • No favicon.ico at site root (Accessibility)

    → Improved usability for assistive technology users

  • https://xpenv.com/assets/index-22d4mitO.js: 633ms CPU time (Performance)

    → Page loads faster for users

  • Unattributable: 331ms CPU time (Performance)

    → Page loads faster for users

Recommended next steps (27)

  • Sprint 1

    No H1 heading found (Accessibility)

  • Sprint 1

    Transfer efficiency: 41% (Sustainability)

  • Sprint 2

    Content-Security-Policy header is missing (Security)

  • Sprint 2

    No Content-Security-Policy header found (Security)

  • Sprint 1

    https://xpenv.com/assets/index-22d4mitO.js: 739ms CPU time (Performance)

  • Sprint 1

    Unattributable: 420ms CPU time (Performance)

  • Sprint 1

    https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 400ms CPU time (Performance)

  • Sprint 1

    https://xpenv.com/: 284ms CPU time (Performance)

  • Sprint 1

    3 field(s) missing recommended autocomplete attribute (Accessibility)

  • Sprint 1

    Registrar lock is NOT enabled (Infrastructure)

  • Sprint 1

    X-Frame-Options header is missing (Security)

  • Sprint 1

    Bare server default 404 page (Accessibility)

  • Sprint 1

    Main HTML cached for 1440 minutes -- risks stale auth / SPA state (Performance)

  • Sprint 2

    No privacy policy link detected (Compliance)

  • Sprint 1

    HSTS max-age is too short (15552000s, should be ≥ 31536000s) (Security)

…and 12 more recommended item(s)

Send Feedback