Changes

https://www.medium.com

Compared to previous audit · 4 weeks ago View previous audit

Madrid, Spain → New York, United Stated

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	C (72)	B (81)	+9.000
Performance	C (75)	B (82)	+7.000
Security	D (65)	B (85)	+20.000
Accessibility	D (68)	C (78)	+10.000
SEO	D (69)	B (82)	+13.000
Infrastructure	A (95)	B (89)	-6.000
Compliance	C (78)	C (70)	-8.000
Content	D (60)	C (73)	+13.000
Sustainability	B (82)	B (83)	+1.000

Metric	Previous	Current	Change
Performance	6800	6900	+100
Accessibility	8900	9100	+200
Best Practices	8100	8100	—
SEO	9200	9200	—
PWA	0	0	—
Desktop Performance	9200	9500	+300
Desktop Accessibility	9000	9200	+200
Desktop Best Practices	7700	7700	—
Desktop SEO	9200	9200	—
FCP	1.63 s	1.86 s	+228 ms
LCP	2.41 s	2.65 s	+241 ms
TBT	2.40 s	1.55 s	-846 ms
CLS	0.001	0.001	—
Desktop FCP	513 ms	667 ms	+154 ms
Desktop LCP	1.38 s	1.01 s	-370 ms
Desktop TBT	170 ms	148 ms	-22 ms
Desktop CLS	0.000	0.000	—
TTFB †	29 ms	90 ms	+62 ms
DNS †	4 ms	31 ms	+26 ms
TLS †	7 ms	22 ms	+15 ms
Connect †	2 ms	16 ms	+15 ms
Total †	29 ms	91 ms	+62 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

Projected vs. Actual

Projected

Actual

Close to projection — 10 points away

20 issues resolved since last audit

37 issues remaining

Resolving remaining issues could reach A

Estimate — actual results may vary

CRITICAL 'unsafe-eval' found in script source security

CRITICAL Both www and non-www versions serve content infrastructure

WARNING No SPF record found security

WARNING https://www.gstatic.com/recaptcha/releases/U5VsmTD...: 175 KB unused (48%) performance

WARNING Unattributable: 252ms CPU time performance

WARNING 1 render-blocking <script src> tag(s) without async/defer performance

WARNING Registrar lock is NOT enabled infrastructure

WARNING frame-ancestors directive is missing security

WARNING Unexpected status code: HTTP 403 accessibility

WARNING https://www.gstatic.com/recaptcha/releases/U5VsmTD...: 629ms CPU time performance

WARNING https://cdn-client.medium.com/lite/static/js/main....: 146 KB unused (59%) performance

WARNING Page weight 1.6 MB exceeds 1 MB target by 604 KB performance

WARNING https://cdn-client.medium.com/lite/static/js/2746....: 1219ms CPU time performance

WARNING https://cdn-client.medium.com/lite/static/js/main....: 512ms CPU time performance

WARNING Third-party scripts: 3362ms (100% of total) performance

WARNING https://cdn-client.medium.com/lite/static/js/2746....: 126 KB unused (49%) performance

CRITICAL 1 non-essential cookie(s) set without consent banner compliance

CRITICAL Content-Security-Policy header is missing security

CRITICAL Domain expires in 8 days infrastructure

CRITICAL No Content-Security-Policy header found security

WARNING https://medium.com/cdn-cgi/challenge-platform/scri...: 341ms CPU time performance

WARNING https://www.gstatic.com/recaptcha/releases/kUYUkUl...: 179 KB unused (49%) performance

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING No Permissions-Policy header security

WARNING https://cdn-client.medium.com/lite/static/js/main....: 147 KB unused (60%) performance

WARNING Referrer-Policy header is missing security

WARNING https://cdn-client.medium.com/lite/static/js/main....: 659ms CPU time performance

WARNING Page weight 1.6 MB exceeds 1 MB target by 590 KB performance

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING https://cdn-client.medium.com/lite/static/js/2746....: 1618ms CPU time performance

WARNING https://www.gstatic.com/recaptcha/releases/kUYUkUl...: 902ms CPU time performance

WARNING Unattributable: 311ms CPU time performance

WARNING Permissions-Policy header is missing security

WARNING https://cdn-client.medium.com/lite/static/js/2746....: 115 KB unused (45%) performance

WARNING Third-party scripts: 4133ms (93% of total) performance

WARNING X-Frame-Options header is missing security

CRITICAL Page has only 47 words — nearly empty seo

CRITICAL Transfer efficiency: 47% sustainability

WARNING No DMARC record found security

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING 35 third-party resources (100% of weight) performance

WARNING No internal links found seo

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING Third-party code accounts for 100% of page weight (1.6 MiB of 1.6 MiB) performance

WARNING Dead-end page — no outgoing internal links seo

WARNING No Open Graph meta tags found content

WARNING Thin content — only 47 words seo

WARNING No <nav> landmark found accessibility

WARNING 2 link(s) open in new tab without warning accessibility

WARNING Manifest is missing `display` -- defaults to browser, no PWA UX accessibility

WARNING No meta description tag found seo

WARNING No canonical tag found seo

WARNING Terms of Service not detected compliance

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING JavaScript is 1.4 MB — consider code splitting or lazy loading performance

WARNING Title is only 16 characters — consider expanding seo

WARNING No accessibility statement detected compliance

+ content-security-policy default-src 'none'; script-src 'nonce-1CMCrLq4MCsrpaLI2aUbw8' 'unsafe-eval' h...

+ critical-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, ...

+ referrer-policy same-origin

+ cross-origin-resource-policy same-origin

+ permissions-policy accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-wri...

+ cross-origin-opener-policy same-origin

+ accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, ...

+ cross-origin-embedder-policy require-corp

+ x-frame-options SAMEORIGIN

+ cf-mitigated challenge

+ origin-agent-cluster ?1

− vary Accept-Encoding

− location https://medium.com/

− set-cookie _cfuvid=c7d_FkqmXwT8tQbJXsA3RnUcFwX2lxRCR1jrCLN4mWI-1775318892487-0.0.1.1-604...

− content-length 167

− cache-control max-age=3600

− expires Sat, 04 Apr 2026 17:08:12 GMT

content-type

text/html → text/html; charset=UTF-8

4 headers unchanged

Technology stack unchanged

7 technologies unchanged

Looking ahead

+15 pts

B (81) Could reach A (96)

Performance +18SEO +18Accessibility +16Security +15Infrastructure +11Compliance +10Sustainability +10Content +4

Estimate — actual results may vary (37 issues to fix)

Website improvement report — Medium

April 4, 2026 → May 9, 2026

C B 72 → 81 +9 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$4,650 in development time

Investment remaining

$8,558 to complete the remaining items

Ongoing risk

$12,500/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	72 (C)	81 (B)	+9
Performance	75 (C)	82 (B)	+7
Security	65 (D)	85 (B)	+20
Accessibility	68 (D)	78 (C)	+10
SEO	69 (D)	82 (B)	+13
Infrastructure	95 (A)	89 (B)	-6
Compliance	78 (C)	70 (C)	-8
Content	60 (D)	73 (C)	+13
Sustainability	82 (B)	83 (B)	+1

Resolved (20)

https://medium.com/cdn-cgi/challenge-platform/scri...: 341ms CPU time (Performance)
→ Page loads faster for users
https://www.gstatic.com/recaptcha/releases/kUYUkUl...: 179 KB unused (49%) (Performance)
→ Page loads faster for users
1 non-essential cookie(s) set without consent banner (Compliance)
→ Reduced regulatory exposure
Cross-Origin-Embedder-Policy header is missing (Security)
→ Reduced attack surface for visitors
No Permissions-Policy header (Security)
→ Reduced attack surface for visitors
https://cdn-client.medium.com/lite/static/js/main....: 147 KB unused (60%) (Performance)
→ Page loads faster for users
Referrer-Policy header is missing (Security)
→ Reduced attack surface for visitors
https://cdn-client.medium.com/lite/static/js/main....: 659ms CPU time (Performance)
→ Page loads faster for users
Page weight 1.6 MB exceeds 1 MB target by 590 KB (Performance)
→ Page loads faster for users
Content-Security-Policy header is missing (Security)
→ Reduced attack surface for visitors
Cross-Origin-Opener-Policy header is missing (Security)
→ Reduced attack surface for visitors
https://cdn-client.medium.com/lite/static/js/2746....: 1618ms CPU time (Performance)
→ Page loads faster for users
https://www.gstatic.com/recaptcha/releases/kUYUkUl...: 902ms CPU time (Performance)
→ Page loads faster for users
Unattributable: 311ms CPU time (Performance)
→ Page loads faster for users
Permissions-Policy header is missing (Security)
→ Reduced attack surface for visitors

…and 5 more resolved issue(s)

Recommended next steps (37)

Sprint 3
'unsafe-eval' found in script source (Security)
Sprint 1
Both www and non-www versions serve content (Infrastructure)
Sprint 3
Page has only 47 words — nearly empty (SEO)
Sprint 1
Transfer efficiency: 47% (Sustainability)
Sprint 1
No SPF record found (Security)
Sprint 3
https://www.gstatic.com/recaptcha/releases/U5VsmTD...: 175 KB unused (48%) (Performance)
Sprint 1
Unattributable: 252ms CPU time (Performance)
Sprint 2
1 render-blocking <script src> tag(s) without async/defer (Performance)
Sprint 1
Registrar lock is NOT enabled (Infrastructure)
Sprint 1
frame-ancestors directive is missing (Security)
Sprint 2
Unexpected status code: HTTP 403 (Accessibility)
Sprint 1
https://www.gstatic.com/recaptcha/releases/U5VsmTD...: 629ms CPU time (Performance)
Sprint 3
https://cdn-client.medium.com/lite/static/js/main....: 146 KB unused (59%) (Performance)
Sprint 2
Page weight 1.6 MB exceeds 1 MB target by 604 KB (Performance)
Sprint 1
https://cdn-client.medium.com/lite/static/js/2746....: 1219ms CPU time (Performance)

…and 22 more recommended item(s)

Browse & Analyze

Learn