Changes

https://xpenv.com

Compared to previous audit · 12 hours ago View previous audit

New York, United Stated → Madrid, Spain

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (84)	B (87)	+3.000
Performance	A (94)	A (94)	—
Security	C (77)	B (85)	+8.000
Accessibility	B (83)	B (81)	-2.000
SEO	B (85)	A+ (97)	+12.000
Infrastructure	A (90)	B (87)	-3.000
Compliance	C (70)	D (69)	-1.000
Content	C (76)	A+ (98)	+22.000
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	7700	7300	-400
Accessibility	9100	9100	—
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9900	9900	—
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	3.02 s	3.32 s	+294 ms
LCP	3.62 s	3.62 s	—
TBT	327 ms	393 ms	+66 ms
CLS	0.056	0.056	—
Desktop FCP	686 ms	689 ms	—
Desktop LCP	977 ms	990 ms	+13 ms
Desktop TBT	13 ms	45 ms	+32 ms
Desktop CLS	0.002	0.002	—
TTFB †	119 ms	271 ms	+152 ms
DNS †	52 ms	87 ms	+35 ms
TLS †	22 ms	10 ms	-12 ms
Connect †	17 ms	1 ms	-16 ms
Total †	119 ms	271 ms	+152 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL No H1 heading found accessibility

CRITICAL Transfer efficiency: 41% sustainability

CRITICAL 1 link(s) with no accessible text accessibility

CRITICAL Broken link: https://xpenv.com/cdn-cgi/content?id=6ONA1.qn1LItpSGExzVI... content

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 296ms CPU time performance

WARNING 1 internal links have no anchor text seo

WARNING Login form does not contain a recognizable CSRF token security

WARNING <iframe> missing title attribute (src="") accessibility

WARNING https://xpenv.com/assets/index-CgOUFYGR.js: 604ms CPU time performance

WARNING https://xpenv.com/: 352ms CPU time performance

WARNING No privacy policy link detected compliance

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

WARNING Unattributable: 425ms CPU time performance

WARNING 10 of 11 links are healthy content

WARNING IPv6 DNS records exist but server is not reachable infrastructure

CRITICAL Page has only 47 words — nearly empty seo

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security

CRITICAL Transfer efficiency: 40% sustainability

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

WARNING No <nav> landmark found accessibility

WARNING No canonical tag found seo

WARNING Title is only 16 characters — consider expanding seo

WARNING 2 link(s) open in new tab without warning accessibility

WARNING https://xpenv.com/assets/index-CgOUFYGR.js: 444ms CPU time performance

WARNING Thin content — only 47 words seo

WARNING Terms of Service not detected compliance

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING No internal links found seo

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING No meta description tag found seo

WARNING DNSSEC keys published but parent zone has no DS record infrastructure

WARNING No Open Graph meta tags found content

WARNING Dead-end page — no outgoing internal links seo

CRITICAL Content-Security-Policy header is missing security

CRITICAL No Content-Security-Policy header found security

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING DMARC policy is none — monitoring only security

WARNING No Permissions-Policy header security

WARNING Permissions-Policy header is missing security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING Registrar lock is NOT enabled infrastructure

WARNING Bare server default 404 page accessibility

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING No favicon.ico at site root accessibility

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING X-Frame-Options header is missing security

WARNING Referrer-Policy header is missing security

WARNING https://xpenv.com/assets/index-CgOUFYGR.js: 260 KB unused (64%) performance

WARNING No accessibility statement detected compliance

WARNING No SPF record found security

cf-cache-status

HIT → EXPIRED

last-modified

Thu, 28 May 2026 02:39:10 GMT → Thu, 28 May 2026 02:38:56 GMT

16 headers unchanged

+ Open Graph Miscellaneous

+ React JavaScript frameworks

+ React Router JavaScript frameworks v7.15.0

+ Bootstrap Framework

− AngularJS JavaScript frameworks

− Cloudflare Turnstile Security

4 technologies unchanged

Looking ahead

+11 pts

B (87) Could reach A+ (98)

Accessibility +19Security +15Compliance +10Sustainability +10Infrastructure +8Performance +6SEO +3Content +2

Estimate — actual results may vary (35 issues to fix)

Website improvement report — Xpenv

May 28, 2026 → May 28, 2026

B B 84 → 87 +3 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

€1,743 in development time

Investment remaining

€2,515 to complete the remaining items

Ongoing risk

€0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	84 (B)	87 (B)	+3
Performance	94 (A)	94 (A)	0
Security	77 (C)	85 (B)	+8
Accessibility	83 (B)	81 (B)	-2
SEO	85 (B)	97 (A+)	+12
Infrastructure	90 (A)	87 (B)	-3
Compliance	70 (C)	69 (D)	-1
Content	76 (C)	98 (A+)	+22
Sustainability	88 (B)	88 (B)	0

Resolved (18)

Page has only 47 words — nearly empty (SEO)
→ Better search engine visibility
SRI adoption: 0/1 third-party resources protected (0%) (Security)
→ Reduced attack surface for visitors
No <nav> landmark found (Accessibility)
→ Improved usability for assistive technology users
No canonical tag found (SEO)
→ Better search engine visibility
Title is only 16 characters — consider expanding (SEO)
→ Better search engine visibility
Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
→ Reduced attack surface for visitors
2 link(s) open in new tab without warning (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/assets/index-CgOUFYGR.js: 444ms CPU time (Performance)
→ Page loads faster for users
Thin content — only 47 words (SEO)
→ Better search engine visibility
Terms of Service not detected (Compliance)
→ Reduced regulatory exposure
Transfer efficiency: 40% (Sustainability)
→ Lower carbon footprint per page view
Skip navigation link is missing (WCAG 2.4.1) (Accessibility)
→ Improved usability for assistive technology users
No internal links found (SEO)
→ Better search engine visibility
External script from challenges.cloudflare.com lacks integrity attribute (Security)
→ Reduced attack surface for visitors
No meta description tag found (SEO)
→ Better search engine visibility

…and 3 more resolved issue(s)

Recommended next steps (35)

Sprint 1
No H1 heading found (Accessibility)
Sprint 1
Transfer efficiency: 41% (Sustainability)
Sprint 1
1 link(s) with no accessible text (Accessibility)
Sprint 1
Broken link: https://xpenv.com/cdn-cgi/content?id=6ONA1.qn1LItpSGExzVI... (Content)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
3 field(s) would benefit from inputmode attribute (Accessibility)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 296ms CPU time (Performance)
Sprint 1
1 internal links have no anchor text (SEO)
Sprint 1
Login form does not contain a recognizable CSRF token (Security)
Sprint 1
<iframe> missing title attribute (src="") (Accessibility)
Sprint 1
https://xpenv.com/assets/index-CgOUFYGR.js: 604ms CPU time (Performance)
Sprint 1
https://xpenv.com/: 352ms CPU time (Performance)
Sprint 2
No privacy policy link detected (Compliance)
Sprint 1
3 field(s) missing recommended autocomplete attribute (Accessibility)

…and 20 more recommended item(s)

Browse & Analyze

Learn