Skip to content

Changes

https://xpenv.com
Compared to previous audit · 3 hours ago View previous audit
1
New issues
1
Resolved
8
score changes
CategoryPreviousCurrentChange
CompositeB (86)B (86)
PerformanceA+ (97)A+ (98) +1.000
SecurityC (79)C (79)
AccessibilityB (84)B (84)
SEOB (85)B (85)
InfrastructureA (93)A (94) +1.000
ComplianceC (70)C (70)
ContentC (76)C (76)
SustainabilityA+ (98)A+ (98)
MetricPreviousCurrentChange
Performance 91009100
Accessibility 95009500
Best Practices 73007300
SEO 1000010000
PWA 00
Desktop Performance 98009800
Desktop Accessibility 95009500
Desktop Best Practices 73007300
Desktop SEO 1000010000
FCP 927 ms925 ms
LCP 1.56 s1.56 s
TBT 87 ms59 ms -28 ms
CLS 0.0000.000
Desktop FCP 330 ms329 ms
Desktop LCP 454 ms451 ms
Desktop TBT 0 ms0 ms
Desktop CLS 0.0000.000
TTFB 124 ms120 ms -3 ms
DNS 51 ms47 ms -4 ms
TLS 24 ms25 ms +0 ms
Connect 17 ms17 ms -0 ms
Total 124 ms121 ms -3 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

WARNING 1 render-blocking <script src> tag(s) without async/defer performance
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 283ms CPU time performance
CRITICAL Page has only 47 words — nearly empty seo
CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security
CRITICAL Content-Security-Policy header is missing security
CRITICAL No Content-Security-Policy header found security
WARNING SRI adoption: 0/1 third-party resources protected (0%) security
WARNING Bare server default 404 page accessibility
WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance
WARNING No accessibility statement detected compliance
WARNING X-Frame-Options header is missing security
WARNING No <nav> landmark found accessibility
WARNING No Permissions-Policy header security
WARNING Permissions-Policy header is missing security
WARNING Registrar lock is NOT enabled infrastructure
WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security
WARNING Referrer-Policy header is missing security
WARNING 2 link(s) open in new tab without warning accessibility
WARNING No canonical tag found seo
WARNING Title is only 16 characters — consider expanding seo
WARNING No meta description tag found seo
WARNING Cross-Origin-Embedder-Policy header is missing security
WARNING External script from challenges.cloudflare.com lacks integrity attribute security
WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility
WARNING No internal links found seo
WARNING Dead-end page — no outgoing internal links seo
WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance
WARNING Terms of Service not detected compliance
WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security
WARNING No Open Graph meta tags found content
WARNING Cross-Origin-Opener-Policy header is missing security
WARNING Thin content — only 47 words seo

HTTP headers unchanged

18 headers unchanged

Technology stack unchanged

6 technologies unchanged

Looking ahead

+11 pts
B (86) Could reach A+ (97)
Security +21SEO +15Accessibility +13Compliance +10Content +4Infrastructure +4Performance +2

Estimate — actual results may vary (31 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 86 → 86 0 pts

1

Resolved

1

New issues

30

Still remaining

Financial summary

Investment remaining

$3,517 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

MetricBeforeAfterChange
Overall score86 (B)86 (B)0
Performance97 (A+)98 (A+)+1
Security79 (C)79 (C)0
Accessibility84 (B)84 (B)0
SEO85 (B)85 (B)0
Infrastructure93 (A)94 (A)+1
Compliance70 (C)70 (C)0
Content76 (C)76 (C)0
Sustainability98 (A+)98 (A+)0

Resolved (1)

  • https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 283ms CPU time (Performance)

    → Page loads faster for users

Recommended next steps (31)

  • Sprint 3

    Page has only 47 words — nearly empty (SEO)

  • Sprint 1

    Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)

  • Sprint 2

    Content-Security-Policy header is missing (Security)

  • Sprint 2

    No Content-Security-Policy header found (Security)

  • Sprint 2

    1 render-blocking <script src> tag(s) without async/defer (Performance)

  • Sprint 1

    SRI adoption: 0/1 third-party resources protected (0%) (Security)

  • Sprint 1

    Bare server default 404 page (Accessibility)

  • Sprint 1

    Main HTML cached for 1440 minutes -- risks stale auth / SPA state (Performance)

  • Sprint 1

    No accessibility statement detected (Compliance)

  • Sprint 1

    X-Frame-Options header is missing (Security)

  • Sprint 1

    No <nav> landmark found (Accessibility)

  • Sprint 1

    No Permissions-Policy header (Security)

  • Sprint 1

    Permissions-Policy header is missing (Security)

  • Sprint 1

    Registrar lock is NOT enabled (Infrastructure)

  • Sprint 1

    HSTS max-age is too short (15552000s, should be ≥ 31536000s) (Security)

…and 16 more recommended item(s)

Send Feedback