Changes

https://xpenv.com

Compared to previous audit · 3 hours ago View previous audit

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (86)	B (86)	—
Performance	A+ (97)	A+ (98)	+1.000
Security	C (79)	C (79)	—
Accessibility	B (84)	B (84)	—
SEO	B (85)	B (85)	—
Infrastructure	A (93)	A (94)	+1.000
Compliance	C (70)	C (70)	—
Content	C (76)	C (76)	—
Sustainability	A+ (98)	A+ (98)	—

Metric	Previous	Current	Change
Performance	9100	9100	—
Accessibility	9500	9500	—
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9800	9800	—
Desktop Accessibility	9500	9500	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	927 ms	925 ms	—
LCP	1.56 s	1.56 s	—
TBT	87 ms	59 ms	-28 ms
CLS	0.000	0.000	—
Desktop FCP	330 ms	329 ms	—
Desktop LCP	454 ms	451 ms	—
Desktop TBT	0 ms	0 ms	—
Desktop CLS	0.000	0.000	—
TTFB †	124 ms	120 ms	-3 ms
DNS †	51 ms	47 ms	-4 ms
TLS †	24 ms	25 ms	+0 ms
Connect †	17 ms	17 ms	-0 ms
Total †	124 ms	121 ms	-3 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

WARNING 1 render-blocking <script src> tag(s) without async/defer performance

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 283ms CPU time performance

CRITICAL Content-Security-Policy header is missing security

CRITICAL Page has only 47 words — nearly empty seo

CRITICAL No Content-Security-Policy header found security

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING Bare server default 404 page accessibility

WARNING No meta description tag found seo

WARNING No Permissions-Policy header security

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING Title is only 16 characters — consider expanding seo

WARNING Dead-end page — no outgoing internal links seo

WARNING No accessibility statement detected compliance

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING Thin content — only 47 words seo

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING No <nav> landmark found accessibility

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING Registrar lock is NOT enabled infrastructure

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING X-Frame-Options header is missing security

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

WARNING No Open Graph meta tags found content

WARNING Referrer-Policy header is missing security

WARNING Permissions-Policy header is missing security

WARNING 2 link(s) open in new tab without warning accessibility

WARNING No canonical tag found seo

WARNING No internal links found seo

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Terms of Service not detected compliance

HTTP headers unchanged

18 headers unchanged

Technology stack unchanged

6 technologies unchanged

Looking ahead

+11 pts

B (86) Could reach A+ (97)

Security +21SEO +15Accessibility +13Compliance +10Content +4Infrastructure +4Performance +2

Estimate — actual results may vary (31 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 86 → 86 0 pts

Resolved

New issues

Still remaining

Financial summary

Investment remaining

$3,517 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	86 (B)	86 (B)	0
Performance	97 (A+)	98 (A+)	+1
Security	79 (C)	79 (C)	0
Accessibility	84 (B)	84 (B)	0
SEO	85 (B)	85 (B)	0
Infrastructure	93 (A)	94 (A)	+1
Compliance	70 (C)	70 (C)	0
Content	76 (C)	76 (C)	0
Sustainability	98 (A+)	98 (A+)	0

Resolved (1)

https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 283ms CPU time (Performance)
→ Page loads faster for users

Recommended next steps (31)

Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 3
Page has only 47 words — nearly empty (SEO)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
Sprint 2
1 render-blocking <script src> tag(s) without async/defer (Performance)
Sprint 1
External script from challenges.cloudflare.com lacks integrity attribute (Security)
Sprint 1
Bare server default 404 page (Accessibility)
Sprint 1
No meta description tag found (SEO)
Sprint 1
No Permissions-Policy header (Security)
Sprint 1
Main HTML cached for 1440 minutes -- risks stale auth / SPA state (Performance)
Sprint 1
Title is only 16 characters — consider expanding (SEO)
Sprint 1
Dead-end page — no outgoing internal links (SEO)
Sprint 1
No accessibility statement detected (Compliance)
Sprint 2
Cross-Origin-Embedder-Policy header is missing (Security)
Sprint 3
Thin content — only 47 words (SEO)

…and 16 more recommended item(s)

Browse & Analyze

Learn