Changes

https://xpenv.com

Compared to previous audit · 27 minutes ago View previous audit

New York, United Stated → Sao Paulo, Brazil

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (89)	B (89)	—
Performance	A (94)	A (94)	—
Security	B (86)	B (86)	—
Accessibility	B (83)	B (82)	-1.000
SEO	A+ (97)	A+ (97)	—
Infrastructure	A (94)	A (94)	—
Compliance	D (69)	D (69)	—
Content	A+ (99)	A+ (99)	—
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	6800	6600	-200
Accessibility	9600	9600	—
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9900	9800	-100
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	3.33 s	3.34 s	—
LCP	3.78 s	4.63 s	+848 ms
TBT	518 ms	409 ms	-109 ms
CLS	0.041	0.041	—
Desktop FCP	687 ms	704 ms	+17 ms
Desktop LCP	994 ms	998 ms	—
Desktop TBT	53 ms	42 ms	-11 ms
Desktop CLS	0.003	0.003	—
TTFB †	47 ms	166 ms	+120 ms
DNS †	5 ms	6 ms	+0 ms
TLS †	12 ms	8 ms	-4 ms
Connect †	1 ms	2 ms	+0 ms
Total †	47 ms	167 ms	+119 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL No H1 heading found accessibility

WARNING https://xpenv.com/assets/index-22d4mitO.js: 259 KB unused (64%) performance

WARNING Unattributable: 335ms CPU time performance

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 314ms CPU time performance

WARNING https://xpenv.com/assets/index-22d4mitO.js: 641ms CPU time performance

WARNING No favicon.ico at site root accessibility

WARNING https://xpenv.com/assets/index-Fonr1rK_.js: 786ms CPU time performance

WARNING Unattributable: 405ms CPU time performance

WARNING https://xpenv.com/assets/index-Fonr1rK_.js: 259 KB unused (64%) performance

WARNING Multiple H1 headings (2 found) accessibility

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 436ms CPU time performance

CRITICAL Content-Security-Policy header is missing security

CRITICAL No Content-Security-Policy header found security

CRITICAL Transfer efficiency: 41% sustainability

WARNING Login form does not contain a recognizable CSRF token security

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING Registrar lock is NOT enabled infrastructure

WARNING No privacy policy link detected compliance

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING No Permissions-Policy header security

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING <iframe> missing title attribute (src="") accessibility

WARNING No accessibility statement detected compliance

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING Bare server default 404 page accessibility

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING Permissions-Policy header is missing security

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

WARNING X-Frame-Options header is missing security

WARNING Referrer-Policy header is missing security

cf-cache-status

HIT → DYNAMIC

last-modified

Mon, 25 May 2026 20:17:46 GMT → Mon, 25 May 2026 20:47:42 GMT

16 headers unchanged

Technology stack unchanged

9 technologies unchanged

Looking ahead

+9 pts

B (89) Could reach A+ (98)

Accessibility +18Security +14Compliance +10Sustainability +10Performance +6Infrastructure +4

Estimate — actual results may vary (27 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 89 → 89 0 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

€723 in development time

Investment remaining

€2,217 to complete the remaining items

Ongoing risk

€0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	89 (B)	89 (B)	0
Performance	94 (A)	94 (A)	0
Security	86 (B)	86 (B)	0
Accessibility	83 (B)	82 (B)	-1
SEO	97 (A+)	97 (A+)	0
Infrastructure	94 (A)	94 (A)	0
Compliance	69 (D)	69 (D)	0
Content	99 (A+)	99 (A+)	0
Sustainability	88 (B)	88 (B)	0

Resolved (5)

https://xpenv.com/assets/index-Fonr1rK_.js: 786ms CPU time (Performance)
→ Page loads faster for users
Unattributable: 405ms CPU time (Performance)
→ Page loads faster for users
https://xpenv.com/assets/index-Fonr1rK_.js: 259 KB unused (64%) (Performance)
→ Page loads faster for users
Multiple H1 headings (2 found) (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 436ms CPU time (Performance)
→ Page loads faster for users

Recommended next steps (27)

Sprint 1
No H1 heading found (Accessibility)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
Transfer efficiency: 41% (Sustainability)
Sprint 3
https://xpenv.com/assets/index-22d4mitO.js: 259 KB unused (64%) (Performance)
Sprint 1
Unattributable: 335ms CPU time (Performance)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 314ms CPU time (Performance)
Sprint 1
https://xpenv.com/assets/index-22d4mitO.js: 641ms CPU time (Performance)
Sprint 1
No favicon.ico at site root (Accessibility)
Sprint 1
Login form does not contain a recognizable CSRF token (Security)
Sprint 1
Main HTML cached for 1440 minutes -- risks stale auth / SPA state (Performance)
Sprint 1
Registrar lock is NOT enabled (Infrastructure)
Sprint 2
No privacy policy link detected (Compliance)
Sprint 2
GDPR Article 13 disclosure coverage: 0 / 8 categories (Compliance)
Sprint 1
No Permissions-Policy header (Security)

…and 12 more recommended item(s)

Browse & Analyze

Learn