Changes

https://xpenv.com

Compared to previous audit · 4 minutes ago View previous audit

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (85)	B (85)	—
Performance	A (94)	A (94)	—
Security	C (79)	C (79)	—
Accessibility	B (84)	B (84)	—
SEO	B (85)	B (85)	—
Infrastructure	A (94)	A (94)	—
Compliance	C (70)	C (70)	—
Content	C (76)	C (76)	—
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	7600	7400	-200
Accessibility	9600	9600	—
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9900	9900	—
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	3.03 s	3.03 s	—
LCP	3.70 s	3.69 s	—
TBT	337 ms	395 ms	+58 ms
CLS	0.041	0.041	—
Desktop FCP	686 ms	686 ms	—
Desktop LCP	766 ms	979 ms	+213 ms
Desktop TBT	18 ms	17 ms	-1 ms
Desktop CLS	0.003	0.003	—
TTFB †	146 ms	116 ms	-30 ms
DNS †	33 ms	1 ms	-32 ms
TLS †	22 ms	22 ms	-0 ms
Connect †	16 ms	17 ms	+0 ms
Total †	146 ms	117 ms	-30 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

WARNING https://xpenv.com/assets/index-CW5Uzupm.js: 504ms CPU time performance

WARNING 1 render-blocking <script src> tag(s) without async/defer performance

WARNING Unattributable: 320ms CPU time performance

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 266ms CPU time performance

WARNING https://xpenv.com/assets/index-CW5Uzupm.js: 420ms CPU time performance

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 283ms CPU time performance

CRITICAL Page has only 47 words — nearly empty seo

CRITICAL Transfer efficiency: 42% sustainability

CRITICAL Content-Security-Policy header is missing security

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security

CRITICAL No Content-Security-Policy header found security

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Referrer-Policy header is missing security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING No Permissions-Policy header security

WARNING No canonical tag found seo

WARNING Thin content — only 47 words seo

WARNING Terms of Service not detected compliance

WARNING Title is only 16 characters — consider expanding seo

WARNING Dead-end page — no outgoing internal links seo

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING No accessibility statement detected compliance

WARNING No Open Graph meta tags found content

WARNING No meta description tag found seo

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING No internal links found seo

WARNING X-Frame-Options header is missing security

WARNING Permissions-Policy header is missing security

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

WARNING No <nav> landmark found accessibility

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING 2 link(s) open in new tab without warning accessibility

WARNING Bare server default 404 page accessibility

WARNING https://xpenv.com/assets/index-CW5Uzupm.js: 260 KB unused (63%) performance

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING Registrar lock is NOT enabled infrastructure

x-ipfs-roots

bafybeif7kvmno4d6kstmyxyctrfwa4prdsyhjpg5lpfg3zztaf27mkiulm → bafybeiajpaosqb5ncxxrbgnghuxm3breuerfx3yc2ptxxrxhadrnzhclce

last-modified

Mon, 25 May 2026 03:45:22 GMT → Mon, 25 May 2026 04:37:27 GMT

16 headers unchanged

Technology stack unchanged

6 technologies unchanged

Looking ahead

+12 pts

B (85) Could reach A+ (97)

Security +21SEO +15Accessibility +13Compliance +10Sustainability +10Performance +6Content +4Infrastructure +4

Estimate — actual results may vary (36 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 85 → 85 0 pts

Resolved

New issues

Still remaining

Financial summary

Investment remaining

$4,317 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After
Overall score	85 (B)	85 (B)
Performance	94 (A)	94 (A)
Security	79 (C)	79 (C)
Accessibility	84 (B)	84 (B)
SEO	85 (B)	85 (B)
Infrastructure	94 (A)	94 (A)
Compliance	70 (C)	70 (C)
Content	76 (C)	76 (C)
Sustainability	88 (B)	88 (B)

Resolved (2)

https://xpenv.com/assets/index-CW5Uzupm.js: 420ms CPU time (Performance)
→ Page loads faster for users
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 283ms CPU time (Performance)
→ Page loads faster for users

Recommended next steps (36)

Sprint 3
Page has only 47 words — nearly empty (SEO)
Sprint 1
Transfer efficiency: 42% (Sustainability)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 1
Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
https://xpenv.com/assets/index-CW5Uzupm.js: 504ms CPU time (Performance)
Sprint 2
1 render-blocking <script src> tag(s) without async/defer (Performance)
Sprint 1
Unattributable: 320ms CPU time (Performance)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 266ms CPU time (Performance)
Sprint 1
Skip navigation link is missing (WCAG 2.4.1) (Accessibility)
Sprint 2
GDPR Article 13 disclosure coverage: 0 / 8 categories (Compliance)
Sprint 1
Referrer-Policy header is missing (Security)
Sprint 1
Cross-Origin-Opener-Policy header is missing (Security)
Sprint 1
Permissions-Policy header not set -- features default to allow-on-same-origin (Security)
Sprint 1
No Permissions-Policy header (Security)

…and 21 more recommended item(s)

Browse & Analyze

Learn