Changes
Singapore, Singapore → Madrid, Spain
These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.
| Category | Previous | Current | Change |
|---|---|---|---|
| Composite | B (84) | B (88) | +4.000 |
| Performance | A (92) | A (92) | — |
| Security | C (79) | B (86) | +7.000 |
| Accessibility | B (83) | C (79) | -4.000 |
| SEO | B (85) | A+ (97) | +12.000 |
| Infrastructure | A (94) | A (94) | — |
| Compliance | C (70) | D (69) | -1.000 |
| Content | C (76) | A+ (98) | +22.000 |
| Sustainability | B (88) | B (88) | — |
| Metric | Previous | Current | Change |
|---|---|---|---|
| Performance | 7300 | 6000 | -1300 |
| Accessibility | 9100 | 9100 | — |
| Best Practices | 7300 | 7300 | — |
| SEO | 6600 | 10000 | +3400 |
| PWA | 0 | 0 | — |
| Desktop Performance | 9900 | 8700 | -1200 |
| Desktop Accessibility | 10000 | 10000 | — |
| Desktop Best Practices | 7300 | 7300 | — |
| Desktop SEO | 6600 | 10000 | +3400 |
| FCP | 3.06 s | 4.17 s | +1.11 s |
| LCP | 4.40 s | 4.62 s | +225 ms |
| TBT | 287 ms | 449 ms | +162 ms |
| CLS | 0.000 | 0.056 | +0.056 |
| Desktop FCP | 745 ms | 1.42 s | +674 ms |
| Desktop LCP | 825 ms | 1.74 s | +914 ms |
| Desktop TBT | 15 ms | 61 ms | +46 ms |
| Desktop CLS | 0.002 | 0.002 | — |
| TTFB † | 296 ms | 648 ms | +352 ms |
| DNS † | 48 ms | 7 ms | -41 ms |
| TLS † | 23 ms | 9 ms | -15 ms |
| Connect † | 17 ms | 1 ms | -16 ms |
| Total † | 296 ms | 648 ms | +352 ms |
† Timing metrics may vary by worker location and do not necessarily indicate site changes.
x-robots-tag noindex, nofollow → index, followstrict-transport-security max-age=15552000; includeSubDomains → max-age=31536000; includeSubDomains; preload17 headers unchanged
3 technologies unchanged
Looking ahead
+10 ptsEstimate — actual results may vary (34 issues to fix)
Website improvement report — Xpenv
May 29, 2026 → May 29, 2026
20
Resolved
21
New issues
13
Still remaining
Financial summary
Investment delivered
€2,444 in development time
Investment remaining
€2,699 to complete the remaining items
Ongoing risk
€0/month in ongoing exposure
Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.
Performance by category
| Metric | Before | After | Change |
|---|---|---|---|
| Overall score | 84 (B) | 88 (B) | +4 |
| Performance | 92 (A) | 92 (A) | 0 |
| Security | 79 (C) | 86 (B) | +7 |
| Accessibility | 83 (B) | 79 (C) | -4 |
| SEO | 85 (B) | 97 (A+) | +12 |
| Infrastructure | 94 (A) | 94 (A) | 0 |
| Compliance | 70 (C) | 69 (D) | -1 |
| Content | 76 (C) | 98 (A+) | +22 |
| Sustainability | 88 (B) | 88 (B) | 0 |
Resolved (20)
No meta description tag found (SEO)
→ Better search engine visibility
Page is set to noindex (SEO)
→ Better search engine visibility
Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
→ Reduced attack surface for visitors
Thin content — only 47 words (SEO)
→ Better search engine visibility
SRI adoption: 0/1 third-party resources protected (0%) (Security)
→ Reduced attack surface for visitors
Skip navigation link is missing (WCAG 2.4.1) (Accessibility)
→ Improved usability for assistive technology users
2 link(s) open in new tab without warning (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/assets/index-CgOUFYGR.js: 265 KB unused (64%) (Performance)
→ Page loads faster for users
Page has only 47 words — nearly empty (SEO)
→ Better search engine visibility
Soft 404: server returns HTTP 200 for non-existent pages (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/assets/index-CgOUFYGR.js: 401ms CPU time (Performance)
→ Page loads faster for users
Dead-end page — no outgoing internal links (SEO)
→ Better search engine visibility
External script from challenges.cloudflare.com lacks integrity attribute (Security)
→ Reduced attack surface for visitors
No internal links found (SEO)
→ Better search engine visibility
HSTS max-age is too short (15552000s, should be ≥ 31536000s) (Security)
→ Reduced attack surface for visitors
…and 5 more resolved issue(s)
Recommended next steps (34)
- Sprint 1
No H1 heading found (Accessibility)
- Sprint 1
Broken link: https://xpenv.com/cdn-cgi/content?id=8V29U2MvL9PQ0SMPoLQV... (Content)
- Sprint 1
Broken link: https://ipfs.io/cdn-cgi/content?id=ZYfhEgYOttjdEbMaSTfAj8... (Content)
- Sprint 1
2 link(s) with no accessible text (Accessibility)
- Sprint 2
No Content-Security-Policy header found (Security)
- Sprint 1
Transfer efficiency: 41% (Sustainability)
- Sprint 2
Content-Security-Policy header is missing (Security)
- Sprint 1
3 field(s) missing recommended autocomplete attribute (Accessibility)
- Sprint 1
https://xpenv.com/assets/index-CgOUFYGR.js: 690ms CPU time (Performance)
- Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 317ms CPU time (Performance)
- Sprint 2
1 render-blocking <script src> tag(s) without async/defer (Performance)
- Sprint 2
No privacy policy link detected (Compliance)
- Sprint 1
Bare server default 404 page (Accessibility)
- Sprint 1
https://xpenv.com/: 278ms CPU time (Performance)
- Sprint 1
11 of 13 links are healthy (Content)
…and 19 more recommended item(s)