Changes

https://xpenv.com

Compared to previous audit · 1 hour ago View previous audit

Santa Clara, United States → Singapore, Singapore

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (88)	B (87)	-1.000
Performance	A (92)	A (92)	—
Security	B (86)	B (85)	-1.000
Accessibility	C (79)	B (81)	+2.000
SEO	A+ (97)	A+ (97)	—
Infrastructure	A (94)	B (88)	-6.000
Compliance	D (69)	D (69)	—
Content	A+ (98)	A+ (98)	—
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	6000	5700	-300
Accessibility	9100	9600	+500
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	8700	8500	-200
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	4.17 s	4.20 s	—
LCP	4.62 s	4.50 s	-129 ms
TBT	449 ms	460 ms	+11 ms
CLS	0.056	0.056	—
Desktop FCP	1.42 s	1.39 s	-31 ms
Desktop LCP	1.74 s	1.88 s	+140 ms
Desktop TBT	61 ms	56 ms	-5 ms
Desktop CLS	0.002	0.002	—
TTFB †	648 ms	1.31 s	+667 ms
DNS †	7 ms	13 ms	+6 ms
TLS †	9 ms	12 ms	+3 ms
Connect †	1 ms	4 ms	+3 ms
Total †	648 ms	1.31 s	+667 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Soft 404: server returns HTTP 200 for non-existent pages accessibility

CRITICAL Broken link: https://ipfs.io/cdn-cgi/content?id=uc1aXx.11fs8rvZ1dC6U3f... content

WARNING https://xpenv.com/: 271ms CPU time performance

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 381ms CPU time performance

WARNING https://xpenv.com/assets/index-PXmCayWQ.js: 266 KB unused (64%) performance

WARNING 1 render-blocking <script src> tag(s) without async/defer performance

WARNING 2 publicly-accessible JavaScript source map(s) security

WARNING https://xpenv.com/assets/index-PXmCayWQ.js: 713ms CPU time performance

WARNING Unattributable: 374ms CPU time performance

WARNING 12 of 13 links are healthy content

WARNING IPv6 DNS records exist but server is not reachable infrastructure

CRITICAL Broken link: https://ipfs.io/cdn-cgi/content?id=ZYfhEgYOttjdEbMaSTfAj8... content

CRITICAL Broken link: https://xpenv.com/cdn-cgi/content?id=8V29U2MvL9PQ0SMPoLQV... content

WARNING https://xpenv.com/: 278ms CPU time performance

WARNING https://xpenv.com/assets/index-CgOUFYGR.js: 266 KB unused (64%) performance

WARNING 1 publicly-accessible JavaScript source map(s) security

WARNING No favicon.ico at site root accessibility

WARNING https://xpenv.com/assets/index-CgOUFYGR.js: 690ms CPU time performance

WARNING Unattributable: 376ms CPU time performance

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 317ms CPU time performance

WARNING 11 of 13 links are healthy content

WARNING Unexpected status code: HTTP 500 accessibility

WARNING Bare server default 404 page accessibility

CRITICAL No Content-Security-Policy header found security

CRITICAL No H1 heading found accessibility

CRITICAL Transfer efficiency: 41% sustainability

CRITICAL 2 link(s) with no accessible text accessibility

CRITICAL Content-Security-Policy header is missing security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING Login form does not contain a recognizable CSRF token security

WARNING Permissions-Policy header is missing security

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

WARNING No privacy policy link detected compliance

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING DMARC policy is none — monitoring only security

WARNING 1 internal links have no anchor text seo

WARNING Main HTML cached for 483840 minutes -- risks stale auth / SPA state performance

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING <iframe> missing title attribute (src="") accessibility

WARNING No accessibility statement detected compliance

WARNING Registrar lock is NOT enabled infrastructure

WARNING No Permissions-Policy header security

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

x-ipfs-path

/ipfs/bafybeie3j2bamvvrdl6d67qjt7sd4cldbx2lf24qxli7rfxav4axm3cneq/index.html → /ipfs/bafybeidifop6qxbkvsfbvuci2kjw5a34groakwu7aquorkerkyyzqb7gka/index.html

x-ipfs-roots

bafybeie3j2bamvvrdl6d67qjt7sd4cldbx2lf24qxli7rfxav4axm3cneq,bafkreihkm56jp76r... → bafybeidifop6qxbkvsfbvuci2kjw5a34groakwu7aquorkerkyyzqb7gka,bafkreicdg7njhhid...

x-ipfs-pop

rainbow-rbx-247-80 → rainbow-hil-38-166

16 headers unchanged

Technology stack unchanged

7 technologies unchanged

Looking ahead

+11 pts

B (87) Could reach A+ (98)

Accessibility +19Security +15Compliance +10Sustainability +10Infrastructure +8Performance +8SEO +3Content +2

Estimate — actual results may vary (32 issues to fix)

Website improvement report — Xpenv

May 29, 2026 → May 29, 2026

B B 88 → 87 -1 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

€992 in development time

Investment remaining

€2,600 to complete the remaining items

Ongoing risk

€0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	88 (B)	87 (B)	-1
Performance	92 (A)	92 (A)	0
Security	86 (B)	85 (B)	-1
Accessibility	79 (C)	81 (B)	+2
SEO	97 (A+)	97 (A+)	0
Infrastructure	94 (A)	88 (B)	-6
Compliance	69 (D)	69 (D)	0
Content	98 (A+)	98 (A+)	0
Sustainability	88 (B)	88 (B)	0

Resolved (12)

https://xpenv.com/: 278ms CPU time (Performance)
→ Page loads faster for users
https://xpenv.com/assets/index-CgOUFYGR.js: 266 KB unused (64%) (Performance)
→ Page loads faster for users
1 publicly-accessible JavaScript source map(s) (Security)
→ Reduced attack surface for visitors
No favicon.ico at site root (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/assets/index-CgOUFYGR.js: 690ms CPU time (Performance)
→ Page loads faster for users
Unattributable: 376ms CPU time (Performance)
→ Page loads faster for users
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 317ms CPU time (Performance)
→ Page loads faster for users
11 of 13 links are healthy (Content)
→ Stronger social sharing and on-page quality
Unexpected status code: HTTP 500 (Accessibility)
→ Improved usability for assistive technology users
Broken link: https://ipfs.io/cdn-cgi/content?id=ZYfhEgYOttjdEbMaSTfAj8... (Content)
→ Stronger social sharing and on-page quality
Bare server default 404 page (Accessibility)
→ Improved usability for assistive technology users
Broken link: https://xpenv.com/cdn-cgi/content?id=8V29U2MvL9PQ0SMPoLQV... (Content)
→ Stronger social sharing and on-page quality

Recommended next steps (32)

Sprint 1
Soft 404: server returns HTTP 200 for non-existent pages (Accessibility)
Sprint 1
Broken link: https://ipfs.io/cdn-cgi/content?id=uc1aXx.11fs8rvZ1dC6U3f... (Content)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
No H1 heading found (Accessibility)
Sprint 1
Transfer efficiency: 41% (Sustainability)
Sprint 1
2 link(s) with no accessible text (Accessibility)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 1
https://xpenv.com/: 271ms CPU time (Performance)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 381ms CPU time (Performance)
Sprint 3
https://xpenv.com/assets/index-PXmCayWQ.js: 266 KB unused (64%) (Performance)
Sprint 2
1 render-blocking <script src> tag(s) without async/defer (Performance)
Sprint 1
2 publicly-accessible JavaScript source map(s) (Security)
Sprint 1
https://xpenv.com/assets/index-PXmCayWQ.js: 713ms CPU time (Performance)
Sprint 1
Unattributable: 374ms CPU time (Performance)
Sprint 1
12 of 13 links are healthy (Content)

…and 17 more recommended item(s)

Browse & Analyze

Learn