Skip to content

Changes

https://xpenv.com
Compared to previous audit · 10 hours ago View previous audit
7
New issues
6
Resolved
12
score changes
CategoryPreviousCurrentChange
CompositeB (87)B (87)
PerformanceA (92)A (92)
SecurityB (85)B (86) +1.000
AccessibilityB (81)B (81)
SEOA+ (97)A+ (97)
InfrastructureB (88)B (86) -2.000
ComplianceD (69)D (69)
ContentA+ (98)A+ (98)
SustainabilityB (88)B (88)
MetricPreviousCurrentChange
Performance 57006300 +600
Accessibility 96009600
Best Practices 73007300
SEO 1000010000
PWA 00
Desktop Performance 85008600 +100
Desktop Accessibility 1000010000
Desktop Best Practices 73007300
Desktop SEO 1000010000
FCP 4.20 s3.98 s -216 ms
LCP 4.50 s4.43 s -66 ms
TBT 460 ms460 ms
CLS 0.0560.056
Desktop FCP 1.39 s1.32 s -67 ms
Desktop LCP 1.88 s1.87 s
Desktop TBT 56 ms44 ms -12 ms
Desktop CLS 0.0020.002
TTFB 1.31 s723 ms -591 ms
DNS 13 ms12 ms -1 ms
TLS 12 ms12 ms
Connect 4 ms3 ms -1 ms
Total 1.31 s724 ms -591 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Broken link: https://ipfs.io/cdn-cgi/content?id=4hA.0l9lIhfsdCeKx1S8qr... content
WARNING https://xpenv.com/assets/index-PXmCayWQ.js: 697ms CPU time performance
WARNING Unattributable: 369ms CPU time performance
WARNING 1 publicly-accessible JavaScript source map(s) security
WARNING https://xpenv.com/: 321ms CPU time performance
WARNING 1 render-blocking <script src> tag(s) without async/defer performance
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 337ms CPU time performance
CRITICAL Broken link: https://ipfs.io/cdn-cgi/content?id=uc1aXx.11fs8rvZ1dC6U3f... content
WARNING https://xpenv.com/: 271ms CPU time performance
WARNING Unattributable: 374ms CPU time performance
WARNING 2 publicly-accessible JavaScript source map(s) security
WARNING https://xpenv.com/assets/index-PXmCayWQ.js: 713ms CPU time performance
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 381ms CPU time performance
CRITICAL Transfer efficiency: 41% sustainability
CRITICAL 2 link(s) with no accessible text accessibility
CRITICAL No H1 heading found accessibility
CRITICAL Soft 404: server returns HTTP 200 for non-existent pages accessibility
CRITICAL Content-Security-Policy header is missing security
CRITICAL No Content-Security-Policy header found security
WARNING 3 field(s) would benefit from inputmode attribute accessibility
WARNING No Permissions-Policy header security
WARNING No privacy policy link detected compliance
WARNING Login form does not contain a recognizable CSRF token security
WARNING https://xpenv.com/assets/index-PXmCayWQ.js: 266 KB unused (64%) performance
WARNING Cross-Origin-Opener-Policy header is missing security
WARNING Registrar lock is NOT enabled infrastructure
WARNING DMARC policy is none — monitoring only security
WARNING No accessibility statement detected compliance
WARNING Permissions-Policy header is missing security
WARNING 12 of 13 links are healthy content
WARNING Cross-Origin-Embedder-Policy header is missing security
WARNING <iframe> missing title attribute (src="") accessibility
WARNING Main HTML cached for 483840 minutes -- risks stale auth / SPA state performance
WARNING 1 internal links have no anchor text seo
WARNING IPv6 DNS records exist but server is not reachable infrastructure
WARNING 3 field(s) missing recommended autocomplete attribute accessibility
WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance
WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

HTTP headers unchanged

19 headers unchanged

Technology stack unchanged

7 technologies unchanged

Looking ahead

+11 pts
B (87) Could reach A+ (98)
Accessibility +19Security +14Compliance +10Sustainability +10Infrastructure +8Performance +8SEO +3Content +2

Estimate — actual results may vary (32 issues to fix)

Website improvement report — Xpenv

May 29, 2026 → May 29, 2026

B B 87 → 87 0 pts

6

Resolved

7

New issues

25

Still remaining

Financial summary

Investment delivered

€85 in development time

Investment remaining

€2,600 to complete the remaining items

Ongoing risk

€0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

MetricBeforeAfterChange
Overall score87 (B)87 (B)0
Performance92 (A)92 (A)0
Security85 (B)86 (B)+1
Accessibility81 (B)81 (B)0
SEO97 (A+)97 (A+)0
Infrastructure88 (B)86 (B)-2
Compliance69 (D)69 (D)0
Content98 (A+)98 (A+)0
Sustainability88 (B)88 (B)0

Resolved (6)

  • https://xpenv.com/: 271ms CPU time (Performance)

    → Page loads faster for users

  • Broken link: https://ipfs.io/cdn-cgi/content?id=uc1aXx.11fs8rvZ1dC6U3f... (Content)

    → Stronger social sharing and on-page quality

  • Unattributable: 374ms CPU time (Performance)

    → Page loads faster for users

  • 2 publicly-accessible JavaScript source map(s) (Security)

    → Reduced attack surface for visitors

  • https://xpenv.com/assets/index-PXmCayWQ.js: 713ms CPU time (Performance)

    → Page loads faster for users

  • https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 381ms CPU time (Performance)

    → Page loads faster for users

Recommended next steps (32)

  • Sprint 1

    Broken link: https://ipfs.io/cdn-cgi/content?id=4hA.0l9lIhfsdCeKx1S8qr... (Content)

  • Sprint 1

    Transfer efficiency: 41% (Sustainability)

  • Sprint 1

    2 link(s) with no accessible text (Accessibility)

  • Sprint 1

    No H1 heading found (Accessibility)

  • Sprint 1

    Soft 404: server returns HTTP 200 for non-existent pages (Accessibility)

  • Sprint 2

    Content-Security-Policy header is missing (Security)

  • Sprint 2

    No Content-Security-Policy header found (Security)

  • Sprint 1

    https://xpenv.com/assets/index-PXmCayWQ.js: 697ms CPU time (Performance)

  • Sprint 1

    Unattributable: 369ms CPU time (Performance)

  • Sprint 1

    1 publicly-accessible JavaScript source map(s) (Security)

  • Sprint 1

    https://xpenv.com/: 321ms CPU time (Performance)

  • Sprint 2

    1 render-blocking <script src> tag(s) without async/defer (Performance)

  • Sprint 1

    https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 337ms CPU time (Performance)

  • Sprint 1

    3 field(s) would benefit from inputmode attribute (Accessibility)

  • Sprint 1

    No Permissions-Policy header (Security)

…and 17 more recommended item(s)

Send Feedback