Changes

https://xpenv.com

Compared to previous audit · 1 hour ago View previous audit

New York, United Stated → Singapore, Singapore

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (88)	B (89)	+1.000
Performance	A (94)	A (94)	—
Security	B (86)	B (86)	—
Accessibility	B (82)	B (82)	—
SEO	A+ (97)	A+ (97)	—
Infrastructure	B (88)	A (94)	+6.000
Compliance	D (69)	D (69)	—
Content	A+ (99)	A+ (99)	—
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	7200	6600	-600
Accessibility	9600	9600	—
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9800	9800	—
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	3.32 s	3.32 s	—
LCP	3.62 s	4.61 s	+997 ms
TBT	442 ms	417 ms	-25 ms
CLS	0.041	0.041	—
Desktop FCP	745 ms	742 ms	—
Desktop LCP	1.04 s	1.03 s	—
Desktop TBT	51 ms	47 ms	-4 ms
Desktop CLS	0.003	0.003	—
TTFB †	28 ms	34 ms	+6 ms
DNS †	5 ms	4 ms	-1 ms
TLS †	10 ms	9 ms	-1 ms
Connect †	2 ms	1 ms	-1 ms
Total †	28 ms	34 ms	+6 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

WARNING Unattributable: 331ms CPU time performance

WARNING https://xpenv.com/assets/index-22d4mitO.js: 633ms CPU time performance

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 355ms CPU time performance

WARNING Unattributable: 362ms CPU time performance

WARNING IPv6 DNS records exist but server is not reachable infrastructure

WARNING https://xpenv.com/assets/index-22d4mitO.js: 674ms CPU time performance

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 332ms CPU time performance

WARNING https://xpenv.com/: 263ms CPU time performance

CRITICAL Transfer efficiency: 41% sustainability

CRITICAL Content-Security-Policy header is missing security

CRITICAL No Content-Security-Policy header found security

CRITICAL No H1 heading found accessibility

WARNING https://xpenv.com/assets/index-22d4mitO.js: 259 KB unused (64%) performance

WARNING Registrar lock is NOT enabled infrastructure

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING Login form does not contain a recognizable CSRF token security

WARNING No Permissions-Policy header security

WARNING <iframe> missing title attribute (src="") accessibility

WARNING No privacy policy link detected compliance

WARNING No accessibility statement detected compliance

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Bare server default 404 page accessibility

WARNING No favicon.ico at site root accessibility

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING X-Frame-Options header is missing security

WARNING Referrer-Policy header is missing security

WARNING Permissions-Policy header is missing security

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

last-modified

Mon, 25 May 2026 21:05:47 GMT → Mon, 25 May 2026 21:08:42 GMT

17 headers unchanged

Technology stack unchanged

9 technologies unchanged

Looking ahead

+9 pts

B (89) Could reach A+ (98)

Accessibility +18Security +14Compliance +10Sustainability +10Performance +6Infrastructure +4

Estimate — actual results may vary (27 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 88 → 89 +1 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

€85 in development time

Investment remaining

€2,217 to complete the remaining items

Ongoing risk

€0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	88 (B)	89 (B)	+1
Performance	94 (A)	94 (A)	0
Security	86 (B)	86 (B)	0
Accessibility	82 (B)	82 (B)	0
SEO	97 (A+)	97 (A+)	0
Infrastructure	88 (B)	94 (A)	+6
Compliance	69 (D)	69 (D)	0
Content	99 (A+)	99 (A+)	0
Sustainability	88 (B)	88 (B)	0

Resolved (5)

Unattributable: 362ms CPU time (Performance)
→ Page loads faster for users
IPv6 DNS records exist but server is not reachable (Infrastructure)
→ More reliable delivery
https://xpenv.com/assets/index-22d4mitO.js: 674ms CPU time (Performance)
→ Page loads faster for users
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 332ms CPU time (Performance)
→ Page loads faster for users
https://xpenv.com/: 263ms CPU time (Performance)
→ Page loads faster for users

Recommended next steps (27)

Sprint 1
Transfer efficiency: 41% (Sustainability)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
No H1 heading found (Accessibility)
Sprint 1
Unattributable: 331ms CPU time (Performance)
Sprint 1
https://xpenv.com/assets/index-22d4mitO.js: 633ms CPU time (Performance)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 355ms CPU time (Performance)
Sprint 3
https://xpenv.com/assets/index-22d4mitO.js: 259 KB unused (64%) (Performance)
Sprint 1
Registrar lock is NOT enabled (Infrastructure)
Sprint 1
HSTS max-age is too short (15552000s, should be ≥ 31536000s) (Security)
Sprint 1
Cross-Origin-Opener-Policy header is missing (Security)
Sprint 1
Login form does not contain a recognizable CSRF token (Security)
Sprint 1
No Permissions-Policy header (Security)
Sprint 1
<iframe> missing title attribute (src="") (Accessibility)
Sprint 2
No privacy policy link detected (Compliance)

…and 12 more recommended item(s)

Browse & Analyze

Learn