Changes
Sao Paulo, Brazil → New York, United Stated
These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.
| Category | Previous | Current | Change |
|---|---|---|---|
| Composite | B (85) | B (85) | — |
| Performance | A (95) | A+ (98) | +3.000 |
| Security | B (86) | B (80) | -6.000 |
| Accessibility | B (81) | B (85) | +4.000 |
| SEO | B (87) | B (85) | -2.000 |
| Infrastructure | B (84) | B (86) | +2.000 |
| Compliance | D (63) | D (63) | — |
| Content | C (73) | C (75) | +2.000 |
| Sustainability | A (90) | A (95) | +5.000 |
| Metric | Previous | Current | Change |
|---|---|---|---|
| Performance | 10000 | 9600 | -400 |
| Accessibility | 10000 | 10000 | — |
| Best Practices | 10000 | 10000 | — |
| SEO | 9100 | 5400 | -3700 |
| PWA | 0 | 0 | — |
| Desktop Performance | 10000 | 9900 | -100 |
| Desktop Accessibility | 10000 | 10000 | — |
| Desktop Best Practices | 10000 | 10000 | — |
| Desktop SEO | 9100 | 5400 | -3700 |
| FCP | 965 ms | 1.74 s | +771 ms |
| LCP | 965 ms | 2.46 s | +1.50 s |
| TBT | 0 ms | 0 ms | — |
| CLS | 0.000 | 0.000 | -0.000 |
| Desktop FCP | 246 ms | 454 ms | +208 ms |
| Desktop LCP | 246 ms | 529 ms | +283 ms |
| Desktop TBT | 0 ms | 0 ms | — |
| Desktop CLS | 0.000 | 0.000 | -0.000 |
| TTFB † | 2.05 s | 1.30 s | -751 ms |
| DNS † | 219 ms | 230 ms | +11 ms |
| TLS † | 125 ms | 8 ms | -118 ms |
| Connect † | 116 ms | 1 ms | -115 ms |
| Total † | 2.05 s | 1.74 s | -312 ms |
† Timing metrics may vary by worker location and do not necessarily indicate site changes.
cf-cache-status DYNAMICalt-svc h3=":443"; ma=86400x-powered-by PHP/8.3.31strict-transport-security max-age=63072000;includeSubDomains; preloadvary Accept-Encodingx-frame-options SAMEORIGINcontent-length 10740content-security-policy frame-ancestors 'self';content-encoding gzip → brserver openresty → cloudflare2 headers unchanged
3 technologies unchanged
Looking ahead
+11 ptsEstimate — actual results may vary (32 issues to fix)
Website improvement report — Inco
June 8, 2026 → July 2, 2026
15
Resolved
13
New issues
19
Still remaining
Financial summary
Investment delivered
Br2,660 in development time
Investment remaining
Br4,800 to complete the remaining items
Ongoing risk
Br0/month in ongoing exposure
Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.
Performance by category
| Metric | Before | After | Change |
|---|---|---|---|
| Overall score | 85 (B) | 85 (B) | 0 |
| Performance | 95 (A) | 98 (A+) | +3 |
| Security | 86 (B) | 80 (B) | -6 |
| Accessibility | 81 (B) | 85 (B) | +4 |
| SEO | 87 (B) | 85 (B) | -2 |
| Infrastructure | 84 (B) | 86 (B) | +2 |
| Compliance | 63 (D) | 63 (D) | 0 |
| Content | 73 (C) | 75 (C) | +2 |
| Sustainability | 90 (A) | 95 (A) | +5 |
Resolved (15)
X-Powered-By header reveals technology stack (Security)
→ Reduced attack surface for visitors
HTTP version does not redirect to HTTPS (Infrastructure)
→ More reliable delivery
9 of 14 links are healthy (Content)
→ Stronger social sharing and on-page quality
Thin content — only 18 words (SEO)
→ Better search engine visibility
Page has only 18 words — nearly empty (SEO)
→ Better search engine visibility
base-uri directive is missing (Security)
→ Reduced attack surface for visitors
Skip navigation link is missing (WCAG 2.4.1) (Accessibility)
→ Improved usability for assistive technology users
No H1 heading found (Accessibility)
→ Improved usability for assistive technology users
Broken link: https://inco.by (Content)
→ Stronger social sharing and on-page quality
default-src directive is missing (Security)
→ Reduced attack surface for visitors
form-action directive is missing (Security)
→ Reduced attack surface for visitors
Broken link: https://inco.by/about/ (Content)
→ Stronger social sharing and on-page quality
DNS resolution is slow (340 ms) (Infrastructure)
→ More reliable delivery
Broken link: https://inco.by/wp-includes/js/wp-emoji-release.min.js?ve... (Content)
→ Stronger social sharing and on-page quality
Broken link: https://inco.by/wp-json/ (Content)
→ Stronger social sharing and on-page quality
Recommended next steps (32)
- Sprint 1
HSTS header is missing (Security)
- Sprint 2
No Content-Security-Policy header found (Security)
- Sprint 3
Page has only 15 words — nearly empty (SEO)
- Sprint 1
Page body has only 174 chars of text -- likely empty / placeholder (Security)
- Sprint 2
Content-Security-Policy header is missing (Security)
- Sprint 1
1 software version(s) disclosed in HTML: WordPress 7.0 (Security)
- Sprint 1
9 of 12 links are healthy (Content)
- Sprint 2
No headings found (Accessibility)
- Sprint 2
DNS resolution is slow (371 ms) (Infrastructure)
- Sprint 1
X-Frame-Options header is missing (Security)
- Sprint 2
Compressed response missing `Vary` header (Performance)
- Sprint 1
Broken link: https://inco.by/wp-content/uploads/2026/07/cropped-LOGO-1... (Content)
- Sprint 3
Thin content — only 15 words (SEO)
- Sprint 2
No DMARC record found (Security)
- Sprint 1
No meta description tag found (SEO)
…and 17 more recommended item(s)