Changes

https://xpenv.com

Compared to previous audit · 1 hour ago View previous audit

Madrid, Spain → Sao Paulo, Brazil

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (87)	B (85)	-2.000
Performance	A (95)	A (95)	—
Security	B (85)	C (78)	-7.000
Accessibility	C (77)	B (84)	+7.000
SEO	A (96)	B (85)	-11.000
Infrastructure	B (88)	A (94)	+6.000
Compliance	D (63)	D (66)	+3.000
Content	A+ (99)	C (76)	-23.000
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	6800	7500	+700
Accessibility	9400	9600	+200
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9900	9900	—
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	3.47 s	3.33 s	-136 ms
LCP	3.92 s	3.84 s	-80 ms
TBT	474 ms	267 ms	-207 ms
CLS	0.041	0.041	—
Desktop FCP	725 ms	750 ms	+25 ms
Desktop LCP	805 ms	830 ms	+25 ms
Desktop TBT	59 ms	31 ms	-28 ms
Desktop CLS	0.003	0.003	—
TTFB †	52 ms	226 ms	+173 ms
DNS †	12 ms	49 ms	+37 ms
TLS †	13 ms	23 ms	+11 ms
Connect †	1 ms	17 ms	+15 ms
Total †	53 ms	226 ms	+174 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Transfer efficiency: 41% sustainability

CRITICAL Page has only 47 words — nearly empty seo

CRITICAL 1 non-essential cookie(s) set without consent banner compliance

CRITICAL Cookie '__cflb' is missing the Secure flag security

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security

WARNING https://xpenv.com/assets/index-GzZQg3V_.js: 459ms CPU time performance

WARNING 2 link(s) open in new tab without warning accessibility

WARNING 1 render-blocking <script src> tag(s) without async/defer performance

WARNING No internal links found seo

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

WARNING Unattributable: 311ms CPU time performance

WARNING Thin content — only 47 words seo

WARNING No Open Graph meta tags found content

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING https://xpenv.com/assets/index-GzZQg3V_.js: 289 KB unused (63%) performance

WARNING Title is only 16 characters — consider expanding seo

WARNING No canonical tag found seo

WARNING No meta description tag found seo

CRITICAL Transfer efficiency: 40% sustainability

CRITICAL 2 control(s) without accessible label accessibility

CRITICAL 8 button(s) with no accessible text accessibility

WARNING 9 control(s) rely on placeholder only accessibility

WARNING https://xpenv.com/assets/index-BSy0Hrty.js: 704ms CPU time performance

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING <iframe> missing title attribute (src="") accessibility

WARNING https://xpenv.com/assets/index-BSy0Hrty.js: 289 KB unused (64%) performance

WARNING No privacy policy link detected compliance

WARNING Login form does not contain a recognizable CSRF token security

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 302ms CPU time performance

WARNING Privacy Policy not detected compliance

WARNING Heading level skipped: H1 → H3 (missing H2) accessibility

WARNING Unattributable: 408ms CPU time performance

WARNING IPv6 DNS records exist but server is not reachable infrastructure

WARNING 1 publicly-accessible JavaScript source map(s) security

CRITICAL Content-Security-Policy header is missing security

CRITICAL Soft 404: server returns HTTP 200 for non-existent pages accessibility

CRITICAL No Content-Security-Policy header found security

WARNING No accessibility statement detected compliance

WARNING Permissions-Policy header is missing security

WARNING Terms of Service not detected compliance

WARNING Referrer-Policy header is missing security

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING No <nav> landmark found accessibility

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING X-Frame-Options header is missing security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING No Permissions-Policy header security

WARNING Registrar lock is NOT enabled infrastructure

WARNING Dead-end page — no outgoing internal links seo

WARNING Cross-Origin-Embedder-Policy header is missing security

+ set-cookie __cflb=0H28v9ux15f5263BL1Rnd4DNQgph3F7ccMM1x6MUagt; SameSite=Lax; path=/; exp...

cf-cache-status

HIT → DYNAMIC

x-ipfs-roots

bafybeidtgbuokkr6u44kqw2hdwvavuxbs75b73lfhwjzayxmb43azhajyq → bafybeicgeisyngoxppp4rzshdwwr7oidtxmq52wtg6jd6zk7ejzfn26l6q

last-modified

Fri, 22 May 2026 04:54:01 GMT → Mon, 25 May 2026 02:40:37 GMT

15 headers unchanged

+ AngularJS JavaScript frameworks

+ Cloudflare Turnstile Security

− Framer Motion JavaScript libraries

− Open Graph Miscellaneous

− React JavaScript frameworks

− Bootstrap Framework

− React Router JavaScript frameworks

4 technologies unchanged

Looking ahead

+12 pts

B (85) Could reach A+ (97)

Security +22Compliance +18Accessibility +16SEO +15Sustainability +10Performance +5Content +4Infrastructure +4

Estimate — actual results may vary (36 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 87 → 85 -2 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$1,758 in development time

Investment remaining

$4,642 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	87 (B)	85 (B)	-2
Performance	95 (A)	95 (A)	0
Security	85 (B)	78 (C)	-7
Accessibility	77 (C)	84 (B)	+7
SEO	96 (A)	85 (B)	-11
Infrastructure	88 (B)	94 (A)	+6
Compliance	63 (D)	66 (D)	+3
Content	99 (A+)	76 (C)	-23
Sustainability	88 (B)	88 (B)	0

Resolved (17)

9 control(s) rely on placeholder only (Accessibility)
→ Improved usability for assistive technology users
Transfer efficiency: 40% (Sustainability)
→ Lower carbon footprint per page view
https://xpenv.com/assets/index-BSy0Hrty.js: 704ms CPU time (Performance)
→ Page loads faster for users
2 control(s) without accessible label (Accessibility)
→ Improved usability for assistive technology users
3 field(s) missing recommended autocomplete attribute (Accessibility)
→ Improved usability for assistive technology users
3 field(s) would benefit from inputmode attribute (Accessibility)
→ Improved usability for assistive technology users
<iframe> missing title attribute (src="") (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/assets/index-BSy0Hrty.js: 289 KB unused (64%) (Performance)
→ Page loads faster for users
No privacy policy link detected (Compliance)
→ Reduced regulatory exposure
Login form does not contain a recognizable CSRF token (Security)
→ Reduced attack surface for visitors
8 button(s) with no accessible text (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 302ms CPU time (Performance)
→ Page loads faster for users
Privacy Policy not detected (Compliance)
→ Reduced regulatory exposure
Heading level skipped: H1 → H3 (missing H2) (Accessibility)
→ Improved usability for assistive technology users
Unattributable: 408ms CPU time (Performance)
→ Page loads faster for users

…and 2 more resolved issue(s)

Recommended next steps (36)

Sprint 1
Transfer efficiency: 41% (Sustainability)
Sprint 3
Page has only 47 words — nearly empty (SEO)
Sprint 2
1 non-essential cookie(s) set without consent banner (Compliance)
Sprint 1
Cookie '__cflb' is missing the Secure flag (Security)
Sprint 1
Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 1
Soft 404: server returns HTTP 200 for non-existent pages (Accessibility)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
https://xpenv.com/assets/index-GzZQg3V_.js: 459ms CPU time (Performance)
Sprint 1
2 link(s) open in new tab without warning (Accessibility)
Sprint 2
1 render-blocking <script src> tag(s) without async/defer (Performance)
Sprint 1
No internal links found (SEO)
Sprint 1
SRI adoption: 0/1 third-party resources protected (0%) (Security)
Sprint 1
Unattributable: 311ms CPU time (Performance)
Sprint 3
Thin content — only 47 words (SEO)

…and 21 more recommended item(s)

Browse & Analyze

Learn