Skip to content

Changes

https://xpenv.com
Compared to previous audit · 1 hour ago View previous audit

Madrid, Spain Sao Paulo, Brazil

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

18
New issues
17
Resolved
20
score changes
CategoryPreviousCurrentChange
CompositeB (87)B (85) -2.000
PerformanceA (95)A (95)
SecurityB (85)C (78) -7.000
AccessibilityC (77)B (84) +7.000
SEOA (96)B (85) -11.000
InfrastructureB (88)A (94) +6.000
ComplianceD (63)D (66) +3.000
ContentA+ (99)C (76) -23.000
SustainabilityB (88)B (88)
MetricPreviousCurrentChange
Performance 68007500 +700
Accessibility 94009600 +200
Best Practices 73007300
SEO 1000010000
PWA 00
Desktop Performance 99009900
Desktop Accessibility 1000010000
Desktop Best Practices 73007300
Desktop SEO 1000010000
FCP 3.47 s3.33 s -136 ms
LCP 3.92 s3.84 s -80 ms
TBT 474 ms267 ms -207 ms
CLS 0.0410.041
Desktop FCP 725 ms750 ms +25 ms
Desktop LCP 805 ms830 ms +25 ms
Desktop TBT 59 ms31 ms -28 ms
Desktop CLS 0.0030.003
TTFB 52 ms226 ms +173 ms
DNS 12 ms49 ms +37 ms
TLS 13 ms23 ms +11 ms
Connect 1 ms17 ms +15 ms
Total 53 ms226 ms +174 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Cookie '__cflb' is missing the Secure flag security
CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security
CRITICAL 1 non-essential cookie(s) set without consent banner compliance
CRITICAL Transfer efficiency: 41% sustainability
CRITICAL Page has only 47 words — nearly empty seo
WARNING https://xpenv.com/assets/index-GzZQg3V_.js: 289 KB unused (63%) performance
WARNING No internal links found seo
WARNING Unattributable: 311ms CPU time performance
WARNING 1 render-blocking <script src> tag(s) without async/defer performance
WARNING No Open Graph meta tags found content
WARNING Thin content — only 47 words seo
WARNING External script from challenges.cloudflare.com lacks integrity attribute security
WARNING 2 link(s) open in new tab without warning accessibility
WARNING Title is only 16 characters — consider expanding seo
WARNING https://xpenv.com/assets/index-GzZQg3V_.js: 459ms CPU time performance
WARNING No meta description tag found seo
WARNING No canonical tag found seo
WARNING SRI adoption: 0/1 third-party resources protected (0%) security
CRITICAL 8 button(s) with no accessible text accessibility
CRITICAL Transfer efficiency: 40% sustainability
CRITICAL 2 control(s) without accessible label accessibility
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 302ms CPU time performance
WARNING Heading level skipped: H1 → H3 (missing H2) accessibility
WARNING 1 publicly-accessible JavaScript source map(s) security
WARNING 3 field(s) would benefit from inputmode attribute accessibility
WARNING IPv6 DNS records exist but server is not reachable infrastructure
WARNING Login form does not contain a recognizable CSRF token security
WARNING 9 control(s) rely on placeholder only accessibility
WARNING 3 field(s) missing recommended autocomplete attribute accessibility
WARNING https://xpenv.com/assets/index-BSy0Hrty.js: 704ms CPU time performance
WARNING Unattributable: 408ms CPU time performance
WARNING Privacy Policy not detected compliance
WARNING No privacy policy link detected compliance
WARNING <iframe> missing title attribute (src="") accessibility
WARNING https://xpenv.com/assets/index-BSy0Hrty.js: 289 KB unused (64%) performance
CRITICAL Content-Security-Policy header is missing security
CRITICAL No Content-Security-Policy header found security
CRITICAL Soft 404: server returns HTTP 200 for non-existent pages accessibility
WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security
WARNING No Permissions-Policy header security
WARNING Registrar lock is NOT enabled infrastructure
WARNING No <nav> landmark found accessibility
WARNING Dead-end page — no outgoing internal links seo
WARNING No accessibility statement detected compliance
WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security
WARNING X-Frame-Options header is missing security
WARNING Referrer-Policy header is missing security
WARNING Cross-Origin-Opener-Policy header is missing security
WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility
WARNING Terms of Service not detected compliance
WARNING Permissions-Policy header is missing security
WARNING Cross-Origin-Embedder-Policy header is missing security
WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance
+ set-cookie __cflb=0H28v9ux15f5263BL1Rnd4DNQgph3F7ccMM1x6MUagt; SameSite=Lax; path=/; exp...
last-modified
Fri, 22 May 2026 04:54:01 GMT Mon, 25 May 2026 02:40:37 GMT
x-ipfs-roots
bafybeidtgbuokkr6u44kqw2hdwvavuxbs75b73lfhwjzayxmb43azhajyq bafybeicgeisyngoxppp4rzshdwwr7oidtxmq52wtg6jd6zk7ejzfn26l6q
cf-cache-status
HIT DYNAMIC

15 headers unchanged

+ AngularJS JavaScript frameworks
+ Cloudflare Turnstile Security
Open Graph Miscellaneous
React JavaScript frameworks
React Router JavaScript frameworks
Bootstrap Framework
Framer Motion JavaScript libraries

4 technologies unchanged

Looking ahead

+12 pts
B (85) Could reach A+ (97)
Security +22Compliance +18Accessibility +16SEO +15Sustainability +10Performance +5Content +4Infrastructure +4

Estimate — actual results may vary (36 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 87 → 85 -2 pts

17

Resolved

18

New issues

18

Still remaining

Financial summary

Investment delivered

$1,758 in development time

Investment remaining

$4,642 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

MetricBeforeAfterChange
Overall score87 (B)85 (B)-2
Performance95 (A)95 (A)0
Security85 (B)78 (C)-7
Accessibility77 (C)84 (B)+7
SEO96 (A)85 (B)-11
Infrastructure88 (B)94 (A)+6
Compliance63 (D)66 (D)+3
Content99 (A+)76 (C)-23
Sustainability88 (B)88 (B)0

Resolved (17)

  • https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 302ms CPU time (Performance)

    → Page loads faster for users

  • Heading level skipped: H1 → H3 (missing H2) (Accessibility)

    → Improved usability for assistive technology users

  • 1 publicly-accessible JavaScript source map(s) (Security)

    → Reduced attack surface for visitors

  • 8 button(s) with no accessible text (Accessibility)

    → Improved usability for assistive technology users

  • 3 field(s) would benefit from inputmode attribute (Accessibility)

    → Improved usability for assistive technology users

  • IPv6 DNS records exist but server is not reachable (Infrastructure)

    → More reliable delivery

  • Login form does not contain a recognizable CSRF token (Security)

    → Reduced attack surface for visitors

  • 9 control(s) rely on placeholder only (Accessibility)

    → Improved usability for assistive technology users

  • 3 field(s) missing recommended autocomplete attribute (Accessibility)

    → Improved usability for assistive technology users

  • https://xpenv.com/assets/index-BSy0Hrty.js: 704ms CPU time (Performance)

    → Page loads faster for users

  • Unattributable: 408ms CPU time (Performance)

    → Page loads faster for users

  • Privacy Policy not detected (Compliance)

    → Reduced regulatory exposure

  • Transfer efficiency: 40% (Sustainability)

    → Lower carbon footprint per page view

  • No privacy policy link detected (Compliance)

    → Reduced regulatory exposure

  • 2 control(s) without accessible label (Accessibility)

    → Improved usability for assistive technology users

…and 2 more resolved issue(s)

Recommended next steps (36)

  • Sprint 1

    Cookie '__cflb' is missing the Secure flag (Security)

  • Sprint 1

    Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)

  • Sprint 2

    1 non-essential cookie(s) set without consent banner (Compliance)

  • Sprint 1

    Transfer efficiency: 41% (Sustainability)

  • Sprint 3

    Page has only 47 words — nearly empty (SEO)

  • Sprint 2

    Content-Security-Policy header is missing (Security)

  • Sprint 2

    No Content-Security-Policy header found (Security)

  • Sprint 1

    Soft 404: server returns HTTP 200 for non-existent pages (Accessibility)

  • Sprint 3

    https://xpenv.com/assets/index-GzZQg3V_.js: 289 KB unused (63%) (Performance)

  • Sprint 1

    No internal links found (SEO)

  • Sprint 1

    Unattributable: 311ms CPU time (Performance)

  • Sprint 2

    1 render-blocking <script src> tag(s) without async/defer (Performance)

  • Sprint 1

    No Open Graph meta tags found (Content)

  • Sprint 3

    Thin content — only 47 words (SEO)

  • Sprint 1

    External script from challenges.cloudflare.com lacks integrity attribute (Security)

…and 21 more recommended item(s)

Send Feedback