Changes

https://pullitpacks.com

Compared to previous audit · 4 days ago View previous audit

Madrid, Spain → Sao Paulo, Brazil

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (80)	B (82)	+2.000
Performance	A (91)	A (91)	—
Security	C (74)	C (78)	+4.000
Accessibility	C (79)	C (79)	—
SEO	B (82)	B (83)	+1.000
Infrastructure	B (82)	B (84)	+2.000
Compliance	D (69)	D (69)	—
Content	C (75)	C (73)	-2.000
Sustainability	C (79)	B (80)	+1.000

Metric	Previous	Current	Change
Performance	5500	5800	+300
Accessibility	9600	9600	—
Best Practices	10000	10000	—
SEO	9100	9100	—
PWA	0	0	—
Desktop Performance	9300	9600	+300
Desktop Accessibility	9600	9600	—
Desktop Best Practices	10000	10000	—
Desktop SEO	9100	9100	—
FCP	4.11 s	2.00 s	-2.12 s
LCP	6.33 s	4.46 s	-1.88 s
TBT	88 ms	138 ms	+50 ms
CLS	0.206	0.656	+0.449
Desktop FCP	921 ms	456 ms	-464 ms
Desktop LCP	1.40 s	1.38 s	-21 ms
Desktop TBT	0 ms	0 ms	—
Desktop CLS	0.011	0.000	-0.011
TTFB †	249 ms	181 ms	-68 ms
DNS †	81 ms	36 ms	-45 ms
TLS †	6 ms	21 ms	+15 ms
Connect †	1 ms	16 ms	+15 ms
Total †	249 ms	182 ms	-68 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

WARNING https://pullitpacks.com/assets/react-DqYccM46.js: 24 KB unused (38%) performance

WARNING https://pullitpacks.com/assets/index-DDEm5X1t.js: 46 KB unused (54%) performance

WARNING Page has 88 words — thin content seo

WARNING 10 text node(s) render below 12 CSS pixels on mobile accessibility

WARNING https://pullitpacks.com/assets/react-DqYccM46.js: 264ms CPU time performance

WARNING Broken link: https://lvamkivp4fcwhgmpr4njokacqy.appsync-api.us-east-1.... content

WARNING 10 above-fold image(s) marked loading="lazy" (LCP anti-pattern) content

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

WARNING Third-party code accounts for 63% of page weight (621.3 KiB of 988.7 KiB) performance

WARNING Thin content — only 88 words seo

WARNING 26 third-party resources (63% of weight) performance

WARNING 2 font preload(s) missing `crossorigin` -- font will be downloaded twice performance

WARNING https://pullitpacks.com/assets/aws-kLirSH7r.js: 31 KB unused (67%) performance

WARNING 32 of 33 links are healthy content

WARNING https://pullitpacks.com/: 402ms CPU time performance

CRITICAL Page has only 32 words — nearly empty seo

CRITICAL Page body has only 183 chars of text -- likely empty / placeholder security

WARNING Broken link: https://fonts.gstatic.com content

WARNING SRI adoption: 0/2 third-party resources protected (0%) security

WARNING https://pullitpacks.com/assets/aws-DSCIpVe1.js: 98 KB unused (51%) performance

WARNING No headings found accessibility

WARNING 19 of 21 links are healthy content

WARNING Broken link: https://fonts.googleapis.com content

WARNING Unattributable: 444ms CPU time performance

WARNING Third-party code accounts for 59% of page weight (593.2 KiB of 1001.2 KiB) performance

WARNING https://pullitpacks.com/: 521ms CPU time performance

WARNING Thin content — only 32 words seo

WARNING https://pullitpacks.com/assets/aws-DSCIpVe1.js: 434ms CPU time performance

WARNING External link from fonts.googleapis.com lacks integrity attribute security

WARNING 33 third-party resources (59% of weight) performance

WARNING https://pullitpacks.com/assets/index-Cb44Q5Rp.js: 26 KB unused (42%) performance

CRITICAL Both www and non-www versions serve content infrastructure

CRITICAL Content-Security-Policy header is missing security

CRITICAL No Content-Security-Policy header found security

CRITICAL Soft 404: server returns HTTP 200 for non-existent pages accessibility

CRITICAL HSTS header is missing security

WARNING No privacy policy link detected compliance

WARNING No accessibility statement detected compliance

WARNING Manifest contains invalid JSON accessibility

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Permissions-Policy header is missing security

WARNING Sitemap is empty -- 0 URLs listed seo

WARNING sitemap.xml is empty — no URLs found infrastructure

WARNING Title is only 13 characters — consider expanding seo

WARNING No Open Graph meta tags found content

WARNING X-Frame-Options header is missing security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING No favicon.ico at site root accessibility

WARNING X-Content-Type-Options header is missing security

WARNING Referrer-Policy header is missing security

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING No Permissions-Policy header security

WARNING No meta description tag found seo

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING No canonical tag found seo

WARNING Registrar lock is NOT enabled infrastructure

WARNING Privacy Policy not detected compliance

WARNING 1 publicly-accessible JavaScript source map(s) security

WARNING External script from www.redditstatic.com lacks integrity attribute security

WARNING sitemap.xml contains invalid XML infrastructure

WARNING No DMARC record found security

+ content-encoding br

via

1.1 19ba162983a19106ea1aeb19f13f3c42.cloudfront.net (CloudFront) → 1.1 67dcca6cd203eb944e3da0c9e0509316.cloudfront.net (CloudFront)

last-modified

Sun, 10 May 2026 01:37:33 GMT → Thu, 14 May 2026 08:05:00 GMT

etag

W/"81d154345f1f91da2426412b4703cd8e" → W/"f171f37987031e08c18c6774e22d92f1"

5 headers unchanged

+ Priority Hints Performance

− Google Font API Font scripts

11 technologies unchanged

Looking ahead

+15 pts

B (82) Could reach A+ (97)

Security +22Accessibility +21Infrastructure +16SEO +14Compliance +13Content +13Performance +9

Estimate — actual results may vary (46 issues to fix)

Website improvement report — Pullitpacks

May 10, 2026 → May 14, 2026

B B 80 → 82 +2 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$4,300 in development time

Investment remaining

$7,275 to complete the remaining items

Ongoing risk

$13,125/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	80 (B)	82 (B)	+2
Performance	91 (A)	91 (A)	0
Security	74 (C)	78 (C)	+4
Accessibility	79 (C)	79 (C)	0
SEO	82 (B)	83 (B)	+1
Infrastructure	82 (B)	84 (B)	+2
Compliance	69 (D)	69 (D)	0
Content	75 (C)	73 (C)	-2
Sustainability	79 (C)	80 (B)	+1

Resolved (16)

Broken link: https://fonts.gstatic.com (Content)
→ Stronger social sharing and on-page quality
SRI adoption: 0/2 third-party resources protected (0%) (Security)
→ Reduced attack surface for visitors
https://pullitpacks.com/assets/aws-DSCIpVe1.js: 98 KB unused (51%) (Performance)
→ Page loads faster for users
No headings found (Accessibility)
→ Improved usability for assistive technology users
19 of 21 links are healthy (Content)
→ Stronger social sharing and on-page quality
Broken link: https://fonts.googleapis.com (Content)
→ Stronger social sharing and on-page quality
Unattributable: 444ms CPU time (Performance)
→ Page loads faster for users
Page has only 32 words — nearly empty (SEO)
→ Better search engine visibility
Page body has only 183 chars of text -- likely empty / placeholder (Security)
→ Reduced attack surface for visitors
Third-party code accounts for 59% of page weight (593.2 KiB of 1001.2 KiB) (Performance)
→ Page loads faster for users
https://pullitpacks.com/: 521ms CPU time (Performance)
→ Page loads faster for users
Thin content — only 32 words (SEO)
→ Better search engine visibility
https://pullitpacks.com/assets/aws-DSCIpVe1.js: 434ms CPU time (Performance)
→ Page loads faster for users
External link from fonts.googleapis.com lacks integrity attribute (Security)
→ Reduced attack surface for visitors
33 third-party resources (59% of weight) (Performance)
→ Page loads faster for users

…and 1 more resolved issue(s)

Recommended next steps (46)

Sprint 1
Both www and non-www versions serve content (Infrastructure)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
Soft 404: server returns HTTP 200 for non-existent pages (Accessibility)
Sprint 1
HSTS header is missing (Security)
Sprint 3
https://pullitpacks.com/assets/react-DqYccM46.js: 24 KB unused (38%) (Performance)
Sprint 3
https://pullitpacks.com/assets/index-DDEm5X1t.js: 46 KB unused (54%) (Performance)
Sprint 3
Page has 88 words — thin content (SEO)
Sprint 1
10 text node(s) render below 12 CSS pixels on mobile (Accessibility)
Sprint 1
https://pullitpacks.com/assets/react-DqYccM46.js: 264ms CPU time (Performance)
Sprint 1
Broken link: https://lvamkivp4fcwhgmpr4njokacqy.appsync-api.us-east-1.... (Content)
Sprint 1
10 above-fold image(s) marked loading="lazy" (LCP anti-pattern) (Content)
Sprint 1
SRI adoption: 0/1 third-party resources protected (0%) (Security)
Sprint 3
Third-party code accounts for 63% of page weight (621.3 KiB of 988.7 KiB) (Performance)
Sprint 3
Thin content — only 88 words (SEO)

…and 31 more recommended item(s)

Browse & Analyze

Learn