Changes

https://xpenv.com

Compared to previous audit · 10 hours ago View previous audit

Madrid, Spain → New York, United Stated

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (87)	B (84)	-3.000
Performance	A (94)	A (92)	-2.000
Security	B (85)	C (79)	-6.000
Accessibility	B (81)	B (83)	+2.000
SEO	A+ (97)	B (85)	-12.000
Infrastructure	B (87)	A (94)	+7.000
Compliance	D (69)	C (70)	+1.000
Content	A+ (98)	C (76)	-22.000
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	7300	7300	—
Accessibility	9100	9100	—
Best Practices	7300	7300	—
SEO	10000	6600	-3400
PWA	0	0	—
Desktop Performance	9900	9900	—
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	6600	-3400
FCP	3.32 s	3.06 s	-261 ms
LCP	3.62 s	4.40 s	+783 ms
TBT	393 ms	287 ms	-106 ms
CLS	0.056	0.000	-0.056
Desktop FCP	689 ms	745 ms	+55 ms
Desktop LCP	990 ms	825 ms	-166 ms
Desktop TBT	45 ms	15 ms	-30 ms
Desktop CLS	0.002	0.002	—
TTFB †	271 ms	296 ms	+25 ms
DNS †	87 ms	48 ms	-39 ms
TLS †	10 ms	23 ms	+13 ms
Connect †	1 ms	17 ms	+15 ms
Total †	271 ms	296 ms	+25 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Soft 404: server returns HTTP 200 for non-existent pages accessibility

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security

CRITICAL Page has only 47 words — nearly empty seo

WARNING Thin content — only 47 words seo

WARNING No Open Graph meta tags found content

WARNING 1 render-blocking <script src> tag(s) without async/defer performance

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING No <nav> landmark found accessibility

WARNING Title is only 16 characters — consider expanding seo

WARNING Main HTML cached for 483840 minutes -- risks stale auth / SPA state performance

WARNING https://xpenv.com/assets/index-CgOUFYGR.js: 401ms CPU time performance

WARNING https://xpenv.com/assets/index-CgOUFYGR.js: 265 KB unused (64%) performance

WARNING Dead-end page — no outgoing internal links seo

WARNING Terms of Service not detected compliance

WARNING No internal links found seo

WARNING No canonical tag found seo

WARNING No meta description tag found seo

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING 2 link(s) open in new tab without warning accessibility

WARNING Page is set to noindex seo

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

CRITICAL No H1 heading found accessibility

CRITICAL 1 link(s) with no accessible text accessibility

CRITICAL Broken link: https://xpenv.com/cdn-cgi/content?id=6ONA1.qn1LItpSGExzVI... content

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING Referrer-Policy header is missing security

WARNING Unattributable: 425ms CPU time performance

WARNING 1 internal links have no anchor text seo

WARNING X-Frame-Options header is missing security

WARNING No favicon.ico at site root accessibility

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 296ms CPU time performance

WARNING No SPF record found security

WARNING <iframe> missing title attribute (src="") accessibility

WARNING https://xpenv.com/: 352ms CPU time performance

WARNING https://xpenv.com/assets/index-CgOUFYGR.js: 604ms CPU time performance

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING https://xpenv.com/assets/index-CgOUFYGR.js: 260 KB unused (64%) performance

WARNING No privacy policy link detected compliance

WARNING Bare server default 404 page accessibility

WARNING IPv6 DNS records exist but server is not reachable infrastructure

WARNING 10 of 11 links are healthy content

WARNING Login form does not contain a recognizable CSRF token security

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

CRITICAL Transfer efficiency: 41% sustainability

CRITICAL Content-Security-Policy header is missing security

CRITICAL No Content-Security-Policy header found security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Registrar lock is NOT enabled infrastructure

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING No accessibility statement detected compliance

WARNING Permissions-Policy header is missing security

WARNING DMARC policy is none — monitoring only security

WARNING No Permissions-Policy header security

+ referrer-policy strict-origin-when-cross-origin

+ x-frame-options DENY

+ x-robots-tag noindex, nofollow

+ x-ipfs-pop rainbow-rbx-247-80

− x-cf-ipfs-cache-status hit

− alt-svc h3=":443"; ma=86400

− last-modified Thu, 28 May 2026 02:38:56 GMT

access-control-allow-methods

GET → GET, HEAD, OPTIONS

cf-cache-status

EXPIRED → DYNAMIC

vary

Accept-Encoding → accept-encoding

x-ipfs-path

/ipns/xpenv.com/ → /ipfs/bafybeie3j2bamvvrdl6d67qjt7sd4cldbx2lf24qxli7rfxav4axm3cneq/index.html

strict-transport-security

max-age=15552000 → max-age=15552000; includeSubDomains

x-ipfs-roots

bafybeif6ith6wkvlu377yemxqdng6v2wwpt7plfmug3tw5bywxwzxhevji → bafybeie3j2bamvvrdl6d67qjt7sd4cldbx2lf24qxli7rfxav4axm3cneq,bafkreihkm56jp76r...

cache-control

max-age=86400 → public, max-age=29030400, immutable

8 headers unchanged

+ AngularJS JavaScript frameworks

+ Cloudflare Turnstile Security

− Open Graph Miscellaneous

− React JavaScript frameworks

− React Router JavaScript frameworks

− Bootstrap Framework

− HTTP/3 Miscellaneous

3 technologies unchanged

Looking ahead

+13 pts

B (84) Could reach A+ (97)

Security +21Accessibility +17SEO +15Compliance +10Sustainability +10Performance +8Content +4Infrastructure +4

Estimate — actual results may vary (34 issues to fix)

Website improvement report — Xpenv

May 28, 2026 → May 29, 2026

B B 87 → 84 -3 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$1,767 in development time

Investment remaining

$4,308 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	87 (B)	84 (B)	-3
Performance	94 (A)	92 (A)	-2
Security	85 (B)	79 (C)	-6
Accessibility	81 (B)	83 (B)	+2
SEO	97 (A+)	85 (B)	-12
Infrastructure	87 (B)	94 (A)	+7
Compliance	69 (D)	70 (C)	+1
Content	98 (A+)	76 (C)	-22
Sustainability	88 (B)	88 (B)	0

Resolved (22)

3 field(s) would benefit from inputmode attribute (Accessibility)
→ Improved usability for assistive technology users
Referrer-Policy header is missing (Security)
→ Reduced attack surface for visitors
Unattributable: 425ms CPU time (Performance)
→ Page loads faster for users
1 internal links have no anchor text (SEO)
→ Better search engine visibility
X-Frame-Options header is missing (Security)
→ Reduced attack surface for visitors
No favicon.ico at site root (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 296ms CPU time (Performance)
→ Page loads faster for users
No SPF record found (Security)
→ Reduced attack surface for visitors
No H1 heading found (Accessibility)
→ Improved usability for assistive technology users
<iframe> missing title attribute (src="") (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/: 352ms CPU time (Performance)
→ Page loads faster for users
https://xpenv.com/assets/index-CgOUFYGR.js: 604ms CPU time (Performance)
→ Page loads faster for users
Main HTML cached for 1440 minutes -- risks stale auth / SPA state (Performance)
→ Page loads faster for users
https://xpenv.com/assets/index-CgOUFYGR.js: 260 KB unused (64%) (Performance)
→ Page loads faster for users
No privacy policy link detected (Compliance)
→ Reduced regulatory exposure

…and 7 more resolved issue(s)

Recommended next steps (34)

Sprint 1
Soft 404: server returns HTTP 200 for non-existent pages (Accessibility)
Sprint 1
Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
Sprint 3
Page has only 47 words — nearly empty (SEO)
Sprint 1
Transfer efficiency: 41% (Sustainability)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 3
Thin content — only 47 words (SEO)
Sprint 1
No Open Graph meta tags found (Content)
Sprint 2
1 render-blocking <script src> tag(s) without async/defer (Performance)
Sprint 1
External script from challenges.cloudflare.com lacks integrity attribute (Security)
Sprint 1
No <nav> landmark found (Accessibility)
Sprint 1
Title is only 16 characters — consider expanding (SEO)
Sprint 1
Main HTML cached for 483840 minutes -- risks stale auth / SPA state (Performance)
Sprint 1
https://xpenv.com/assets/index-CgOUFYGR.js: 401ms CPU time (Performance)
Sprint 3
https://xpenv.com/assets/index-CgOUFYGR.js: 265 KB unused (64%) (Performance)

…and 19 more recommended item(s)

Browse & Analyze

Learn