Changes

https://www.cloudflare.com

Compared to previous audit · 5 weeks ago View previous audit

Madrid, Spain → New York, United Stated

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	D (69)	C (79)	+10.000
Performance	D (65)	C (79)	+14.000
Security	D (65)	B (80)	+15.000
Accessibility	F (41)	D (68)	+27.000
SEO	A (95)	A (94)	-1.000
Infrastructure	B (87)	A (94)	+7.000
Compliance	B (83)	D (63)	-20.000
Content	C (77)	C (74)	-3.000
Sustainability	D (66)	B (81)	+15.000

Metric	Previous	Current	Change
Performance	2600	3400	+800
Accessibility	9200	9900	+700
Best Practices	7700	9200	+1500
SEO	8500	8500	—
PWA	0	0	—
Desktop Performance	4800	6900	+2100
Desktop Accessibility	8000	8700	+700
Desktop Best Practices	7700	9600	+1900
Desktop SEO	8500	8500	—
FCP	4.65 s	4.04 s	-616 ms
LCP	13.66 s	18.12 s	+4.46 s
TBT	12.77 s	1.11 s	-11.66 s
CLS	0.038	0.070	+0.032
Desktop FCP	866 ms	880 ms	+14 ms
Desktop LCP	3.57 s	4.45 s	+874 ms
Desktop TBT	523 ms	146 ms	-377 ms
Desktop CLS	0.018	0.007	-0.011
TTFB †	234 ms	343 ms	+109 ms
DNS †	5 ms	36 ms	+31 ms
TLS †	7 ms	20 ms	+13 ms
Connect †	1 ms	16 ms	+15 ms
Total †	248 ms	364 ms	+117 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

Projected vs. Actual

Projected

Actual

Fell short of projection

38 issues resolved since last audit

68 issues remaining

Resolving remaining issues could reach A+

Estimate — actual results may vary

CRITICAL Cookie 'cf_willow_version_key' is missing the Secure flag security

CRITICAL 10 non-essential cookie(s) set without consent banner compliance

CRITICAL Cookie '_cfms_willow' is missing the Secure flag security

CRITICAL Broken link: https://www.cloudflare.com/plans/enterprise/demo/ content

WARNING Cookie 'cf_willow_version_key' has no SameSite attribute security

WARNING SRI adoption: 1/5 third-party resources protected (20%) security

WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 66 KB unused (60%) performance

WARNING Page weighs 8.5 MB (3.9 MB transferred) performance

WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 41 KB unused (53%) performance

WARNING 1 sitemap URL(s) blocked by robots.txt: https://www.cloudflare.com/lp/the-state-of-application-security/ seo

WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 7327ms CPU time performance

WARNING https://www.cloudflare.com/_willow/index.sGmLo0nR....: 426ms CPU time performance

WARNING 4 render-blocking stylesheet(s) -- recommended: <=3 performance

WARNING security.txt: Missing required 'Expires' field (RFC 9116) security

WARNING 1455 inline style attribute(s) detected security

WARNING JavaScript is 573 KB — consider code splitting or lazy loading performance

WARNING Total JS execution time is 13.8 s -- over the 3.5s budget performance

WARNING Cookie '_cfms_willow' has no SameSite attribute security

WARNING 156 HTTP requests — consider bundling or reducing performance

WARNING 14 images significantly larger than display size content

WARNING https://www.cloudflare.com/: 2781ms CPU time performance

WARNING 108 third-party resources (80% of weight) performance

WARNING Registrar lock is NOT enabled infrastructure

WARNING Broken link: https://www.cloudflare.com/de-de/ content

WARNING No SPF record found security

WARNING 196 of 200 links are healthy content

WARNING 0.91g CO2 — above the median website (0.60g) sustainability

WARNING Permissions-Policy covers 3/10 high-risk features (30%) security

WARNING Images are 2.3 MB — compress or use modern formats performance

WARNING https://www.cloudflare.com/go9u/: 86 KB unused (51%) performance

WARNING Cookie 'cf_willow_version_key' is missing the HttpOnly flag security

WARNING Unattributable: 1653ms CPU time performance

WARNING 16 link(s) open in a new tab without rel=noopener security

WARNING Third-party code accounts for 80% of page weight (3.1 MiB of 3.9 MiB) performance

WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 334ms CPU time performance

WARNING Hreflang cluster missing self-reference compliance

WARNING All 41 images use legacy formats (JPEG/PNG/GIF) content

WARNING 6 link(s) with generic text accessibility

WARNING 1 field(s) missing recommended autocomplete attribute accessibility

WARNING Page weight 3.9 MB exceeds 1 MB target by 2.9 MB performance

WARNING 76 images missing explicit width/height content

CRITICAL 4 image(s) missing alt attribute accessibility

CRITICAL 3.19g CO2 per page view sustainability

CRITICAL Cookie '_ga' is missing the Secure flag security

CRITICAL Page weighs 22.4 MB (13.5 MB transferred) performance

CRITICAL 4 non-essential cookie(s) set without consent banner compliance

WARNING Unattributable: 5183ms CPU time performance

WARNING Cookie 'kndctr_8AD56F28618A50850A495FB6_AdobeOrg_identity' is missing the HttpOnly flag security

WARNING No meta description tag found seo

WARNING Cookie '_ga' is missing the HttpOnly flag security

WARNING External script from static.ads-twitter.com lacks integrity attribute security

WARNING External script from js.adsrvr.org lacks integrity attribute security

WARNING Images are 9.7 MB — compress or use modern formats performance

WARNING 2 field(s) missing recommended autocomplete attribute accessibility

WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 72 KB unused (65%) performance

WARNING JavaScript is 2.4 MB — consider code splitting or lazy loading performance

WARNING https://www.cloudflare.com/: 33082ms CPU time performance

WARNING 279 HTTP requests — consider bundling or reducing performance

WARNING External script from munchkin.marketo.net lacks integrity attribute security

WARNING 1 heading(s) are over 120 characters -- likely a misformatted paragraph accessibility

WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 119657ms CPU time performance

WARNING https://js.qualified.com/qualified.js?token=37pXYr...: 267 KB unused (73%) performance

WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 627ms CPU time performance

WARNING IPv6 DNS records exist but server is not reachable infrastructure

WARNING 198 of 200 links are healthy content

WARNING 221 third-party resources (91% of weight) performance

WARNING External script from snap.licdn.com lacks integrity attribute security

WARNING 7 link(s) with generic text accessibility

WARNING https://js.qualified.com/qualified.js?token=37pXYr...: 962ms CPU time performance

WARNING Page weight 13.5 MB exceeds 1 MB target by 12.5 MB performance

WARNING https://www.cloudflare.com/go9u/gtd?id=G-SQCRB0TXZ...: 70 KB unused (41%) performance

WARNING Cookie '_ga' has no SameSite attribute security

WARNING External script from js.qualified.com lacks integrity attribute security

WARNING Third-party code accounts for 91% of page weight (12.3 MiB of 13.5 MiB) performance

WARNING External script from tag.demandbase.com lacks integrity attribute security

WARNING https://www.cloudflare.com/go9u/?id=DC-9309168&cx=...: 65 KB unused (48%) performance

WARNING External script from cdn.bizible.com lacks integrity attribute security

WARNING https://www.googletagmanager.com/gtm.js?id=GTM-NDG...: 100 KB unused (62%) performance

WARNING 3.19g CO2 — above the median website (0.60g) sustainability

CRITICAL No Content-Security-Policy header found security

CRITICAL Content-Security-Policy header is missing security

CRITICAL 6 control(s) without accessible label accessibility

CRITICAL og:image is not reachable content

CRITICAL 2 button(s) with no accessible text accessibility

WARNING Cookie '__cf_bm' has no SameSite attribute security

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING Heading level skipped: H3 → H6 (missing H4) accessibility

WARNING Heading level skipped: H1 → H6 (missing H2) accessibility

WARNING 2 of 2 <nav> elements are unlabeled accessibility

WARNING Heading level skipped: H2 → H6 (missing H3) accessibility

WARNING GDPR Article 13 disclosure coverage: 1 / 8 categories compliance

WARNING Heading level skipped: H2 → H5 (missing H3) accessibility

WARNING https://www.cloudflare.com/cdn-cgi/image/format=au... is missing width/height — may cause layout shift performance

WARNING No accessibility statement detected compliance

WARNING External script from www.googletagmanager.com lacks integrity attribute security

WARNING External script from ot.www.cloudflare.com lacks integrity attribute security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING 2 field(s) would benefit from inputmode attribute accessibility

WARNING 36 link(s) open in new tab without warning accessibility

WARNING Cookie '_cfms_willow' is missing the HttpOnly flag security

WARNING https://cf-assets.www.cloudflare.com/dzlvafdwdttg/... is missing width/height — may cause layout shift performance

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING Broken link: https://www.cloudflare.com/zh-hans-cn/ content

WARNING No DMARC record found security

WARNING Heading level skipped: H2 → H4 (missing H3) accessibility

− content-security-policy-report-only script-src 'unsafe-inline' 'unsafe-eval'; connect-src 'none'; report-uri http...

set-cookie

cf_willow_version_key=ef144f27-e07a-4a75-9083-c353e1838353; Path=/; SameSite=... → cf_willow_version_key=409e3db5-3047-4621-af81-a9404b47a35a; Path=/; SameSite=...

11 headers unchanged

− Dreamdata Marketing automation

− Google Analytics Analytics

− Linkedin Insight Tag Analytics

− Qualified Live chat

− Sentry Issue trackers

− Marketo Marketing automation

− Twitter Ads Advertising

− theTradeDesk Advertising

− Demandbase Analytics

− dc.js JavaScript graphics

− Priority Hints Performance

13 technologies unchanged

Looking ahead

+18 pts

C (79) Could reach A+ (97)

Accessibility +30Content +26Performance +21Security +20Compliance +18Infrastructure +4SEO +4Sustainability +4

Estimate — actual results may vary (68 issues to fix)

Website improvement report — Cloudflare

April 4, 2026 → May 10, 2026

D C 69 → 79 +10 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$8,375 in development time

Investment remaining

$9,900 to complete the remaining items

Ongoing risk

$13,126/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	69 (D)	79 (C)	+10
Performance	65 (D)	79 (C)	+14
Security	65 (D)	80 (B)	+15
Accessibility	41 (F)	68 (D)	+27
SEO	95 (A)	94 (A)	-1
Infrastructure	87 (B)	94 (A)	+7
Compliance	83 (B)	63 (D)	-20
Content	77 (C)	74 (C)	-3
Sustainability	66 (D)	81 (B)	+15

Resolved (38)

4 image(s) missing alt attribute (Accessibility)
→ Improved usability for assistive technology users
Unattributable: 5183ms CPU time (Performance)
→ Page loads faster for users
Cookie 'kndctr_8AD56F28618A50850A495FB6_AdobeOrg_identity' is missing the HttpOnly flag (Security)
→ Reduced attack surface for visitors
3.19g CO2 per page view (Sustainability)
→ Lower carbon footprint per page view
No meta description tag found (SEO)
→ Better search engine visibility
Cookie '_ga' is missing the HttpOnly flag (Security)
→ Reduced attack surface for visitors
External script from static.ads-twitter.com lacks integrity attribute (Security)
→ Reduced attack surface for visitors
External script from js.adsrvr.org lacks integrity attribute (Security)
→ Reduced attack surface for visitors
Images are 9.7 MB — compress or use modern formats (Performance)
→ Page loads faster for users
2 field(s) missing recommended autocomplete attribute (Accessibility)
→ Improved usability for assistive technology users
https://ot.www.cloudflare.com/ot/scripttemplates/2...: 72 KB unused (65%) (Performance)
→ Page loads faster for users
Cookie '_ga' is missing the Secure flag (Security)
→ Reduced attack surface for visitors
Page weighs 22.4 MB (13.5 MB transferred) (Performance)
→ Page loads faster for users
JavaScript is 2.4 MB — consider code splitting or lazy loading (Performance)
→ Page loads faster for users
https://www.cloudflare.com/: 33082ms CPU time (Performance)
→ Page loads faster for users

…and 23 more resolved issue(s)

Recommended next steps (68)

Sprint 1
Cookie 'cf_willow_version_key' is missing the Secure flag (Security)
Sprint 2
10 non-essential cookie(s) set without consent banner (Compliance)
Sprint 1
Cookie '_cfms_willow' is missing the Secure flag (Security)
Sprint 1
Broken link: https://www.cloudflare.com/plans/enterprise/demo/ (Content)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 2
6 control(s) without accessible label (Accessibility)
Sprint 1
og:image is not reachable (Content)
Sprint 1
2 button(s) with no accessible text (Accessibility)
Sprint 1
Cookie 'cf_willow_version_key' has no SameSite attribute (Security)
Sprint 1
SRI adoption: 1/5 third-party resources protected (20%) (Security)
Sprint 3
https://ot.www.cloudflare.com/ot/scripttemplates/2...: 66 KB unused (60%) (Performance)
Sprint 1
Page weighs 8.5 MB (3.9 MB transferred) (Performance)
Sprint 3
https://www.cloudflare.com/_willow/index.astro_ast...: 41 KB unused (53%) (Performance)
Sprint 1
1 sitemap URL(s) blocked by robots.txt: https://www.cloudflare.com/lp/the-state-of-application-security/ (SEO)

…and 53 more recommended item(s)

Browse & Analyze

Learn