Skip to content

Changes

https://www.cloudflare.com
Compared to previous audit · 5 weeks ago View previous audit

Madrid, Spain New York, United Stated

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

41
New issues
38
Resolved
28
score changes
CategoryPreviousCurrentChange
CompositeD (69)C (79) +10.000
PerformanceD (65)C (79) +14.000
SecurityD (65)B (80) +15.000
AccessibilityF (41)D (68) +27.000
SEOA (95)A (94) -1.000
InfrastructureB (87)A (94) +7.000
ComplianceB (83)D (63) -20.000
ContentC (77)C (74) -3.000
SustainabilityD (66)B (81) +15.000
MetricPreviousCurrentChange
Performance 26003400 +800
Accessibility 92009900 +700
Best Practices 77009200 +1500
SEO 85008500
PWA 00
Desktop Performance 48006900 +2100
Desktop Accessibility 80008700 +700
Desktop Best Practices 77009600 +1900
Desktop SEO 85008500
FCP 4.65 s4.04 s -616 ms
LCP 13.66 s18.12 s +4.46 s
TBT 12.77 s1.11 s -11.66 s
CLS 0.0380.070 +0.032
Desktop FCP 866 ms880 ms +14 ms
Desktop LCP 3.57 s4.45 s +874 ms
Desktop TBT 523 ms146 ms -377 ms
Desktop CLS 0.0180.007 -0.011
TTFB 234 ms343 ms +109 ms
DNS 5 ms36 ms +31 ms
TLS 7 ms20 ms +13 ms
Connect 1 ms16 ms +15 ms
Total 248 ms364 ms +117 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

Projected vs. Actual

Previous
D 69
Projected
A 90
Actual
C 79
Fell short of projection
38 issues resolved since last audit
68 issues remaining
Resolving remaining issues could reach A+

Estimate — actual results may vary

CRITICAL 10 non-essential cookie(s) set without consent banner compliance
CRITICAL Broken link: https://www.cloudflare.com/plans/enterprise/demo/ content
CRITICAL Cookie 'cf_willow_version_key' is missing the Secure flag security
CRITICAL Cookie '_cfms_willow' is missing the Secure flag security
WARNING Registrar lock is NOT enabled infrastructure
WARNING Total JS execution time is 13.8 s -- over the 3.5s budget performance
WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 334ms CPU time performance
WARNING Cookie 'cf_willow_version_key' is missing the HttpOnly flag security
WARNING 16 link(s) open in a new tab without rel=noopener security
WARNING No SPF record found security
WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 66 KB unused (60%) performance
WARNING Cookie 'cf_willow_version_key' has no SameSite attribute security
WARNING 196 of 200 links are healthy content
WARNING https://www.cloudflare.com/_willow/index.sGmLo0nR....: 426ms CPU time performance
WARNING 108 third-party resources (80% of weight) performance
WARNING Third-party code accounts for 80% of page weight (3.1 MiB of 3.9 MiB) performance
WARNING Unattributable: 1653ms CPU time performance
WARNING SRI adoption: 1/5 third-party resources protected (20%) security
WARNING 6 link(s) with generic text accessibility
WARNING 1 sitemap URL(s) blocked by robots.txt: https://www.cloudflare.com/lp/the-state-of-application-security/ seo
WARNING 14 images significantly larger than display size content
WARNING 76 images missing explicit width/height content
WARNING security.txt: Missing required 'Expires' field (RFC 9116) security
WARNING Page weighs 8.5 MB (3.9 MB transferred) performance
WARNING JavaScript is 573 KB — consider code splitting or lazy loading performance
WARNING All 41 images use legacy formats (JPEG/PNG/GIF) content
WARNING Images are 2.3 MB — compress or use modern formats performance
WARNING https://www.cloudflare.com/: 2781ms CPU time performance
WARNING https://www.cloudflare.com/go9u/: 86 KB unused (51%) performance
WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 41 KB unused (53%) performance
WARNING 1 field(s) missing recommended autocomplete attribute accessibility
WARNING Permissions-Policy covers 3/10 high-risk features (30%) security
WARNING Page weight 3.9 MB exceeds 1 MB target by 2.9 MB performance
WARNING Broken link: https://www.cloudflare.com/de-de/ content
WARNING Hreflang cluster missing self-reference compliance
WARNING 0.91g CO2 — above the median website (0.60g) sustainability
WARNING 156 HTTP requests — consider bundling or reducing performance
WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 7327ms CPU time performance
WARNING 4 render-blocking stylesheet(s) -- recommended: <=3 performance
WARNING 1455 inline style attribute(s) detected security
WARNING Cookie '_cfms_willow' has no SameSite attribute security
CRITICAL Page weighs 22.4 MB (13.5 MB transferred) performance
CRITICAL 3.19g CO2 per page view sustainability
CRITICAL Cookie '_ga' is missing the Secure flag security
CRITICAL 4 non-essential cookie(s) set without consent banner compliance
CRITICAL 4 image(s) missing alt attribute accessibility
WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 72 KB unused (65%) performance
WARNING External script from munchkin.marketo.net lacks integrity attribute security
WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 119657ms CPU time performance
WARNING https://www.googletagmanager.com/gtm.js?id=GTM-NDG...: 100 KB unused (62%) performance
WARNING Cookie '_ga' is missing the HttpOnly flag security
WARNING External script from static.ads-twitter.com lacks integrity attribute security
WARNING Images are 9.7 MB — compress or use modern formats performance
WARNING IPv6 DNS records exist but server is not reachable infrastructure
WARNING 279 HTTP requests — consider bundling or reducing performance
WARNING https://js.qualified.com/qualified.js?token=37pXYr...: 962ms CPU time performance
WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 627ms CPU time performance
WARNING Page weight 13.5 MB exceeds 1 MB target by 12.5 MB performance
WARNING 221 third-party resources (91% of weight) performance
WARNING Unattributable: 5183ms CPU time performance
WARNING External script from snap.licdn.com lacks integrity attribute security
WARNING External script from js.adsrvr.org lacks integrity attribute security
WARNING External script from js.qualified.com lacks integrity attribute security
WARNING 1 heading(s) are over 120 characters -- likely a misformatted paragraph accessibility
WARNING Third-party code accounts for 91% of page weight (12.3 MiB of 13.5 MiB) performance
WARNING https://www.cloudflare.com/go9u/gtd?id=G-SQCRB0TXZ...: 70 KB unused (41%) performance
WARNING https://js.qualified.com/qualified.js?token=37pXYr...: 267 KB unused (73%) performance
WARNING 198 of 200 links are healthy content
WARNING https://www.cloudflare.com/: 33082ms CPU time performance
WARNING External script from tag.demandbase.com lacks integrity attribute security
WARNING JavaScript is 2.4 MB — consider code splitting or lazy loading performance
WARNING Cookie '_ga' has no SameSite attribute security
WARNING External script from cdn.bizible.com lacks integrity attribute security
WARNING 7 link(s) with generic text accessibility
WARNING No meta description tag found seo
WARNING 3.19g CO2 — above the median website (0.60g) sustainability
WARNING 2 field(s) missing recommended autocomplete attribute accessibility
WARNING https://www.cloudflare.com/go9u/?id=DC-9309168&cx=...: 65 KB unused (48%) performance
WARNING Cookie 'kndctr_8AD56F28618A50850A495FB6_AdobeOrg_identity' is missing the HttpOnly flag security
CRITICAL Content-Security-Policy header is missing security
CRITICAL No Content-Security-Policy header found security
CRITICAL 2 button(s) with no accessible text accessibility
CRITICAL 6 control(s) without accessible label accessibility
CRITICAL og:image is not reachable content
WARNING Cookie '__cf_bm' has no SameSite attribute security
WARNING External script from www.googletagmanager.com lacks integrity attribute security
WARNING External script from challenges.cloudflare.com lacks integrity attribute security
WARNING No DMARC record found security
WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility
WARNING 36 link(s) open in new tab without warning accessibility
WARNING Heading level skipped: H2 → H6 (missing H3) accessibility
WARNING Heading level skipped: H3 → H6 (missing H4) accessibility
WARNING https://www.cloudflare.com/cdn-cgi/image/format=au... is missing width/height — may cause layout shift performance
WARNING External script from ot.www.cloudflare.com lacks integrity attribute security
WARNING No accessibility statement detected compliance
WARNING Cross-Origin-Embedder-Policy header is missing security
WARNING https://cf-assets.www.cloudflare.com/dzlvafdwdttg/... is missing width/height — may cause layout shift performance
WARNING GDPR Article 13 disclosure coverage: 1 / 8 categories compliance
WARNING Heading level skipped: H2 → H5 (missing H3) accessibility
WARNING Cookie '_cfms_willow' is missing the HttpOnly flag security
WARNING Heading level skipped: H1 → H6 (missing H2) accessibility
WARNING Heading level skipped: H2 → H4 (missing H3) accessibility
WARNING Broken link: https://www.cloudflare.com/zh-hans-cn/ content
WARNING Cross-Origin-Opener-Policy header is missing security
WARNING 2 of 2 <nav> elements are unlabeled accessibility
WARNING 2 field(s) would benefit from inputmode attribute accessibility
content-security-policy-report-only script-src 'unsafe-inline' 'unsafe-eval'; connect-src 'none'; report-uri http...
set-cookie
cf_willow_version_key=ef144f27-e07a-4a75-9083-c353e1838353; Path=/; SameSite=... cf_willow_version_key=409e3db5-3047-4621-af81-a9404b47a35a; Path=/; SameSite=...

11 headers unchanged

Google Analytics Analytics
theTradeDesk Advertising
Dreamdata Marketing automation
Qualified Live chat
Demandbase Analytics
Linkedin Insight Tag Analytics
Marketo Marketing automation
Priority Hints Performance
Sentry Issue trackers
dc.js JavaScript graphics
Twitter Ads Advertising

13 technologies unchanged

Looking ahead

+18 pts
C (79) Could reach A+ (97)
Accessibility +30Content +26Performance +21Security +20Compliance +18Infrastructure +4SEO +4Sustainability +4

Estimate — actual results may vary (68 issues to fix)

Website improvement report — Cloudflare

April 4, 2026 → May 10, 2026

D C 69 → 79 +10 pts

38

Resolved

41

New issues

27

Still remaining

Financial summary

Investment delivered

$8,375 in development time

Investment remaining

$9,900 to complete the remaining items

Ongoing risk

$1/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

MetricBeforeAfterChange
Overall score69 (D)79 (C)+10
Performance65 (D)79 (C)+14
Security65 (D)80 (B)+15
Accessibility41 (F)68 (D)+27
SEO95 (A)94 (A)-1
Infrastructure87 (B)94 (A)+7
Compliance83 (B)63 (D)-20
Content77 (C)74 (C)-3
Sustainability66 (D)81 (B)+15

Resolved (38)

  • https://ot.www.cloudflare.com/ot/scripttemplates/2...: 72 KB unused (65%) (Performance)

    → Page loads faster for users

  • External script from munchkin.marketo.net lacks integrity attribute (Security)

    → Reduced attack surface for visitors

  • https://www.cloudflare.com/_willow/index.astro_ast...: 119657ms CPU time (Performance)

    → Page loads faster for users

  • https://www.googletagmanager.com/gtm.js?id=GTM-NDG...: 100 KB unused (62%) (Performance)

    → Page loads faster for users

  • Cookie '_ga' is missing the HttpOnly flag (Security)

    → Reduced attack surface for visitors

  • External script from static.ads-twitter.com lacks integrity attribute (Security)

    → Reduced attack surface for visitors

  • Page weighs 22.4 MB (13.5 MB transferred) (Performance)

    → Page loads faster for users

  • Images are 9.7 MB — compress or use modern formats (Performance)

    → Page loads faster for users

  • IPv6 DNS records exist but server is not reachable (Infrastructure)

    → More reliable delivery

  • 3.19g CO2 per page view (Sustainability)

    → Lower carbon footprint per page view

  • 279 HTTP requests — consider bundling or reducing (Performance)

    → Page loads faster for users

  • https://js.qualified.com/qualified.js?token=37pXYr...: 962ms CPU time (Performance)

    → Page loads faster for users

  • https://ot.www.cloudflare.com/ot/scripttemplates/2...: 627ms CPU time (Performance)

    → Page loads faster for users

  • Page weight 13.5 MB exceeds 1 MB target by 12.5 MB (Performance)

    → Page loads faster for users

  • 221 third-party resources (91% of weight) (Performance)

    → Page loads faster for users

…and 23 more resolved issue(s)

Recommended next steps (68)

  • Sprint 2

    10 non-essential cookie(s) set without consent banner (Compliance)

  • Sprint 1

    Broken link: https://www.cloudflare.com/plans/enterprise/demo/ (Content)

  • Sprint 1

    Cookie 'cf_willow_version_key' is missing the Secure flag (Security)

  • Sprint 1

    Cookie '_cfms_willow' is missing the Secure flag (Security)

  • Sprint 2

    Content-Security-Policy header is missing (Security)

  • Sprint 2

    No Content-Security-Policy header found (Security)

  • Sprint 1

    2 button(s) with no accessible text (Accessibility)

  • Sprint 2

    6 control(s) without accessible label (Accessibility)

  • Sprint 1

    og:image is not reachable (Content)

  • Sprint 1

    Registrar lock is NOT enabled (Infrastructure)

  • Sprint 2

    Total JS execution time is 13.8 s -- over the 3.5s budget (Performance)

  • Sprint 1

    https://ot.www.cloudflare.com/ot/scripttemplates/2...: 334ms CPU time (Performance)

  • Sprint 1

    Cookie 'cf_willow_version_key' is missing the HttpOnly flag (Security)

  • Sprint 1

    16 link(s) open in a new tab without rel=noopener (Security)

  • Sprint 1

    No SPF record found (Security)

…and 53 more recommended item(s)

Send Feedback