Changes

https://xpenv.com

Compared to previous audit · 18 minutes ago View previous audit

Singapore, Singapore → Madrid, Spain

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (85)	B (87)	+2.000
Performance	A (94)	A+ (97)	+3.000
Security	C (79)	B (84)	+5.000
Accessibility	B (84)	B (81)	-3.000
SEO	B (85)	A (91)	+6.000
Infrastructure	A (94)	B (88)	-6.000
Compliance	C (70)	D (63)	-7.000
Content	C (76)	A+ (98)	+22.000
Sustainability	B (88)	A (95)	+7.000

Metric	Previous	Current	Change
Performance	7400	8800	+1400
Accessibility	9600	9500	-100
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9900	9000	-900
Desktop Accessibility	10000	9500	-500
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	3.03 s	1.21 s	-1.82 s
LCP	3.69 s	1.80 s	-1.89 s
TBT	395 ms	126 ms	-269 ms
CLS	0.041	0.000	-0.041
Desktop FCP	686 ms	329 ms	-357 ms
Desktop LCP	979 ms	450 ms	-529 ms
Desktop TBT	17 ms	0 ms	-17 ms
Desktop CLS	0.003	0.000	-0.003
TTFB †	116 ms	249 ms	+133 ms
DNS †	1 ms	5 ms	+4 ms
TLS †	22 ms	9 ms	-13 ms
Connect †	17 ms	1 ms	-16 ms
Total †	117 ms	250 ms	+133 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Page body has only 44 chars of text -- likely empty / placeholder security

CRITICAL No <main> landmark found accessibility

CRITICAL Page has only 6 words — nearly empty seo

WARNING Broken link: https://xpenv.com/assets/index-CW5Uzupm.js content

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 376ms CPU time performance

WARNING Thin content — only 6 words seo

WARNING No privacy policy link detected compliance

WARNING IPv6 DNS records exist but server is not reachable infrastructure

WARNING Privacy Policy not detected compliance

WARNING Broken link: https://xpenv.com/assets/index-DyJOIMUX.css content

WARNING No favicon.ico at site root accessibility

WARNING <iframe> missing title attribute (src="") accessibility

WARNING No headings found accessibility

WARNING 7 of 9 links are healthy content

CRITICAL Transfer efficiency: 42% sustainability

CRITICAL Page has only 47 words — nearly empty seo

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security

WARNING https://xpenv.com/assets/index-CW5Uzupm.js: 260 KB unused (63%) performance

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

WARNING No canonical tag found seo

WARNING Title is only 16 characters — consider expanding seo

WARNING No meta description tag found seo

WARNING No Open Graph meta tags found content

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 266ms CPU time performance

WARNING Thin content — only 47 words seo

WARNING Unattributable: 320ms CPU time performance

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING 2 link(s) open in new tab without warning accessibility

WARNING https://xpenv.com/assets/index-CW5Uzupm.js: 504ms CPU time performance

WARNING No internal links found seo

CRITICAL Content-Security-Policy header is missing security

CRITICAL No Content-Security-Policy header found security

WARNING X-Frame-Options header is missing security

WARNING Registrar lock is NOT enabled infrastructure

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING Permissions-Policy header is missing security

WARNING No Permissions-Policy header security

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING Dead-end page — no outgoing internal links seo

WARNING Referrer-Policy header is missing security

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING No <nav> landmark found accessibility

WARNING Bare server default 404 page accessibility

WARNING Terms of Service not detected compliance

WARNING No accessibility statement detected compliance

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Cross-Origin-Opener-Policy header is missing security

cf-cache-status

DYNAMIC → MISS

last-modified

Mon, 25 May 2026 04:37:27 GMT → Mon, 25 May 2026 04:37:28 GMT

16 headers unchanged

+ Open Graph Miscellaneous

− AngularJS JavaScript frameworks

− Cloudflare Turnstile Security

4 technologies unchanged

Looking ahead

+11 pts

B (87) Could reach A+ (98)

Accessibility +19Compliance +16Security +16SEO +9Infrastructure +8Performance +3Content +2

Estimate — actual results may vary (33 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 85 → 87 +2 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$2,683 in development time

Investment remaining

$3,725 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	85 (B)	87 (B)	+2
Performance	94 (A)	97 (A+)	+3
Security	79 (C)	84 (B)	+5
Accessibility	84 (B)	81 (B)	-3
SEO	85 (B)	91 (A)	+6
Infrastructure	94 (A)	88 (B)	-6
Compliance	70 (C)	63 (D)	-7
Content	76 (C)	98 (A+)	+22
Sustainability	88 (B)	95 (A)	+7

Resolved (16)

https://xpenv.com/assets/index-CW5Uzupm.js: 260 KB unused (63%) (Performance)
→ Page loads faster for users
SRI adoption: 0/1 third-party resources protected (0%) (Security)
→ Reduced attack surface for visitors
No canonical tag found (SEO)
→ Better search engine visibility
Transfer efficiency: 42% (Sustainability)
→ Lower carbon footprint per page view
Title is only 16 characters — consider expanding (SEO)
→ Better search engine visibility
No meta description tag found (SEO)
→ Better search engine visibility
No Open Graph meta tags found (Content)
→ Stronger social sharing and on-page quality
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 266ms CPU time (Performance)
→ Page loads faster for users
Page has only 47 words — nearly empty (SEO)
→ Better search engine visibility
Thin content — only 47 words (SEO)
→ Better search engine visibility
Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
→ Reduced attack surface for visitors
Unattributable: 320ms CPU time (Performance)
→ Page loads faster for users
External script from challenges.cloudflare.com lacks integrity attribute (Security)
→ Reduced attack surface for visitors
2 link(s) open in new tab without warning (Accessibility)
→ Improved usability for assistive technology users
https://xpenv.com/assets/index-CW5Uzupm.js: 504ms CPU time (Performance)
→ Page loads faster for users

…and 1 more resolved issue(s)

Recommended next steps (33)

Sprint 1
Page body has only 44 chars of text -- likely empty / placeholder (Security)
Sprint 1
No <main> landmark found (Accessibility)
Sprint 3
Page has only 6 words — nearly empty (SEO)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 1
Broken link: https://xpenv.com/assets/index-CW5Uzupm.js (Content)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 376ms CPU time (Performance)
Sprint 3
Thin content — only 6 words (SEO)
Sprint 2
No privacy policy link detected (Compliance)
Sprint 2
IPv6 DNS records exist but server is not reachable (Infrastructure)
Sprint 1
Privacy Policy not detected (Compliance)
Sprint 1
Broken link: https://xpenv.com/assets/index-DyJOIMUX.css (Content)
Sprint 1
No favicon.ico at site root (Accessibility)
Sprint 1
<iframe> missing title attribute (src="") (Accessibility)
Sprint 2
No headings found (Accessibility)

…and 18 more recommended item(s)

Browse & Analyze

Learn