Skip to content

Changes

https://xpenv.com
Compared to previous audit · 14 minutes ago View previous audit

Madrid, Spain New York, United Stated

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

18
New issues
13
Resolved
21
score changes
CategoryPreviousCurrentChange
CompositeB (88)B (85) -3.000
PerformanceA (94)A (94)
SecurityB (86)C (79) -7.000
AccessibilityB (80)B (84) +4.000
SEOA+ (97)B (85) -12.000
InfrastructureB (88)A (94) +6.000
ComplianceD (69)C (70) +1.000
ContentA+ (99)C (76) -23.000
SustainabilityB (88)B (88)
MetricPreviousCurrentChange
Performance 65007600 +1100
Accessibility 92009600 +400
Best Practices 73007300
SEO 1000010000
PWA 00
Desktop Performance 98009900 +100
Desktop Accessibility 1000010000
Desktop Best Practices 73007300
Desktop SEO 1000010000
FCP 3.34 s3.03 s -306 ms
LCP 4.61 s3.70 s -909 ms
TBT 431 ms337 ms -94 ms
CLS 0.0410.041
Desktop FCP 714 ms686 ms -27 ms
Desktop LCP 1.01 s766 ms -240 ms
Desktop TBT 44 ms18 ms -26 ms
Desktop CLS 0.0030.003
TTFB 152 ms146 ms -6 ms
DNS 9 ms33 ms +24 ms
TLS 9 ms22 ms +14 ms
Connect 2 ms16 ms +14 ms
Total 153 ms146 ms -6 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security
CRITICAL Page has only 47 words — nearly empty seo
WARNING No meta description tag found seo
WARNING No Open Graph meta tags found content
WARNING SRI adoption: 0/1 third-party resources protected (0%) security
WARNING No <nav> landmark found accessibility
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 283ms CPU time performance
WARNING Dead-end page — no outgoing internal links seo
WARNING 2 link(s) open in new tab without warning accessibility
WARNING No internal links found seo
WARNING Terms of Service not detected compliance
WARNING External script from challenges.cloudflare.com lacks integrity attribute security
WARNING https://xpenv.com/assets/index-CW5Uzupm.js: 420ms CPU time performance
WARNING https://xpenv.com/assets/index-CW5Uzupm.js: 260 KB unused (63%) performance
WARNING No canonical tag found seo
WARNING Title is only 16 characters — consider expanding seo
WARNING 1 render-blocking <script src> tag(s) without async/defer performance
WARNING Thin content — only 47 words seo
WARNING IPv6 DNS records exist but server is not reachable infrastructure
WARNING 8 link(s) open in new tab without warning accessibility
WARNING Heading level skipped: H1 → H3 (missing H2) accessibility
WARNING No favicon.ico at site root accessibility
WARNING 3 field(s) would benefit from inputmode attribute accessibility
WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 337ms CPU time performance
WARNING Login form does not contain a recognizable CSRF token security
WARNING <iframe> missing title attribute (src="") accessibility
WARNING 3 field(s) missing recommended autocomplete attribute accessibility
WARNING Unattributable: 342ms CPU time performance
WARNING https://xpenv.com/assets/index-CbiQIQhh.js: 641ms CPU time performance
WARNING https://xpenv.com/assets/index-CbiQIQhh.js: 260 KB unused (63%) performance
WARNING No privacy policy link detected compliance
CRITICAL No Content-Security-Policy header found security
CRITICAL Transfer efficiency: 42% sustainability
CRITICAL Content-Security-Policy header is missing security
WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance
WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security
WARNING Permissions-Policy header is missing security
WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security
WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility
WARNING Cross-Origin-Embedder-Policy header is missing security
WARNING No accessibility statement detected compliance
WARNING X-Frame-Options header is missing security
WARNING No Permissions-Policy header security
WARNING Cross-Origin-Opener-Policy header is missing security
WARNING Bare server default 404 page accessibility
WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance
WARNING Registrar lock is NOT enabled infrastructure
WARNING Referrer-Policy header is missing security

HTTP headers unchanged

18 headers unchanged

+ AngularJS JavaScript frameworks
+ Cloudflare Turnstile Security
Bootstrap Framework
React JavaScript frameworks
React Router JavaScript frameworks
Open Graph Miscellaneous
PWA Miscellaneous

4 technologies unchanged

Looking ahead

+12 pts
B (85) Could reach A+ (97)
Security +21SEO +15Accessibility +13Compliance +10Sustainability +10Performance +6Content +4Infrastructure +4

Estimate — actual results may vary (35 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 88 → 85 -3 pts

13

Resolved

18

New issues

17

Still remaining

Financial summary

Investment delivered

$1,525 in development time

Investment remaining

$4,317 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

MetricBeforeAfterChange
Overall score88 (B)85 (B)-3
Performance94 (A)94 (A)0
Security86 (B)79 (C)-7
Accessibility80 (B)84 (B)+4
SEO97 (A+)85 (B)-12
Infrastructure88 (B)94 (A)+6
Compliance69 (D)70 (C)+1
Content99 (A+)76 (C)-23
Sustainability88 (B)88 (B)0

Resolved (13)

  • IPv6 DNS records exist but server is not reachable (Infrastructure)

    → More reliable delivery

  • 8 link(s) open in new tab without warning (Accessibility)

    → Improved usability for assistive technology users

  • Heading level skipped: H1 → H3 (missing H2) (Accessibility)

    → Improved usability for assistive technology users

  • No favicon.ico at site root (Accessibility)

    → Improved usability for assistive technology users

  • 3 field(s) would benefit from inputmode attribute (Accessibility)

    → Improved usability for assistive technology users

  • https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 337ms CPU time (Performance)

    → Page loads faster for users

  • Login form does not contain a recognizable CSRF token (Security)

    → Reduced attack surface for visitors

  • <iframe> missing title attribute (src="") (Accessibility)

    → Improved usability for assistive technology users

  • 3 field(s) missing recommended autocomplete attribute (Accessibility)

    → Improved usability for assistive technology users

  • Unattributable: 342ms CPU time (Performance)

    → Page loads faster for users

  • https://xpenv.com/assets/index-CbiQIQhh.js: 641ms CPU time (Performance)

    → Page loads faster for users

  • https://xpenv.com/assets/index-CbiQIQhh.js: 260 KB unused (63%) (Performance)

    → Page loads faster for users

  • No privacy policy link detected (Compliance)

    → Reduced regulatory exposure

Recommended next steps (35)

  • Sprint 1

    Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)

  • Sprint 3

    Page has only 47 words — nearly empty (SEO)

  • Sprint 2

    No Content-Security-Policy header found (Security)

  • Sprint 1

    Transfer efficiency: 42% (Sustainability)

  • Sprint 2

    Content-Security-Policy header is missing (Security)

  • Sprint 1

    No meta description tag found (SEO)

  • Sprint 1

    No Open Graph meta tags found (Content)

  • Sprint 1

    SRI adoption: 0/1 third-party resources protected (0%) (Security)

  • Sprint 1

    No <nav> landmark found (Accessibility)

  • Sprint 1

    https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 283ms CPU time (Performance)

  • Sprint 1

    Dead-end page — no outgoing internal links (SEO)

  • Sprint 1

    2 link(s) open in new tab without warning (Accessibility)

  • Sprint 1

    No internal links found (SEO)

  • Sprint 1

    Terms of Service not detected (Compliance)

  • Sprint 1

    External script from challenges.cloudflare.com lacks integrity attribute (Security)

…and 20 more recommended item(s)

Send Feedback