Changes

https://xpenv.com

Compared to previous audit · 14 minutes ago View previous audit

Singapore, Singapore → Sao Paulo, Brazil

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (88)	B (88)	—
Performance	A (94)	A (94)	—
Security	B (86)	B (86)	—
Accessibility	B (83)	B (82)	-1.000
SEO	A+ (97)	A+ (97)	—
Infrastructure	B (88)	B (88)	—
Compliance	D (69)	D (69)	—
Content	A+ (99)	A+ (99)	—
Sustainability	B (88)	B (88)	—

Metric	Previous	Current	Change
Performance	6500	7200	+700
Accessibility	9600	9600	—
Best Practices	7300	7300	—
SEO	10000	10000	—
PWA	0	0	—
Desktop Performance	9900	9800	-100
Desktop Accessibility	10000	10000	—
Desktop Best Practices	7300	7300	—
Desktop SEO	10000	10000	—
FCP	3.32 s	3.32 s	—
LCP	4.43 s	3.62 s	-810 ms
TBT	486 ms	442 ms	-44 ms
CLS	0.041	0.041	—
Desktop FCP	685 ms	745 ms	+60 ms
Desktop LCP	985 ms	1.04 s	+56 ms
Desktop TBT	60 ms	51 ms	-9 ms
Desktop CLS	0.003	0.003	—
TTFB †	36 ms	28 ms	-9 ms
DNS †	5 ms	5 ms	-0 ms
TLS †	9 ms	10 ms	+0 ms
Connect †	2 ms	2 ms	+0 ms
Total †	37 ms	28 ms	-9 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

CRITICAL Transfer efficiency: 41% sustainability

WARNING No favicon.ico at site root accessibility

WARNING Unattributable: 362ms CPU time performance

WARNING https://xpenv.com/assets/index-22d4mitO.js: 674ms CPU time performance

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 332ms CPU time performance

WARNING https://xpenv.com/: 263ms CPU time performance

CRITICAL Transfer efficiency: 40% sustainability

WARNING https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 428ms CPU time performance

WARNING Unattributable: 381ms CPU time performance

WARNING https://xpenv.com/: 297ms CPU time performance

WARNING https://xpenv.com/assets/index-22d4mitO.js: 760ms CPU time performance

CRITICAL No Content-Security-Policy header found security

CRITICAL Content-Security-Policy header is missing security

CRITICAL No H1 heading found accessibility

WARNING HSTS max-age is too short (15552000s, should be ≥ 31536000s) security

WARNING Permissions-Policy header not set -- features default to allow-on-same-origin security

WARNING Login form does not contain a recognizable CSRF token security

WARNING <iframe> missing title attribute (src="") accessibility

WARNING Main HTML cached for 1440 minutes -- risks stale auth / SPA state performance

WARNING X-Frame-Options header is missing security

WARNING Permissions-Policy header is missing security

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Bare server default 404 page accessibility

WARNING Registrar lock is NOT enabled infrastructure

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING 3 field(s) would benefit from inputmode attribute accessibility

WARNING No privacy policy link detected compliance

WARNING Referrer-Policy header is missing security

WARNING https://xpenv.com/assets/index-22d4mitO.js: 259 KB unused (64%) performance

WARNING No Permissions-Policy header security

WARNING 3 field(s) missing recommended autocomplete attribute accessibility

WARNING IPv6 DNS records exist but server is not reachable infrastructure

WARNING No accessibility statement detected compliance

WARNING Cross-Origin-Opener-Policy header is missing security

last-modified

Mon, 25 May 2026 21:05:22 GMT → Mon, 25 May 2026 21:05:47 GMT

17 headers unchanged

Technology stack unchanged

9 technologies unchanged

Looking ahead

+10 pts

B (88) Could reach A+ (98)

Accessibility +18Security +14Compliance +10Sustainability +10Infrastructure +8Performance +6

Estimate — actual results may vary (29 issues to fix)

Website improvement report — Xpenv

May 25, 2026 → May 25, 2026

B B 88 → 88 0 pts

Resolved

New issues

Still remaining

Financial summary

Investment remaining

€2,302 to complete the remaining items

Ongoing risk

€0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	88 (B)	88 (B)	0
Performance	94 (A)	94 (A)	0
Security	86 (B)	86 (B)	0
Accessibility	83 (B)	82 (B)	-1
SEO	97 (A+)	97 (A+)	0
Infrastructure	88 (B)	88 (B)	0
Compliance	69 (D)	69 (D)	0
Content	99 (A+)	99 (A+)	0
Sustainability	88 (B)	88 (B)	0

Resolved (5)

https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 428ms CPU time (Performance)
→ Page loads faster for users
Unattributable: 381ms CPU time (Performance)
→ Page loads faster for users
https://xpenv.com/: 297ms CPU time (Performance)
→ Page loads faster for users
Transfer efficiency: 40% (Sustainability)
→ Lower carbon footprint per page view
https://xpenv.com/assets/index-22d4mitO.js: 760ms CPU time (Performance)
→ Page loads faster for users

Recommended next steps (29)

Sprint 1
Transfer efficiency: 41% (Sustainability)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 1
No H1 heading found (Accessibility)
Sprint 1
No favicon.ico at site root (Accessibility)
Sprint 1
Unattributable: 362ms CPU time (Performance)
Sprint 1
https://xpenv.com/assets/index-22d4mitO.js: 674ms CPU time (Performance)
Sprint 1
https://xpenv.com/cdn-cgi/challenge-platform/scrip...: 332ms CPU time (Performance)
Sprint 1
https://xpenv.com/: 263ms CPU time (Performance)
Sprint 1
HSTS max-age is too short (15552000s, should be ≥ 31536000s) (Security)
Sprint 1
Permissions-Policy header not set -- features default to allow-on-same-origin (Security)
Sprint 1
Login form does not contain a recognizable CSRF token (Security)
Sprint 1
<iframe> missing title attribute (src="") (Accessibility)
Sprint 1
Main HTML cached for 1440 minutes -- risks stale auth / SPA state (Performance)
Sprint 1
X-Frame-Options header is missing (Security)

…and 14 more recommended item(s)

Browse & Analyze

Learn