Changes

https://akj.io

Compared to previous audit · 9 hours ago View previous audit

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (85)	B (86)	+1.000
Performance	A (93)	A (96)	+3.000
Security	B (85)	B (88)	+3.000
Accessibility	C (79)	C (78)	-1.000
SEO	B (86)	B (86)	—
Infrastructure	B (89)	B (89)	—
Compliance	D (63)	D (63)	—
Content	C (76)	C (76)	—
Sustainability	A (91)	A (95)	+4.000

Metric	Previous	Current	Change
Performance	9900	10000	+100
Accessibility	9600	9500	-100
Best Practices	10000	9600	-400
SEO	10000	10000	—
PWA	0	0	—
FCP	930 ms	788 ms	-142 ms
LCP	1.97 s	894 ms	-1.07 s
TBT	78 ms	31 ms	-47 ms
CLS	0.000	0.000	—
TTFB †	1.07 s	3.68 s	+2.61 s
DNS †	41 ms	31 ms	-10 ms
TLS †	52 ms	38 ms	-14 ms
Connect †	1 ms	1 ms	-0 ms
Total †	1.07 s	3.69 s	+2.62 s

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

WARNING DMARC policy is none — monitoring only security

WARNING Trackers detected but no privacy policy found compliance

WARNING X-Powered-By header reveals technology stack security

WARNING Third-party scripts: 149ms (53% of total) performance

WARNING Trackers detected but no cookie policy found compliance

WARNING 5 tap target(s) too small or too close to neighbors accessibility

CRITICAL 'unsafe-inline' found in script source security

CRITICAL 'unsafe-eval' found in script source security

WARNING Transfer efficiency: 72% sustainability

WARNING https://akj.io/_next/static/chunks/402-47bfdc5efea...: 361ms CPU time performance

WARNING https://akj.io/_next/static/chunks/402-47bfdc5efea...: 22 KB unused (37%) performance

WARNING https://akj.io/_next/static/chunks/470.146a4cc5d59...: 1200ms CPU time performance

WARNING No DMARC record found security

WARNING https://akj.io/_next/static/chunks/390-2daba5734f8...: 28 KB unused (75%) performance

WARNING https://akj.io/_next/static/chunks/643ad021-013c34...: 22 KB unused (35%) performance

WARNING Cross-Origin-Embedder-Policy header is missing security

CRITICAL Page has only 18 words — nearly empty seo

CRITICAL Page body has only 168 chars of text -- likely empty / placeholder security

WARNING Referrer-Policy: `origin-when-cross-origin` -- leaky -- origin sent cross-origin even on protocol downgrade security

WARNING 1 link(s) open in new tab without warning accessibility

WARNING Title is only 26 characters — consider expanding seo

WARNING No Open Graph meta tags found content

WARNING No internal links found seo

WARNING Thin content — only 18 words seo

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING Dead-end page — no outgoing internal links seo

WARNING No accessibility statement detected compliance

WARNING Permissions-Policy covers 3/10 high-risk features (30%) security

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING Privacy Policy not detected compliance

WARNING Referrer-Policy has a weak value security

WARNING SPF ends in ?all — provides no enforcement security

WARNING No canonical tag found seo

WARNING No privacy policy link detected compliance

WARNING Terms of Service not detected compliance

WARNING No <nav> landmark found accessibility

WARNING No headings found accessibility

WARNING Bare server default 404 page accessibility

WARNING No meta description tag found seo

WARNING HTTP→HTTPS redirect uses 302 instead of 301 infrastructure

+ cross-origin-embedder-policy credentialless

+ x-powered-by Next.js

+ link </_next/static/media/49d2f31d75dd11b6-s.p.woff2>; rel=preload; as="font"; cro...

− content-disposition inline

− x-nextjs-stale-time 300

− x-nextjs-prerender 1

− access-control-allow-origin *

− etag W/"f41b10d154703f4726cb550b777523ca"

x-vercel-id

cdg1::sdn6d-1778581451717-68ca11d37d51 → cdg1::iad1::nvvv2-1778615456665-64b91af503e1

cache-control

public, max-age=0, must-revalidate → private, no-cache, no-store, max-age=0, must-revalidate

content-security-policy

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v... → default-src 'self'; script-src 'self' 'nonce-MjYxZDJkMWMtMzQ3OS00ZmIzLThkOGIt...

x-vercel-cache

HIT → MISS

11 headers unchanged

+ React JavaScript frameworks

+ Webpack Miscellaneous

+ Next.js JavaScript frameworks

5 technologies unchanged

Looking ahead

+9 pts

B (86) Could reach A (95)

Compliance +17Accessibility +14SEO +14Security +12Content +4Infrastructure +4Performance +4

Estimate — actual results may vary (30 issues to fix)

Website improvement report — Akj

May 12, 2026 → May 12, 2026

B B 85 → 86 +1 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$3,800 in development time

Investment remaining

$4,133 to complete the remaining items

Ongoing risk

$13,125/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	85 (B)	86 (B)	+1
Performance	93 (A)	96 (A)	+3
Security	85 (B)	88 (B)	+3
Accessibility	79 (C)	78 (C)	-1
SEO	86 (B)	86 (B)	0
Infrastructure	89 (B)	89 (B)	0
Compliance	63 (D)	63 (D)	0
Content	76 (C)	76 (C)	0
Sustainability	91 (A)	95 (A)	+4

Resolved (10)

Transfer efficiency: 72% (Sustainability)
→ Lower carbon footprint per page view
'unsafe-inline' found in script source (Security)
→ Reduced attack surface for visitors
https://akj.io/_next/static/chunks/402-47bfdc5efea...: 361ms CPU time (Performance)
→ Page loads faster for users
https://akj.io/_next/static/chunks/402-47bfdc5efea...: 22 KB unused (37%) (Performance)
→ Page loads faster for users
https://akj.io/_next/static/chunks/470.146a4cc5d59...: 1200ms CPU time (Performance)
→ Page loads faster for users
'unsafe-eval' found in script source (Security)
→ Reduced attack surface for visitors
No DMARC record found (Security)
→ Reduced attack surface for visitors
https://akj.io/_next/static/chunks/390-2daba5734f8...: 28 KB unused (75%) (Performance)
→ Page loads faster for users
https://akj.io/_next/static/chunks/643ad021-013c34...: 22 KB unused (35%) (Performance)
→ Page loads faster for users
Cross-Origin-Embedder-Policy header is missing (Security)
→ Reduced attack surface for visitors

Recommended next steps (30)

Sprint 3
Page has only 18 words — nearly empty (SEO)
Sprint 1
Page body has only 168 chars of text -- likely empty / placeholder (Security)
Sprint 1
DMARC policy is none — monitoring only (Security)
Sprint 2
Trackers detected but no privacy policy found (Compliance)
Sprint 1
X-Powered-By header reveals technology stack (Security)
Sprint 3
Third-party scripts: 149ms (53% of total) (Performance)
Sprint 2
Trackers detected but no cookie policy found (Compliance)
Sprint 1
5 tap target(s) too small or too close to neighbors (Accessibility)
Sprint 1
Referrer-Policy: `origin-when-cross-origin` -- leaky -- origin sent cross-origin even on protocol downgrade (Security)
Sprint 1
1 link(s) open in new tab without warning (Accessibility)
Sprint 1
Title is only 26 characters — consider expanding (SEO)
Sprint 1
No Open Graph meta tags found (Content)
Sprint 1
No internal links found (SEO)
Sprint 3
Thin content — only 18 words (SEO)
Sprint 1
Skip navigation link is missing (WCAG 2.4.1) (Accessibility)

…and 15 more recommended item(s)

Browse & Analyze

Learn