Skip to content

Changes

https://www.cloudflare.com
Compared to previous audit · 5 weeks ago View previous audit

Madrid, Spain New York, United Stated

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

41
New issues
38
Resolved
28
score changes
CategoryPreviousCurrentChange
CompositeD (69)C (79) +10.000
PerformanceD (65)C (79) +14.000
SecurityD (65)B (80) +15.000
AccessibilityF (41)D (68) +27.000
SEOA (95)A (94) -1.000
InfrastructureB (87)A (94) +7.000
ComplianceB (83)D (63) -20.000
ContentC (77)C (74) -3.000
SustainabilityD (66)B (81) +15.000
MetricPreviousCurrentChange
Performance 26003400 +800
Accessibility 92009900 +700
Best Practices 77009200 +1500
SEO 85008500
PWA 00
Desktop Performance 48006900 +2100
Desktop Accessibility 80008700 +700
Desktop Best Practices 77009600 +1900
Desktop SEO 85008500
FCP 4.65 s4.04 s -616 ms
LCP 13.66 s18.12 s +4.46 s
TBT 12.77 s1.11 s -11.66 s
CLS 0.0380.070 +0.032
Desktop FCP 866 ms880 ms +14 ms
Desktop LCP 3.57 s4.45 s +874 ms
Desktop TBT 523 ms146 ms -377 ms
Desktop CLS 0.0180.007 -0.011
TTFB 234 ms343 ms +109 ms
DNS 5 ms36 ms +31 ms
TLS 7 ms20 ms +13 ms
Connect 1 ms16 ms +15 ms
Total 248 ms364 ms +117 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

Projected vs. Actual

Previous
D 69
Projected
A 90
Actual
C 79
Fell short of projection
38 issues resolved since last audit
68 issues remaining
Resolving remaining issues could reach A+

Estimate — actual results may vary

CRITICAL Cookie 'cf_willow_version_key' is missing the Secure flag security
CRITICAL Cookie '_cfms_willow' is missing the Secure flag security
CRITICAL 10 non-essential cookie(s) set without consent banner compliance
CRITICAL Broken link: https://www.cloudflare.com/plans/enterprise/demo/ content
WARNING Cookie 'cf_willow_version_key' is missing the HttpOnly flag security
WARNING https://www.cloudflare.com/_willow/index.sGmLo0nR....: 426ms CPU time performance
WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 7327ms CPU time performance
WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 66 KB unused (60%) performance
WARNING 0.91g CO2 — above the median website (0.60g) sustainability
WARNING Permissions-Policy covers 3/10 high-risk features (30%) security
WARNING 108 third-party resources (80% of weight) performance
WARNING Cookie 'cf_willow_version_key' has no SameSite attribute security
WARNING 156 HTTP requests — consider bundling or reducing performance
WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 334ms CPU time performance
WARNING security.txt: Missing required 'Expires' field (RFC 9116) security
WARNING No SPF record found security
WARNING https://www.cloudflare.com/go9u/: 86 KB unused (51%) performance
WARNING SRI adoption: 1/5 third-party resources protected (20%) security
WARNING Hreflang cluster missing self-reference compliance
WARNING 1 field(s) missing recommended autocomplete attribute accessibility
WARNING https://www.cloudflare.com/: 2781ms CPU time performance
WARNING 1 sitemap URL(s) blocked by robots.txt: https://www.cloudflare.com/lp/the-state-of-application-security/ seo
WARNING 196 of 200 links are healthy content
WARNING Cookie '_cfms_willow' has no SameSite attribute security
WARNING Images are 2.3 MB — compress or use modern formats performance
WARNING Unattributable: 1653ms CPU time performance
WARNING Page weighs 8.5 MB (3.9 MB transferred) performance
WARNING All 41 images use legacy formats (JPEG/PNG/GIF) content
WARNING 1455 inline style attribute(s) detected security
WARNING Third-party code accounts for 80% of page weight (3.1 MiB of 3.9 MiB) performance
WARNING Total JS execution time is 13.8 s -- over the 3.5s budget performance
WARNING Page weight 3.9 MB exceeds 1 MB target by 2.9 MB performance
WARNING 76 images missing explicit width/height content
WARNING 4 render-blocking stylesheet(s) -- recommended: <=3 performance
WARNING Registrar lock is NOT enabled infrastructure
WARNING 6 link(s) with generic text accessibility
WARNING JavaScript is 573 KB — consider code splitting or lazy loading performance
WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 41 KB unused (53%) performance
WARNING Broken link: https://www.cloudflare.com/de-de/ content
WARNING 14 images significantly larger than display size content
WARNING 16 link(s) open in a new tab without rel=noopener security
CRITICAL Cookie '_ga' is missing the Secure flag security
CRITICAL 3.19g CO2 per page view sustainability
CRITICAL 4 non-essential cookie(s) set without consent banner compliance
CRITICAL 4 image(s) missing alt attribute accessibility
CRITICAL Page weighs 22.4 MB (13.5 MB transferred) performance
WARNING JavaScript is 2.4 MB — consider code splitting or lazy loading performance
WARNING https://www.cloudflare.com/go9u/?id=DC-9309168&cx=...: 65 KB unused (48%) performance
WARNING External script from js.qualified.com lacks integrity attribute security
WARNING External script from static.ads-twitter.com lacks integrity attribute security
WARNING 1 heading(s) are over 120 characters -- likely a misformatted paragraph accessibility
WARNING 221 third-party resources (91% of weight) performance
WARNING 2 field(s) missing recommended autocomplete attribute accessibility
WARNING https://www.googletagmanager.com/gtm.js?id=GTM-NDG...: 100 KB unused (62%) performance
WARNING Third-party code accounts for 91% of page weight (12.3 MiB of 13.5 MiB) performance
WARNING https://js.qualified.com/qualified.js?token=37pXYr...: 267 KB unused (73%) performance
WARNING 279 HTTP requests — consider bundling or reducing performance
WARNING External script from cdn.bizible.com lacks integrity attribute security
WARNING Unattributable: 5183ms CPU time performance
WARNING https://js.qualified.com/qualified.js?token=37pXYr...: 962ms CPU time performance
WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 627ms CPU time performance
WARNING https://www.cloudflare.com/go9u/gtd?id=G-SQCRB0TXZ...: 70 KB unused (41%) performance
WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 72 KB unused (65%) performance
WARNING IPv6 DNS records exist but server is not reachable infrastructure
WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 119657ms CPU time performance
WARNING No meta description tag found seo
WARNING External script from munchkin.marketo.net lacks integrity attribute security
WARNING https://www.cloudflare.com/: 33082ms CPU time performance
WARNING External script from js.adsrvr.org lacks integrity attribute security
WARNING Images are 9.7 MB — compress or use modern formats performance
WARNING 198 of 200 links are healthy content
WARNING 3.19g CO2 — above the median website (0.60g) sustainability
WARNING Cookie '_ga' is missing the HttpOnly flag security
WARNING Cookie '_ga' has no SameSite attribute security
WARNING External script from snap.licdn.com lacks integrity attribute security
WARNING Page weight 13.5 MB exceeds 1 MB target by 12.5 MB performance
WARNING Cookie 'kndctr_8AD56F28618A50850A495FB6_AdobeOrg_identity' is missing the HttpOnly flag security
WARNING External script from tag.demandbase.com lacks integrity attribute security
WARNING 7 link(s) with generic text accessibility
CRITICAL 2 button(s) with no accessible text accessibility
CRITICAL No Content-Security-Policy header found security
CRITICAL 6 control(s) without accessible label accessibility
CRITICAL og:image is not reachable content
CRITICAL Content-Security-Policy header is missing security
WARNING https://www.cloudflare.com/cdn-cgi/image/format=au... is missing width/height — may cause layout shift performance
WARNING External script from ot.www.cloudflare.com lacks integrity attribute security
WARNING Heading level skipped: H2 → H6 (missing H3) accessibility
WARNING Cross-Origin-Embedder-Policy header is missing security
WARNING 2 field(s) would benefit from inputmode attribute accessibility
WARNING External script from challenges.cloudflare.com lacks integrity attribute security
WARNING Broken link: https://www.cloudflare.com/zh-hans-cn/ content
WARNING No DMARC record found security
WARNING Cross-Origin-Opener-Policy header is missing security
WARNING https://cf-assets.www.cloudflare.com/dzlvafdwdttg/... is missing width/height — may cause layout shift performance
WARNING External script from www.googletagmanager.com lacks integrity attribute security
WARNING Heading level skipped: H1 → H6 (missing H2) accessibility
WARNING No accessibility statement detected compliance
WARNING Cookie '_cfms_willow' is missing the HttpOnly flag security
WARNING Heading level skipped: H2 → H4 (missing H3) accessibility
WARNING 36 link(s) open in new tab without warning accessibility
WARNING GDPR Article 13 disclosure coverage: 1 / 8 categories compliance
WARNING 2 of 2 <nav> elements are unlabeled accessibility
WARNING Cookie '__cf_bm' has no SameSite attribute security
WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility
WARNING Heading level skipped: H3 → H6 (missing H4) accessibility
WARNING Heading level skipped: H2 → H5 (missing H3) accessibility
content-security-policy-report-only script-src 'unsafe-inline' 'unsafe-eval'; connect-src 'none'; report-uri http...
set-cookie
cf_willow_version_key=ef144f27-e07a-4a75-9083-c353e1838353; Path=/; SameSite=... cf_willow_version_key=409e3db5-3047-4621-af81-a9404b47a35a; Path=/; SameSite=...

11 headers unchanged

Sentry Issue trackers
dc.js JavaScript graphics
Priority Hints Performance
Dreamdata Marketing automation
Google Analytics Analytics
Marketo Marketing automation
theTradeDesk Advertising
Demandbase Analytics
Linkedin Insight Tag Analytics
Qualified Live chat
Twitter Ads Advertising

13 technologies unchanged

Looking ahead

+18 pts
C (79) Could reach A+ (97)
Accessibility +30Content +26Performance +21Security +20Compliance +18Infrastructure +4SEO +4Sustainability +4

Estimate — actual results may vary (68 issues to fix)

Website improvement report — Cloudflare

April 4, 2026 → May 10, 2026

D C 69 → 79 +10 pts

38

Resolved

41

New issues

27

Still remaining

Financial summary

Investment delivered

$8,375 in development time

Investment remaining

$9,900 to complete the remaining items

Ongoing risk

$1/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

MetricBeforeAfterChange
Overall score69 (D)79 (C)+10
Performance65 (D)79 (C)+14
Security65 (D)80 (B)+15
Accessibility41 (F)68 (D)+27
SEO95 (A)94 (A)-1
Infrastructure87 (B)94 (A)+7
Compliance83 (B)63 (D)-20
Content77 (C)74 (C)-3
Sustainability66 (D)81 (B)+15

Resolved (38)

  • Cookie '_ga' is missing the Secure flag (Security)

    → Reduced attack surface for visitors

  • JavaScript is 2.4 MB — consider code splitting or lazy loading (Performance)

    → Page loads faster for users

  • https://www.cloudflare.com/go9u/?id=DC-9309168&cx=...: 65 KB unused (48%) (Performance)

    → Page loads faster for users

  • External script from js.qualified.com lacks integrity attribute (Security)

    → Reduced attack surface for visitors

  • External script from static.ads-twitter.com lacks integrity attribute (Security)

    → Reduced attack surface for visitors

  • 1 heading(s) are over 120 characters -- likely a misformatted paragraph (Accessibility)

    → Improved usability for assistive technology users

  • 221 third-party resources (91% of weight) (Performance)

    → Page loads faster for users

  • 2 field(s) missing recommended autocomplete attribute (Accessibility)

    → Improved usability for assistive technology users

  • https://www.googletagmanager.com/gtm.js?id=GTM-NDG...: 100 KB unused (62%) (Performance)

    → Page loads faster for users

  • Third-party code accounts for 91% of page weight (12.3 MiB of 13.5 MiB) (Performance)

    → Page loads faster for users

  • https://js.qualified.com/qualified.js?token=37pXYr...: 267 KB unused (73%) (Performance)

    → Page loads faster for users

  • 279 HTTP requests — consider bundling or reducing (Performance)

    → Page loads faster for users

  • 3.19g CO2 per page view (Sustainability)

    → Lower carbon footprint per page view

  • External script from cdn.bizible.com lacks integrity attribute (Security)

    → Reduced attack surface for visitors

  • Unattributable: 5183ms CPU time (Performance)

    → Page loads faster for users

…and 23 more resolved issue(s)

Recommended next steps (68)

  • Sprint 1

    Cookie 'cf_willow_version_key' is missing the Secure flag (Security)

  • Sprint 1

    Cookie '_cfms_willow' is missing the Secure flag (Security)

  • Sprint 2

    10 non-essential cookie(s) set without consent banner (Compliance)

  • Sprint 1

    Broken link: https://www.cloudflare.com/plans/enterprise/demo/ (Content)

  • Sprint 1

    2 button(s) with no accessible text (Accessibility)

  • Sprint 2

    No Content-Security-Policy header found (Security)

  • Sprint 2

    6 control(s) without accessible label (Accessibility)

  • Sprint 1

    og:image is not reachable (Content)

  • Sprint 2

    Content-Security-Policy header is missing (Security)

  • Sprint 1

    Cookie 'cf_willow_version_key' is missing the HttpOnly flag (Security)

  • Sprint 1

    https://www.cloudflare.com/_willow/index.sGmLo0nR....: 426ms CPU time (Performance)

  • Sprint 1

    https://www.cloudflare.com/_willow/index.astro_ast...: 7327ms CPU time (Performance)

  • Sprint 3

    https://ot.www.cloudflare.com/ot/scripttemplates/2...: 66 KB unused (60%) (Performance)

  • Sprint 2

    0.91g CO2 — above the median website (0.60g) (Sustainability)

  • Sprint 1

    Permissions-Policy covers 3/10 high-risk features (30%) (Security)

…and 53 more recommended item(s)

Send Feedback