Changes

https://www.cloudflare.com

Compared to previous audit · 5 weeks ago View previous audit

Madrid, Spain → New York, United Stated

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	D (69)	C (79)	+10.000
Performance	D (65)	C (79)	+14.000
Security	D (65)	B (80)	+15.000
Accessibility	F (41)	D (68)	+27.000
SEO	A (95)	A (94)	-1.000
Infrastructure	B (87)	A (94)	+7.000
Compliance	B (83)	D (63)	-20.000
Content	C (77)	C (74)	-3.000
Sustainability	D (66)	B (81)	+15.000

Metric	Previous	Current	Change
Performance	2600	3400	+800
Accessibility	9200	9900	+700
Best Practices	7700	9200	+1500
SEO	8500	8500	—
PWA	0	0	—
Desktop Performance	4800	6900	+2100
Desktop Accessibility	8000	8700	+700
Desktop Best Practices	7700	9600	+1900
Desktop SEO	8500	8500	—
FCP	4.65 s	4.04 s	-616 ms
LCP	13.66 s	18.12 s	+4.46 s
TBT	12.77 s	1.11 s	-11.66 s
CLS	0.038	0.070	+0.032
Desktop FCP	866 ms	880 ms	+14 ms
Desktop LCP	3.57 s	4.45 s	+874 ms
Desktop TBT	523 ms	146 ms	-377 ms
Desktop CLS	0.018	0.007	-0.011
TTFB †	234 ms	343 ms	+109 ms
DNS †	5 ms	36 ms	+31 ms
TLS †	7 ms	20 ms	+13 ms
Connect †	1 ms	16 ms	+15 ms
Total †	248 ms	364 ms	+117 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

Projected vs. Actual

Projected

Actual

Fell short of projection

38 issues resolved since last audit

68 issues remaining

Resolving remaining issues could reach A+

Estimate — actual results may vary

CRITICAL Broken link: https://www.cloudflare.com/plans/enterprise/demo/ content

CRITICAL 10 non-essential cookie(s) set without consent banner compliance

CRITICAL Cookie '_cfms_willow' is missing the Secure flag security

CRITICAL Cookie 'cf_willow_version_key' is missing the Secure flag security

WARNING Hreflang cluster missing self-reference compliance

WARNING 0.91g CO2 — above the median website (0.60g) sustainability

WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 7327ms CPU time performance

WARNING Unattributable: 1653ms CPU time performance

WARNING 76 images missing explicit width/height content

WARNING No SPF record found security

WARNING Total JS execution time is 13.8 s -- over the 3.5s budget performance

WARNING Page weighs 8.5 MB (3.9 MB transferred) performance

WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 334ms CPU time performance

WARNING 4 render-blocking stylesheet(s) -- recommended: <=3 performance

WARNING SRI adoption: 1/5 third-party resources protected (20%) security

WARNING 6 link(s) with generic text accessibility

WARNING https://www.cloudflare.com/_willow/index.sGmLo0nR....: 426ms CPU time performance

WARNING 196 of 200 links are healthy content

WARNING security.txt: Missing required 'Expires' field (RFC 9116) security

WARNING 1 sitemap URL(s) blocked by robots.txt: https://www.cloudflare.com/lp/the-state-of-application-security/ seo

WARNING 156 HTTP requests — consider bundling or reducing performance

WARNING 108 third-party resources (80% of weight) performance

WARNING All 41 images use legacy formats (JPEG/PNG/GIF) content

WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 41 KB unused (53%) performance

WARNING Broken link: https://www.cloudflare.com/de-de/ content

WARNING Cookie 'cf_willow_version_key' has no SameSite attribute security

WARNING https://www.cloudflare.com/go9u/: 86 KB unused (51%) performance

WARNING Cookie 'cf_willow_version_key' is missing the HttpOnly flag security

WARNING Permissions-Policy covers 3/10 high-risk features (30%) security

WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 66 KB unused (60%) performance

WARNING 1 field(s) missing recommended autocomplete attribute accessibility

WARNING https://www.cloudflare.com/: 2781ms CPU time performance

WARNING 14 images significantly larger than display size content

WARNING Cookie '_cfms_willow' has no SameSite attribute security

WARNING Images are 2.3 MB — compress or use modern formats performance

WARNING Third-party code accounts for 80% of page weight (3.1 MiB of 3.9 MiB) performance

WARNING 16 link(s) open in a new tab without rel=noopener security

WARNING Page weight 3.9 MB exceeds 1 MB target by 2.9 MB performance

WARNING JavaScript is 573 KB — consider code splitting or lazy loading performance

WARNING Registrar lock is NOT enabled infrastructure

WARNING 1455 inline style attribute(s) detected security

CRITICAL Page weighs 22.4 MB (13.5 MB transferred) performance

CRITICAL 4 non-essential cookie(s) set without consent banner compliance

CRITICAL 3.19g CO2 per page view sustainability

CRITICAL Cookie '_ga' is missing the Secure flag security

CRITICAL 4 image(s) missing alt attribute accessibility

WARNING Images are 9.7 MB — compress or use modern formats performance

WARNING 1 heading(s) are over 120 characters -- likely a misformatted paragraph accessibility

WARNING 7 link(s) with generic text accessibility

WARNING Third-party code accounts for 91% of page weight (12.3 MiB of 13.5 MiB) performance

WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 72 KB unused (65%) performance

WARNING External script from snap.licdn.com lacks integrity attribute security

WARNING 2 field(s) missing recommended autocomplete attribute accessibility

WARNING https://www.cloudflare.com/_willow/index.astro_ast...: 119657ms CPU time performance

WARNING External script from js.adsrvr.org lacks integrity attribute security

WARNING 3.19g CO2 — above the median website (0.60g) sustainability

WARNING External script from cdn.bizible.com lacks integrity attribute security

WARNING External script from tag.demandbase.com lacks integrity attribute security

WARNING JavaScript is 2.4 MB — consider code splitting or lazy loading performance

WARNING Unattributable: 5183ms CPU time performance

WARNING External script from static.ads-twitter.com lacks integrity attribute security

WARNING https://www.cloudflare.com/go9u/gtd?id=G-SQCRB0TXZ...: 70 KB unused (41%) performance

WARNING IPv6 DNS records exist but server is not reachable infrastructure

WARNING Cookie '_ga' has no SameSite attribute security

WARNING https://www.cloudflare.com/go9u/?id=DC-9309168&cx=...: 65 KB unused (48%) performance

WARNING 221 third-party resources (91% of weight) performance

WARNING No meta description tag found seo

WARNING Cookie '_ga' is missing the HttpOnly flag security

WARNING https://js.qualified.com/qualified.js?token=37pXYr...: 962ms CPU time performance

WARNING https://js.qualified.com/qualified.js?token=37pXYr...: 267 KB unused (73%) performance

WARNING https://www.googletagmanager.com/gtm.js?id=GTM-NDG...: 100 KB unused (62%) performance

WARNING https://www.cloudflare.com/: 33082ms CPU time performance

WARNING https://ot.www.cloudflare.com/ot/scripttemplates/2...: 627ms CPU time performance

WARNING Cookie 'kndctr_8AD56F28618A50850A495FB6_AdobeOrg_identity' is missing the HttpOnly flag security

WARNING 198 of 200 links are healthy content

WARNING External script from munchkin.marketo.net lacks integrity attribute security

WARNING External script from js.qualified.com lacks integrity attribute security

WARNING 279 HTTP requests — consider bundling or reducing performance

WARNING Page weight 13.5 MB exceeds 1 MB target by 12.5 MB performance

CRITICAL No Content-Security-Policy header found security

CRITICAL Content-Security-Policy header is missing security

CRITICAL og:image is not reachable content

CRITICAL 2 button(s) with no accessible text accessibility

CRITICAL 6 control(s) without accessible label accessibility

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING Heading level skipped: H1 → H6 (missing H2) accessibility

WARNING No accessibility statement detected compliance

WARNING GDPR Article 13 disclosure coverage: 1 / 8 categories compliance

WARNING Cookie '__cf_bm' has no SameSite attribute security

WARNING https://www.cloudflare.com/cdn-cgi/image/format=au... is missing width/height — may cause layout shift performance

WARNING Cross-Origin-Embedder-Policy header is missing security

WARNING Cross-Origin-Opener-Policy header is missing security

WARNING Heading level skipped: H2 → H6 (missing H3) accessibility

WARNING Heading level skipped: H2 → H5 (missing H3) accessibility

WARNING 2 of 2 <nav> elements are unlabeled accessibility

WARNING Cookie '_cfms_willow' is missing the HttpOnly flag security

WARNING No DMARC record found security

WARNING External script from www.googletagmanager.com lacks integrity attribute security

WARNING 36 link(s) open in new tab without warning accessibility

WARNING 2 field(s) would benefit from inputmode attribute accessibility

WARNING Broken link: https://www.cloudflare.com/zh-hans-cn/ content

WARNING Heading level skipped: H3 → H6 (missing H4) accessibility

WARNING Heading level skipped: H2 → H4 (missing H3) accessibility

WARNING External script from ot.www.cloudflare.com lacks integrity attribute security

WARNING https://cf-assets.www.cloudflare.com/dzlvafdwdttg/... is missing width/height — may cause layout shift performance

− content-security-policy-report-only script-src 'unsafe-inline' 'unsafe-eval'; connect-src 'none'; report-uri http...

set-cookie

cf_willow_version_key=ef144f27-e07a-4a75-9083-c353e1838353; Path=/; SameSite=... → cf_willow_version_key=409e3db5-3047-4621-af81-a9404b47a35a; Path=/; SameSite=...

11 headers unchanged

− Demandbase Analytics

− Marketo Marketing automation

− Qualified Live chat

− Priority Hints Performance

− dc.js JavaScript graphics

− Dreamdata Marketing automation

− Linkedin Insight Tag Analytics

− Google Analytics Analytics

− Twitter Ads Advertising

− theTradeDesk Advertising

− Sentry Issue trackers

13 technologies unchanged

Looking ahead

+18 pts

C (79) Could reach A+ (97)

Accessibility +30Content +26Performance +21Security +20Compliance +18Infrastructure +4SEO +4Sustainability +4

Estimate — actual results may vary (68 issues to fix)

Website improvement report — Cloudflare

April 4, 2026 → May 10, 2026

D C 69 → 79 +10 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$8,375 in development time

Investment remaining

$9,900 to complete the remaining items

Ongoing risk

$13,126/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	69 (D)	79 (C)	+10
Performance	65 (D)	79 (C)	+14
Security	65 (D)	80 (B)	+15
Accessibility	41 (F)	68 (D)	+27
SEO	95 (A)	94 (A)	-1
Infrastructure	87 (B)	94 (A)	+7
Compliance	83 (B)	63 (D)	-20
Content	77 (C)	74 (C)	-3
Sustainability	66 (D)	81 (B)	+15

Resolved (38)

Images are 9.7 MB — compress or use modern formats (Performance)
→ Page loads faster for users
1 heading(s) are over 120 characters -- likely a misformatted paragraph (Accessibility)
→ Improved usability for assistive technology users
7 link(s) with generic text (Accessibility)
→ Improved usability for assistive technology users
Third-party code accounts for 91% of page weight (12.3 MiB of 13.5 MiB) (Performance)
→ Page loads faster for users
https://ot.www.cloudflare.com/ot/scripttemplates/2...: 72 KB unused (65%) (Performance)
→ Page loads faster for users
External script from snap.licdn.com lacks integrity attribute (Security)
→ Reduced attack surface for visitors
2 field(s) missing recommended autocomplete attribute (Accessibility)
→ Improved usability for assistive technology users
https://www.cloudflare.com/_willow/index.astro_ast...: 119657ms CPU time (Performance)
→ Page loads faster for users
External script from js.adsrvr.org lacks integrity attribute (Security)
→ Reduced attack surface for visitors
Page weighs 22.4 MB (13.5 MB transferred) (Performance)
→ Page loads faster for users
3.19g CO2 — above the median website (0.60g) (Sustainability)
→ Lower carbon footprint per page view
External script from cdn.bizible.com lacks integrity attribute (Security)
→ Reduced attack surface for visitors
External script from tag.demandbase.com lacks integrity attribute (Security)
→ Reduced attack surface for visitors
JavaScript is 2.4 MB — consider code splitting or lazy loading (Performance)
→ Page loads faster for users
4 non-essential cookie(s) set without consent banner (Compliance)
→ Reduced regulatory exposure

…and 23 more resolved issue(s)

Recommended next steps (68)

Sprint 1
Broken link: https://www.cloudflare.com/plans/enterprise/demo/ (Content)
Sprint 2
10 non-essential cookie(s) set without consent banner (Compliance)
Sprint 1
Cookie '_cfms_willow' is missing the Secure flag (Security)
Sprint 1
Cookie 'cf_willow_version_key' is missing the Secure flag (Security)
Sprint 2
No Content-Security-Policy header found (Security)
Sprint 2
Content-Security-Policy header is missing (Security)
Sprint 1
og:image is not reachable (Content)
Sprint 1
2 button(s) with no accessible text (Accessibility)
Sprint 2
6 control(s) without accessible label (Accessibility)
Sprint 2
Hreflang cluster missing self-reference (Compliance)
Sprint 2
0.91g CO2 — above the median website (0.60g) (Sustainability)
Sprint 1
https://www.cloudflare.com/_willow/index.astro_ast...: 7327ms CPU time (Performance)
Sprint 1
Unattributable: 1653ms CPU time (Performance)
Sprint 1
76 images missing explicit width/height (Content)
Sprint 1
No SPF record found (Security)

…and 53 more recommended item(s)

Browse & Analyze

Learn