Changes

https://sandbox.thesslstore.com/ssltools/ssl-checker.php

Compared to previous audit · 33 minutes ago View previous audit

Madrid, Spain → Santa Clara, United States

These audits ran from different locations. Timing metrics (TTFB, DNS, TLS) may reflect network path differences rather than site changes.

New issues

Resolved

score changes

Category	Previous	Current	Change
Composite	B (82)	B (84)	+2.000
Performance	A (90)	A (91)	+1.000
Security	B (84)	B (84)	—
Accessibility	C (78)	C (78)	—
SEO	B (81)	B (81)	—
Infrastructure	C (79)	B (87)	+8.000
Compliance	C (70)	C (70)	—
Content	C (74)	C (74)	—
Sustainability	A+ (98)	A+ (98)	—

Metric	Previous	Current	Change
Performance	7100	8600	+1500
Accessibility	9000	9000	—
Best Practices	9600	9600	—
SEO	4000	4000	—
PWA	0	0	—
Desktop Performance	9900	10000	+100
Desktop Accessibility	9000	9000	—
Desktop Best Practices	9600	9600	—
Desktop SEO	4000	4000	—
FCP	934 ms	967 ms	+33 ms
LCP	2.72 s	1.47 s	-1.26 s
TBT	1.34 s	546 ms	-792 ms
CLS	0.002	0.002	—
Desktop FCP	261 ms	281 ms	+20 ms
Desktop LCP	765 ms	426 ms	-339 ms
Desktop TBT	80 ms	2 ms	-78 ms
Desktop CLS	0.000	0.000	—
TTFB †	39 ms	101 ms	+62 ms
DNS †	11 ms	41 ms	+30 ms
TLS †	13 ms	22 ms	+9 ms
Connect †	3 ms	17 ms	+14 ms
Total †	39 ms	102 ms	+63 ms

† Timing metrics may vary by worker location and do not necessarily indicate site changes.

WARNING Third-party code accounts for 83% of page weight (472.5 KiB of 566.2 KiB) performance

WARNING https://sandbox.thesslstore.com/cdn-cgi/challenge-...: 966ms CPU time performance

WARNING 1 render-blocking <script src> tag(s) without async/defer performance

WARNING https://sandbox.thesslstore.com/cdn-cgi/challenge-...: 1929ms CPU time performance

WARNING IPv6 DNS records exist but server is not reachable infrastructure

WARNING Third-party code accounts for 83% of page weight (470.9 KiB of 566.3 KiB) performance

WARNING Unattributable: 253ms CPU time performance

CRITICAL HTTP version does not redirect to HTTPS infrastructure

CRITICAL 'unsafe-eval' found in script source security

CRITICAL Scan returned a Cloudflare bot-protection interstitial, not the actual page security

CRITICAL No favicon or icon links detected accessibility

CRITICAL Page has only 47 words — nearly empty seo

WARNING frame-ancestors directive is missing security

WARNING External script from challenges.cloudflare.com lacks integrity attribute security

WARNING Compressed response missing `Vary` header performance

WARNING No favicon.ico at site root accessibility

WARNING Thin content — only 47 words seo

WARNING Registrar lock is NOT enabled infrastructure

WARNING Broken link: https://sandbox.thesslstore.com/favicon.ico content

WARNING Skip navigation link is missing (WCAG 2.4.1) accessibility

WARNING Title is only 16 characters — consider expanding seo

WARNING No internal links found seo

WARNING Terms of Service not detected compliance

WARNING No SPF record found security

WARNING 2 link(s) open in new tab without warning accessibility

WARNING Unexpected status code: HTTP 403 accessibility

WARNING 11 third-party resources (83% of weight) performance

WARNING No meta description tag found seo

WARNING 1 images missing explicit width/height content

WARNING No DMARC record found security

WARNING SRI adoption: 0/1 third-party resources protected (0%) security

WARNING No canonical tag found seo

WARNING GDPR Article 13 disclosure coverage: 0 / 8 categories compliance

WARNING 4 of 5 links are healthy content

WARNING HSTS max-age is too short (0s, should be ≥ 31536000s) security

WARNING No <nav> landmark found accessibility

WARNING Dead-end page — no outgoing internal links seo

WARNING No Open Graph meta tags found content

WARNING No accessibility statement detected compliance

− content-security-policy-report-only script-src 'unsafe-inline' 'unsafe-eval'; connect-src 'none'; report-uri http...

content-security-policy

default-src 'none'; script-src 'nonce-hORVC00Jf5Wkxss3Rg8Wf7' 'unsafe-eval' h... → default-src 'none'; script-src 'nonce-Hj9bfhfEh84HZvd2vk76Gi' 'unsafe-eval' h...

15 headers unchanged

Technology stack unchanged

4 technologies unchanged

Looking ahead

+13 pts

B (84) Could reach A+ (97)

SEO +19Accessibility +18Security +16Content +13Infrastructure +13Compliance +10Performance +9

Estimate — actual results may vary (35 issues to fix)

Website improvement report — Sandbox.thesslstore

June 2, 2026 → June 2, 2026

B B 82 → 84 +2 pts

Resolved

New issues

Still remaining

Financial summary

Investment delivered

$900 in development time

Investment remaining

$4,658 to complete the remaining items

Ongoing risk

$0/month in ongoing exposure

Figures are estimates based on local developer hourly rate, industry CPC, and regulatory fine ranges.

Performance by category

Metric	Before	After	Change
Overall score	82 (B)	84 (B)	+2
Performance	90 (A)	91 (A)	+1
Security	84 (B)	84 (B)	0
Accessibility	78 (C)	78 (C)	0
SEO	81 (B)	81 (B)	0
Infrastructure	79 (C)	87 (B)	+8
Compliance	70 (C)	70 (C)	0
Content	74 (C)	74 (C)	0
Sustainability	98 (A+)	98 (A+)	0

Resolved (4)

https://sandbox.thesslstore.com/cdn-cgi/challenge-...: 1929ms CPU time (Performance)
→ Page loads faster for users
IPv6 DNS records exist but server is not reachable (Infrastructure)
→ More reliable delivery
Third-party code accounts for 83% of page weight (470.9 KiB of 566.3 KiB) (Performance)
→ Page loads faster for users
Unattributable: 253ms CPU time (Performance)
→ Page loads faster for users

Recommended next steps (35)

Sprint 1
HTTP version does not redirect to HTTPS (Infrastructure)
Sprint 3
'unsafe-eval' found in script source (Security)
Sprint 1
Scan returned a Cloudflare bot-protection interstitial, not the actual page (Security)
Sprint 1
No favicon or icon links detected (Accessibility)
Sprint 3
Page has only 47 words — nearly empty (SEO)
Sprint 3
Third-party code accounts for 83% of page weight (472.5 KiB of 566.2 KiB) (Performance)
Sprint 1
https://sandbox.thesslstore.com/cdn-cgi/challenge-...: 966ms CPU time (Performance)
Sprint 2
1 render-blocking <script src> tag(s) without async/defer (Performance)
Sprint 1
frame-ancestors directive is missing (Security)
Sprint 1
External script from challenges.cloudflare.com lacks integrity attribute (Security)
Sprint 2
Compressed response missing `Vary` header (Performance)
Sprint 1
No favicon.ico at site root (Accessibility)
Sprint 3
Thin content — only 47 words (SEO)
Sprint 1
Registrar lock is NOT enabled (Infrastructure)
Sprint 1
Broken link: https://sandbox.thesslstore.com/favicon.ico (Content)

…and 20 more recommended item(s)

Browse & Analyze

Learn