HTTP/3 isn't advertised via Alt-Svc and the worker didn't negotiate h3. HTTP/3 reduces handshake latency (1-RTT instead of 2-3 RTTs) and is more resilient on lossy connections. Most modern CDNs (Cloudflare, Fastly, AWS CloudFront, Google Cloud CDN) support HTTP/3 with a single config switch -- consider enabling for mobile-heavy workloads.
B
Compression Algorithm
Main response uses gzip; brotli would be ~20% smaller
REVIEW
Main response uses gzip; brotli would be ~20% smaller
Info::
i
Main HTML response uses gzip (brotli would be ~20% smaller)
All current browsers support brotli. Most CDNs (Cloudflare, Fastly, AWS CloudFront, Vercel, Netlify) can switch from gzip to brotli with a single config flag. Origin servers (nginx, Apache) need a brotli module compiled in -- nginx-brotli or Apache mod_brotli.
B
Main HTML Cache-Control
No Cache-Control header on main HTML response
REVIEW
No Cache-Control header on main HTML response
Info::
i
Main HTML response has no Cache-Control header
Without an explicit Cache-Control, browsers fall back to heuristic caching (~10% of Last-Modified age). Set `Cache-Control: no-cache` or `max-age=300` for HTML to control freshness explicitly -- prevents stale auth state and SPA shell drift.
B
Server-Timing Observability
No Server-Timing header found
REVIEW
No Server-Timing header found
Info::
i
No Server-Timing header found
Server-Timing exposes backend timing breakdowns to browser DevTools (e.g., `db: 45ms; render: 120ms; cache: 2ms`). Useful for diagnosing slow pages without backend log access. Most modern frameworks (Next.js, Cloudflare Workers, Fastly) emit it automatically; absence on a managed platform usually means telemetry headers are stripped at the edge.
C
Green Hosting
Action
Whether the site is served from green-energy infrastructure
REVIEW
Green Hosting
No green hosting detected
A+
Text Compression
All text resources are compressed
PASS
All text resources are compressed
Info::
✓
All text resources are compressed
All text resources are properly compressed.
A+
Font Loading
5 fonts (167 KB)
PASS
5 fonts (167 KB)
Info::
i
5 font(s) use font-display: swap (FOUT risk but functional)
Web fonts
5
167 KB total
Render-blocking
0
of 5
Dominant font-display
swap
Most common across fonts
Font loading timeline
TransferFOIT (block)FOUT (swap)
OpenSans.woff2woff2swap
Size33 KB
Load time6 ms
Start9.4 s
RiskFOUT — text flashes from fallback to web font
OpenSans-Semibold.woff2woff2swap
Size34 KB
Load time8 ms
Start9.4 s
RiskFOUT — text flashes from fallback to web font
OpenSans-Light.woff2woff2swap
Size34 KB
Load time9 ms
Start9.4 s
RiskFOUT — text flashes from fallback to web font
OpenSans-SemiboldItalic...woff2swap
Size32 KB
Load time11 ms
Start9.4 s
RiskFOUT — text flashes from fallback to web font
OpenSans-Bold.woff2woff2swap
Size34 KB
Load time13 ms
Start9.4 s
RiskFOUT — text flashes from fallback to web font
Optimization checklist
Preload critical fonts (priority=high)
Use woff2 format for all fonts
Set font-display to swap, optional, or fallback
Subset large fonts (≤100 KB each)
A+
Resource Caching
All resources properly cached
PASS
All resources properly cached
Info::
✓
No caching issues found
All static resources have appropriate caching headers.
A+
Critical Rendering Path
No render-blocking resources
PASS
No render-blocking resources
Info::
✓
No render-blocking resources detected
A+
Resource Hints
No optimization needed
PASS
No optimization needed
Info::
✓
No resource hint issues
A+
LCP Image Preload
LCP preload audit not available
PASS
LCP preload audit not available
Info::
✓
LCP image preload audit not available for this scan
A+
Server Response Intelligence
2 server-response signal(s) detected
PASS
2 server-response signal(s) detected
Info::
✓
`Vary` header declared: Accept-Encoding
The page declares a `Vary` header, telling downstream caches which request headers the response varies on. Critical for content-negotiated responses (compression, language, cookies, device class).
Info::
i
No `ETag` or `Last-Modified` -- conditional GET not supported
Without either header, browsers can't issue conditional GETs and refresh always re-downloads the full response body even when nothing changed. Add `ETag: "<hash>"` (or `Last-Modified: <date>`) on cacheable responses; the server returns 304 Not Modified when the client's cached copy is still valid, saving bandwidth.
Network Waterfall
52 requests over 10139ms
INFO
HTML JavaScript CSS Images Fonts XHR/Fetch Other
Third-Party Script Cost
Per-script blocking time, transfer cost, and cache headers
62% of JavaScript execution time comes from third-party scripts.
Why this matters
Third-party scripts (analytics, ads, social, A/B testing) often dominate execution time — every one is a perf-and-privacy tax.
Learn more ▾▴
Each third-party script is a black box: you don't control when it loads, what it executes, or how much it grows. They often account for a major share of total blocking time on average sites (HTTP Archive's Web Almanac documents the trend). Audit which ones you actually need, defer the rest, and use facade patterns (lite-youtube, lite-vimeo) for embedded media.
Source: web.dev / HTTP Archive Web Almanac
75% of securepubads.g.doubleclick.net's code is unused. The script may be loading features you don't use.
Why this matters
Bundle has high unused-code ratio — tree-shaking and route-splitting recover the wasted bytes.