Performance
· 17 checks — Lighthouse + waterfall + sustainability rolled into one auditable list.Performance-focused optimization plan with CWV assessment, top offenders, and time estimates
First Contentful Paint First Contentful Paint — how long until the browser renders the first piece of content. Under 1.8s is good.
3.70 s
Largest Contentful Paint Largest Contentful Paint — how long until the largest visible element loads. Under 2.5s is good.
14.90 s
Total Blocking Time Total Blocking Time — total time the main thread was blocked, preventing user input. Under 200ms is good.
1.02 s
Cumulative Layout Shift Cumulative Layout Shift — measures visual stability. How much the page layout shifts during loading. Under 0.1 is good.
0.109
Speed Index Speed Index — how quickly content is visually displayed during load. Under 3.4s is good.
6.13 s
Time to Interactive Time to Interactive — how long until the page is fully interactive and responds to user input. Under 3.8s is good.
15.26 s
Page Load Progression
DPage Weight BudgetAction2.3 MB transferred, 117 requestsFIX
Convert images to WebP/AVIF and resize to display dimensions to reduce transfer size.
Image bandwidth is high — modern formats (WebP/AVIF) and resizing typically cut it 50%+.
Source: web.dev
Large JavaScript bundles delay interactivity. Split code by route or defer non-critical scripts.
JavaScript bundle is large — code-split routes and lazy-load off-screen components to defer.
Source: web.dev
Subset fonts to include only used characters, or switch to system font stacks.
Font payload is large — subset to used glyphs only, or fall back to system fonts (zero load time).
Source: web.dev font loading
Each request adds latency. Bundle small files, use sprites, or eliminate unnecessary requests.
High HTTP request count — bundling, sprite-ing, and HTTP/2 server push can reduce per-request overhead.
Source: web.dev
DThird-Party ImpactAction100% third-party, 0 ms blockingFIX
FJS Execution CostAction5587ms total JS executionFIX
Main Thread Breakdown
| Script | Total | Scripting | Parse/Compile | Party |
|---|---|---|---|---|
| https://www.securityweek.com/ | 2021ms | 55ms | 2ms | 3rd |
| https://js.hs-analytics.net/analytics/1776901500000/5319632.js | 879ms | 671ms | 13ms | 3rd |
| https://www.securityweek.com/cdn-cgi/challenge-platform/scripts/jsd/main.js | 867ms | 800ms | 15ms | 3rd |
| https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js | 552ms | 466ms | 22ms | 3rd |
| Unattributable | 491ms | 10ms | 0ms | 3rd |
| https://www.googletagmanager.com/gtag/js?id=G-M1YM36C8RW | 322ms | 259ms | 60ms | 3rd |
| https://www.googletagmanager.com/gtm.js?id=GTM-TMP64CK | 183ms | 136ms | 46ms | 3rd |
| https://js.hscollectedforms.net/collectedforms.js | 102ms | 81ms | 9ms | 3rd |
| https://ads.securityweek.com/app.js | 59ms | 32ms | 10ms | 3rd |
| https://js.hs-banner.com/5319632.js | 59ms | 26ms | 8ms | 3rd |
Showing top 10 of 11 scripts
DPage Weight InventoryAction117 resources · 2.3 MB · 131 KB savings availableFIX
~130.6 KiB of savings available
| # | Resource | Type | Size | Cache | Unused | 3rd party | Issues |
|---|---|---|---|---|---|---|---|
| — | — | ||||||
| 117 resources | 2.3 MiB | ||||||
BImage Optimization31 images, 0 KB saveableREVIEW
Set explicit width and height to prevent CLS.
Image without explicit width/height — browser can't reserve space; CLS jumps when image loads.
Source: web.dev / Core Web Vitals
BJS Bundles40 scripts, 131 KB unusedREVIEW
Downloaded but never executed on this page.
| Script | Size | Unused | Minified | Party |
|---|---|---|---|---|
| https://www.googletagmanager.com/gtm.js?id=GTM-TMP64CK | 123 KB | 66 KB (53%) | ✓ | 3rd |
| https://www.googletagmanager.com/gtag/js?id=G-M1YM36C8RW | 155 KB | 65 KB (42%) | ✓ | 3rd |
| https://www.securityweek.com/wp-content/themes/zoxpress/js/retina.js?ver=6.9.4 | 1 KB | — | ✓ | 3rd |
| https://www.securityweek.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 | 5 KB | — | ✓ | 3rd |
| https://www.securityweek.com/wp-content/uploads/c9e9cd27a25f2327f579f73d231eb6d8.js?defer&generated=1765853110&ver=1.22.0 | 18 KB | — | ✓ | 3rd |
| https://www.securityweek.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1 | 2 KB | — | ✓ | 3rd |
| https://www.securityweek.com/wp-content/themes/zoxpress/js/lozad.min.js | 1 KB | — | ✓ | 3rd |
| https://www.securityweek.com/wp-content/themes/zoxpress/js/intersection-observer.js | 7 KB | — | ✗ | 3rd |
| https://www.securityweek.com/wp-includes/js/comment-reply.min.js?ver=6.9.4 | 2 KB | — | ✓ | 3rd |
| https://www.securityweek.com/wp-content/themes/zoxpress/js/jquery.infinitescroll.min.js?ver=6.9.4 | 12 KB | — | ✓ | 3rd |
Consider code splitting or tree shaking to reduce unused code.
This bundle has high unused code — code-split or tree-shake to ship only what executes.
Source: web.dev / Lighthouse coverage
Consider code splitting or tree shaking to reduce unused code.
This bundle has high unused code — code-split or tree-shake to ship only what executes.
Source: web.dev / Lighthouse coverage
A+Text CompressionAll text resources are compressedPASS
A+Font Loading8 fonts (243 KB)PASS
Web fonts
8
243 KB total
Render-blocking
0
of 8
Dominant font-display
swap
Most common across fonts
Font loading timeline
Optimization checklist
- Preload critical fonts (priority=high)
- Use woff2 format for all fonts
- Set font-display to swap, optional, or fallback
- Subset large fonts (≤100 KB each)
A+Resource CachingAll resources properly cachedPASS
A+Critical Rendering PathNo render-blocking resourcesPASS
A+Resource HintsNo optimization neededPASS
A+Render-Blocking ResourcesNo render-blocking resources detectedPASS
A+Third-Party ResourcesNo third-party resources detectedPASS
A+Green HostingWhether the site is served from green-energy infrastructurePASS
Green Hosting
This site is hosted on green energy infrastructure
Provider: Cloudflare
A+HTTP Cachingmax-age=600 (10 minutes)PASS
max-age=600, must-revalidate
| Directive | Value | Meaning |
|---|---|---|
| max-age | 600 | Cache for 10 minutes |
| must-revalidate | — | Must recheck with server after expiry |
Network Waterfall117 requests over 3549msINFO
Third-Party Script CostPer-script blocking time, transfer cost, and cache headersINFO
| Script | Category | Execution | Transfer | Unused | Monthly Cost | Verdict |
|---|---|---|---|---|---|---|
www.securityweek.com www.securityweek.com | Other | 2021ms | 36 KB | — | $27/mo | Costly |
HubSpot Analytics js.hs-analytics.net | Analytics | 879ms | 42 KB | — | $12/mo | Costly |
www.securityweek.com www.securityweek.com | Other | 867ms | 0 KB | — | $12/mo | Costly |
www.securityweek.com www.securityweek.com | Other | 552ms | 4 KB | — | $7/mo | Costly |
Unattributable Unattributable | Other | 491ms | 0 KB | — | $7/mo | Costly |
Google Tag Manager www.googletagmanager.com | Tag Manager | 322ms | 155 KB | 42% | $4/mo | Costly |
Google Tag Manager www.googletagmanager.com | Tag Manager | 183ms | 123 KB | 53% | $2/mo | Optional |
js.hscollectedforms.net js.hscollectedforms.net | Other | 102ms | 26 KB | — | $1/mo | Optional |
ads.securityweek.com ads.securityweek.com | Other | 59ms | 13 KB | — | $1/mo | Optional |
js.hs-banner.com js.hs-banner.com | Other | 59ms | 19 KB | — | $1/mo | Optional |
www.securityweek.com www.securityweek.com | Other | 52ms | 31 KB | — | $1/mo | Optional |
These scripts may cost more than they're worth
- www.securityweek.com adds 2021ms and costs ~$27/month
- HubSpot Analytics adds 879ms and costs ~$12/month
- www.securityweek.com adds 867ms and costs ~$12/month
- www.securityweek.com adds 552ms and costs ~$7/month
- Unattributable adds 491ms and costs ~$7/month
- Google Tag Manager adds 322ms and costs ~$4/month
100% of JavaScript execution time is spent on third-party scripts. Consider auditing which scripts are essential.
When third-party JS execution time exceeds your own, performance gains from frontend work are capped by code you don't own.
Learn more ▾ ▴
Every millisecond of third-party JS competes with your own for main-thread time. If their share is bigger than yours, optimization on your code base barely moves the needle. Audit, defer, or remove third-parties before further frontend optimization. Use Lighthouse's third-party audit to identify the worst offenders.
Source: web.dev
www.securityweek.com takes 2021ms of CPU time. Consider loading it asynchronously or replacing it with a lighter alternative.
This script has high main-thread execution time — optimize hot paths or defer.
Source: web.dev
HubSpot Analytics takes 879ms of CPU time. Consider loading it asynchronously or replacing it with a lighter alternative.
This script has high main-thread execution time — optimize hot paths or defer.
Source: web.dev
www.securityweek.com takes 867ms of CPU time. Consider loading it asynchronously or replacing it with a lighter alternative.
This script has high main-thread execution time — optimize hot paths or defer.
Source: web.dev
www.securityweek.com takes 552ms of CPU time. Consider loading it asynchronously or replacing it with a lighter alternative.
This script has high main-thread execution time — optimize hot paths or defer.
Source: web.dev
Unattributable takes 491ms of CPU time. Consider loading it asynchronously or replacing it with a lighter alternative.
This script has high main-thread execution time — optimize hot paths or defer.
Source: web.dev
Google Tag Manager takes 322ms of CPU time. Consider loading it asynchronously or replacing it with a lighter alternative.
This script has high main-thread execution time — optimize hot paths or defer.
Source: web.dev
53% of Google Tag Manager's code is unused. The script may be loading features you don't use.
Bundle has high unused-code ratio — tree-shaking and route-splitting recover the wasted bytes.
Source: web.dev