HTTP/3 isn't advertised via Alt-Svc and the worker didn't negotiate h3. HTTP/3 reduces handshake latency (1-RTT instead of 2-3 RTTs) and is more resilient on lossy connections. Most modern CDNs (Cloudflare, Fastly, AWS CloudFront, Google Cloud CDN) support HTTP/3 with a single config switch -- consider enabling for mobile-heavy workloads.
B
Compression Algorithm
Main response uses gzip; brotli would be ~20% smaller
REVIEW
Main response uses gzip; brotli would be ~20% smaller
Info::
i
Main HTML response uses gzip (brotli would be ~20% smaller)
All current browsers support brotli. Most CDNs (Cloudflare, Fastly, AWS CloudFront, Vercel, Netlify) can switch from gzip to brotli with a single config flag. Origin servers (nginx, Apache) need a brotli module compiled in -- nginx-brotli or Apache mod_brotli.
B
Main HTML Cache-Control
No Cache-Control header on main HTML response
REVIEW
No Cache-Control header on main HTML response
Info::
i
Main HTML response has no Cache-Control header
Without an explicit Cache-Control, browsers fall back to heuristic caching (~10% of Last-Modified age). Set `Cache-Control: no-cache` or `max-age=300` for HTML to control freshness explicitly -- prevents stale auth state and SPA shell drift.
B
Server-Timing Observability
No Server-Timing header found
REVIEW
No Server-Timing header found
Info::
i
No Server-Timing header found
Server-Timing exposes backend timing breakdowns to browser DevTools (e.g., `db: 45ms; render: 120ms; cache: 2ms`). Useful for diagnosing slow pages without backend log access. Most modern frameworks (Next.js, Cloudflare Workers, Fastly) emit it automatically; absence on a managed platform usually means telemetry headers are stripped at the edge.
13 render-blocking <script src> tag(s) without async/defer
Each `<script src=...>` without `async`, `defer`, or `type="module"` blocks HTML parsing while the browser fetches and executes it. The block lasts the entire round-trip + execution time -- on slow networks this translates directly into LCP delay. Add `defer` (executes after parse, in source order) for scripts that interact with the DOM, or `async` (executes whenever ready) for analytics / independent scripts. Module scripts (`type="module"`) are deferred by default.
`document.write()` blocks all parallel resource discovery while it executes. Chrome explicitly disables the preload scanner on connections it judges slow when document.write is detected, serializing the entire subtree load. Almost always third-party ad / analytics legacy code; replacing with createElement + appendChild (or refusing to integrate the offending vendor) recovers significant load-time on mobile.
C
Green Hosting
Action
Whether the site is served from green-energy infrastructure
REVIEW
Green Hosting
No green hosting detected
A+
Text Compression
All text resources are compressed
PASS
All text resources are compressed
Info::
✓
All text resources are compressed
All text resources are properly compressed.
A+
Font Loading
1 fonts (35 KB)
PASS
1 fonts (35 KB)
Info::
i
1 font(s) use font-display: swap (FOUT risk but functional)
Web fonts
1
35 KB total
Render-blocking
0
of 1
Dominant font-display
swap
Most common across fonts
Font loading timeline
TransferFOIT (block)FOUT (swap)
JTUSjIg1_i6t8kCHKm459Wl...woff2swap
Size35 KB
Load time59 ms
Start425 ms
RiskFOUT — text flashes from fallback to web font
Optimization checklist
Preload critical fonts (priority=high)
Use woff2 format for all fonts
Set font-display to swap, optional, or fallback
Subset large fonts (≤100 KB each)
A+
Resource Caching
All resources properly cached
PASS
All resources properly cached
Info::
✓
No caching issues found
All static resources have appropriate caching headers.
A+
Critical Rendering Path
No render-blocking resources
PASS
No render-blocking resources
Info::
✓
No render-blocking resources detected
A+
Resource Hints
No optimization needed
PASS
No optimization needed
Info::
✓
No resource hint issues
A+
LCP Image Preload
LCP preload audit not available
PASS
LCP preload audit not available
Info::
✓
LCP image preload audit not available for this scan
A+
Server Response Intelligence
2 server-response signal(s) detected
PASS
2 server-response signal(s) detected
Info::
✓
`Vary` header declared: Accept-Encoding
The page declares a `Vary` header, telling downstream caches which request headers the response varies on. Critical for content-negotiated responses (compression, language, cookies, device class).
Info::
i
No `ETag` or `Last-Modified` -- conditional GET not supported
Without either header, browsers can't issue conditional GETs and refresh always re-downloads the full response body even when nothing changed. Add `ETag: "<hash>"` (or `Last-Modified: <date>`) on cacheable responses; the server returns 304 Not Modified when the client's cached copy is still valid, saving bandwidth.
Each `<link rel="stylesheet">` without a non-blocking `media` attribute holds up the first paint. Browsers download all of them before painting any content. Consolidate into 1-2 critical-path stylesheets; defer non-critical CSS via `<link rel="stylesheet" media="print" onload="this.media='all'">` or via the loadCSS pattern; inline above-the-fold CSS in `<style>` to short-circuit the request entirely.
Network Waterfall
44 requests over 1743ms
INFO
HTML JavaScript CSS Images Fonts XHR/Fetch Other
Third-Party Script Cost
Per-script blocking time, transfer cost, and cache headers
INFO
49%of JavaScript execution is third-party
First-party Third-party646ms · 0KB · €7/mo
Script
Category
Execution
Transfer
Unused
Monthly Cost
Verdict
www.gstatic.com
www.gstatic.com
Other
646ms
0 KB
48%
€7/mo
Costly
www.gstatic.com
Other
Costly
Execution646ms
Transfer0 KB
Unused48%
Monthly Cost€7/mo
These scripts may cost more than they're worth
www.gstatic.com adds 646ms and costs ~€7/month
49% of JavaScript execution time comes from third-party scripts.
Why this matters
Third-party scripts (analytics, ads, social, A/B testing) often dominate execution time — every one is a perf-and-privacy tax.
Learn more ▾▴
Each third-party script is a black box: you don't control when it loads, what it executes, or how much it grows. They often account for a major share of total blocking time on average sites (HTTP Archive's Web Almanac documents the trend). Audit which ones you actually need, defer the rest, and use facade patterns (lite-youtube, lite-vimeo) for embedded media.
Source: web.dev / HTTP Archive Web Almanac
www.gstatic.com takes 646ms of CPU time. Consider loading it asynchronously or replacing it with a lighter alternative.
Why this matters
This script has high main-thread execution time — optimize hot paths or defer.
375 ms
2.6 s