HTTP/3 isn't advertised via Alt-Svc and the worker didn't negotiate h3. HTTP/3 reduces handshake latency (1-RTT instead of 2-3 RTTs) and is more resilient on lossy connections. Most modern CDNs (Cloudflare, Fastly, AWS CloudFront, Google Cloud CDN) support HTTP/3 with a single config switch -- consider enabling for mobile-heavy workloads.
B
Compression Algorithm
Main response uses gzip; brotli would be ~20% smaller
REVIEW
Main response uses gzip; brotli would be ~20% smaller
Info::
i
Main HTML response uses gzip (brotli would be ~20% smaller)
All current browsers support brotli. Most CDNs (Cloudflare, Fastly, AWS CloudFront, Vercel, Netlify) can switch from gzip to brotli with a single config flag. Origin servers (nginx, Apache) need a brotli module compiled in -- nginx-brotli or Apache mod_brotli.
C
Main HTML Cache-Control
Action
Main HTML max-age=9000 (~150min) is aggressive
REVIEW
Main HTML max-age=9000 (~150min) is aggressive
Warning::
!
Main HTML cached for 150 minutes -- risks stale auth / SPA state
Long max-age on the main HTML document means users may see outdated auth state, SPA shells, or A/B variants until the cache expires. Consider Cache-Control: no-cache (or max-age=300) for HTML and let your hashed assets (JS/CSS/images) carry the long cache instead.
Got: max-age=9000, must-revalidate
B
Server-Timing Observability
No Server-Timing header found
REVIEW
No Server-Timing header found
Info::
i
No Server-Timing header found
Server-Timing exposes backend timing breakdowns to browser DevTools (e.g., `db: 45ms; render: 120ms; cache: 2ms`). Useful for diagnosing slow pages without backend log access. Most modern frameworks (Next.js, Cloudflare Workers, Fastly) emit it automatically; absence on a managed platform usually means telemetry headers are stripped at the edge.
C
Green Hosting
Action
Whether the site is served from green-energy infrastructure
REVIEW
Green Hosting
No green hosting detected
A+
Text Compression
All text resources are compressed
PASS
All text resources are compressed
Info::
✓
All text resources are compressed
All text resources are properly compressed.
A+
Font Loading
4 fonts (157 KB)
PASS
4 fonts (157 KB)
Info::
i
4 font(s) use font-display: swap (FOUT risk but functional)
Web fonts
4
157 KB total
Render-blocking
0
of 4
Dominant font-display
swap
Most common across fonts
Font loading timeline
TransferFOIT (block)FOUT (swap)
lato-v17-latin-regular....woff2swap
Size23 KB
Load time424 ms
Start828 ms
RiskFOUT — text flashes from fallback to web font
lato-v17-latin-700.woff2woff2swap
Size23 KB
Load time426 ms
Start829 ms
RiskFOUT — text flashes from fallback to web font
lato-v17-latin-900.woff2woff2swap
Size22 KB
Load time434 ms
Start829 ms
RiskFOUT — text flashes from fallback to web font
bootstrap-icons.woff2woff2swap
Size89 KB
Load time629 ms
Start829 ms
RiskFOUT — text flashes from fallback to web font
Optimization checklist
Preload critical fonts (priority=high)
Use woff2 format for all fonts
Set font-display to swap, optional, or fallback
Subset large fonts (≤100 KB each)
A+
Resource Caching
All resources properly cached
PASS
All resources properly cached
Info::
✓
No caching issues found
All static resources have appropriate caching headers.
A+
Critical Rendering Path
No render-blocking resources
PASS
No render-blocking resources
Info::
✓
No render-blocking resources detected
A+
Resource Hints
No optimization needed
PASS
No optimization needed
Info::
✓
No resource hint issues
A+
LCP Image Preload
LCP preload audit not available
PASS
LCP preload audit not available
Info::
✓
LCP image preload audit not available for this scan
A+
Server Response Intelligence
2 server-response signal(s) detected
PASS
2 server-response signal(s) detected
Info::
✓
`Vary` header declared: Accept-Encoding
The page declares a `Vary` header, telling downstream caches which request headers the response varies on. Critical for content-negotiated responses (compression, language, cookies, device class).
Info::
i
No `ETag` or `Last-Modified` -- conditional GET not supported
Without either header, browsers can't issue conditional GETs and refresh always re-downloads the full response body even when nothing changed. Add `ETag: "<hash>"` (or `Last-Modified: <date>`) on cacheable responses; the server returns 304 Not Modified when the client's cached copy is still valid, saving bandwidth.
A
HTTP Caching
max-age=9000 (2 hours)
PASS
max-age=9000 (2 hours)
Info::
✓
Cache-Control header is set
Got: max-age=9000, must-revalidate
Info::
✓
Effective TTL: 2 hours (max-age=9000)
Info::
i
No ETag or Last-Modified header
Conditional requests (304 Not Modified) are not possible without validators.
Cache-Control
max-age=9000, must-revalidate
Directive
Value
Meaning
max-age
9000
Cache for 2 hours
must-revalidate
—
Must recheck with server after expiry
Effective TTL: 9000 seconds
Network Waterfall
45 requests over 3072ms
INFO
HTML JavaScript CSS Images Fonts XHR/Fetch Other
Third-Party Script Cost
Per-script blocking time, transfer cost, and cache headers
INFO
26%of JavaScript execution is third-party
First-party Third-party213ms · 645KB · Kč26/mo
Script
Category
Execution
Transfer
Unused
Monthly Cost
Verdict
www.gstatic.com
www.gstatic.com
Other
82ms
375 KB
66%
Kč10/mo
Optional
Google Tag Manager
www.googletagmanager.com
Tag Manager
69ms
153 KB
45%
Kč9/mo
Optional
Google Tag Manager
www.googletagmanager.com
Tag Manager
62ms
118 KB
54%
Kč8/mo
Optional
www.gstatic.com
Other
Optional
Execution82ms
Transfer375 KB
Unused66%
Monthly CostKč10/mo
Google Tag Manager
Tag Manager
Optional
Execution69ms
Transfer153 KB
Unused45%
Monthly CostKč9/mo
Google Tag Manager
Tag Manager
Optional
Execution62ms
Transfer118 KB
Unused54%
Monthly CostKč8/mo
66% of www.gstatic.com's code is unused. The script may be loading features you don't use.
Why this matters
Bundle has high unused-code ratio — tree-shaking and route-splitting recover the wasted bytes.
Source: web.dev
54% of Google Tag Manager's code is unused. The script may be loading features you don't use.
Why this matters
Bundle has high unused-code ratio — tree-shaking and route-splitting recover the wasted bytes.