81%
Not so bad!
But still far from perfection
6

Issues

5

Improvements

69

Successes


See your priorities

Screenshot


SIMULATED VISITOR: Chrome Seattle 10.0/2.0Mbps (Latency: 28 ms) Edit

Requests

26

Weight

417kB

HTML CSS Scripts Images Others
Timeline / Waterfall

First Byte

0.29sec

Start Render

0.77sec

Fully loaded

2.22sec


Browser warnings 0OK
HTTP/2 Ready: 100%
Speed Index: 989

Technologies :

Google Analytics

Google Font API

Google Sites

Knockout.js

NVD3

OpenGSE

Socket.io

D3

Java

Node.js


Share this report by email

Feel free to share this report with your collaborators, by copying the URL from the address bar,
or by clicking below:

Share the report

Tips and best practices:

Things to improve

Browser rendering 

0/100

2 critical dependencies detected

The failure of a third-party content provider could bring an overall breakdown of your website.

Single Point Of Failure

A Frontend Single Point Of Failure (SPOF) is a critical dependency on a third-party content, that may block the entire display of your page in case of failure of the content provider.

As an example, if your web page uses a blocking script hosted by Google’s servers, then your page is reliant on any failure from this script. Please read our blog post dedicated to SPOF for more information.

How to avoid SPOF?

As far as possible, exclude any of these dependencies, even from renowned providers. If you have to use a third-party content, ensure that you choosed an asynchronous integration and that you have a fallback in case of problem.


We are checking if the tested web page depends (in a critical way) on some of most widespread external resources (googleapis, typekit,...). That are known as Frontend SPOF (Single Point Of Failure) cases.

The following resources represent a SPOF for this page:

  • //fonts.googleapis.com/css?family=Lato%3A300%2C3[...]00%2C400italic%2C700%2C700italic
  • //fonts.googleapis.com/css?family=Roboto:300,400,500,700|Source+Code+Pro:400,700


 
Read more
Browser rendering 

0/100

Defer parsing of JavaScript

JavaScript can significantly slow down a page display, especially if it is necessary to download an external script.

Defer the use of JavaScript as much as possible to provide a faster start for the page display.

How can I fix this?

Use one of the methods below to defer parsing for external JavaScript files:

  • use the async attribute;
  • use the defer attribute;
  • append the script to the DOM in JavaScript during the onload event;
  • make sure your scripts are placed at the bottom of the page (ideally at the end of the body).

246.1KiB of JavaScript is parsed during initial page load. Defer parsing JavaScript to reduce blocking of page rendering.


 
Read more
SEO 

0/100

Add <h2> titles in your content

We recommend putting page keywords in at least the h1 and h2 tags. Search engines use the h1, h2, and h3 tags for SEO purposes.
This page contains:

  • 2 <h1> element(s)
  • 1 <h3> element(s)


 
Read more
Security 

0/100

The Content Security Policy is missing

It is critical to restrict the origin of the contents of your webpage to protect your website from cross-site scripting attacks (XSS).

XSS attacks explained

An XSS attack aims to inject content into a page.

You can protect your pages against these attacks by implementing a content security policy that tells the web browser which servers are allowed to deliver resources on each page. If the browser makes a request to an unauthorized server, it must inform the user.

How can I prevent an XSS attack?

Set up a "Content-Security-Policy" (CSP) HTTP header. To specify a security policy on the source of your resources, configure your server so the response of the first resource contains the "Content-Security-Policy" HTTP header.

Here's an example:

Content-Security-Policy: script-src 'self' https://apis.google.com

In this case, the page loads correctly provided that all the scripts come from the current host or https://apis.google.com.

Read more about the CSP HTTP header. You can also look at the CSP directives.

Please, be careful, if the header is misconfigured, some of your content, scripts, or styles may be blocked. That could cause unwanted side effects. Moreover, the restrictions apply to all pages of the website. We recommend you test the different pages of your website before deploying this header in your production environment.


No Content Security Policy on this page: it is more easily exposed to XSS attacks.


 
Read more
SEO 

0/100

You should define a 'description' meta tag

The page should define a unique description.

Description in search engines

The description of the page may be directly displayed in search engine results pages (SERP):

It allows you to control at best the entry preview in search engines, and to improve the click rate to your page. Learn more.

How to define a page's description?

Use <meta name="description" content="page description"> and place it in the <head> tag.

No <meta> description has been found on this page. Please provide a <meta> description.


 
Read more
Security 

0/100

1 cookie is not secured

A cookie sent from the server to a web browser via the HTTPs protocol should only transit on a secure connection (except for some specific cases).

HTTP cookies

HTTP cookies are set by the server to the web browser via the Set-Cookie HTTP header. Then, the browser transmits the cookies to the server for the next requests by using the Cookie HTTP header. When the server uses a secure connection (HTTPs), the cookie probably contains some sensitive data: you have to garantee that the cookie cannot be exploited on an insecure connection.

The Secure directive

By adding the Secure instruction in the Set-Cookie HTTP header, the server informs the browser that it is allowed to transmit the cookie over secure connection only. Read our blog post to learn more.

Caution: Ensure that the HTTP to HTTPS redirect is activated on your website. Otherwise, the Secure cookie may not be sent on HTTP request.

The following Cookies are not secure, you should add the Secure instruction in the Set-Cookie HTTP header:

sites.google.com/view/muzicland/%D0%B6%D0%B8%D0%[...]%D0%B5%D0%B2%D0%BE%D0%B9

  • set-cookie: NID=102=hroz2o0mC7f_hukoVh8J8H-5gZFSXzmG0VpZviAfEharRycWMjX4FLGGKiADWqyQd6DcxTQrNNAODRTHvAp6Ls9WYqWFhlFLb7Oo4CH_WdNrYhSwTonXYRDDf_VTf5Qv;Domain=.google.com;Path=/;Expires=Sat, 28-Oct-2017 08:03:30 GMT;HttpOnly


 
Read more
Cache policy 

59/100

Set a far future cache policy in 3 requests

Defining several days of cache retention for your static resources will reduce the load on your server.

The Expires header explained

Some of your resources use the Expires HTTP header to get an effective caching policy—this is a best practice. However, you should consider improving its configuration to make the most of the caching mechanisms. Here is an example of the Expires HTTP header:

Expires: Thu, 25 Dec 2014 20:00:00 GMT

When you deploy a new version of your website, remember to rename static resources that have been modified. If you do not change their names, your users will keep resources corresponding to the old versions stored in their caches, and they may find themselves on an unstable version of your page. For example:

myresource.min.20140101.js

Read the Yahoo! guidelines on this subject.

Recommended Expires header setting

We recommend setting the Expires HTTP header so the date is between 2 days and 1 year.


This page contains 3 resources that do not have a far expiration date:

Resources from "google"
Resources hosted by a third-party

It appears these files are hosted by a third-party, so they may not be within your control. However, you should consider any alternative to these resources to improve your page performance.


 
Read more
Quality 

0/100

23 CSS selectors are duplicated

Using several times the same selector for several declarative blocks within a single CSS file can affect the readability and maintainability of the code. It is also an optimization opportunity: by grouping these elements within a single rule, you will reduce the file size.

CSS Rules

The CSS rules allow to select elements from the HTML code in order to apply styling properties.

How to improve it?

You just have to group the same selectors into the same rule. For instance, the following rules:

.myClass {
margin: 0;
}
...
.myClass{
border: 1px solid black;
}

Should be merged into a single one:

.myClass {
margin: 0;
border: 1px solid black;
}

If the duplication is done on purpose (your own architecture, etc.), you can consider using a CSS minification tool able to do automatically this improvement.


You can save 161 characters. The following files define the same selector in different rules:

sites.google.com/view/muzicland/%D0%B6%D0%[...]%BE%D0%B9 (inline 0)

  • @media only screen and (max-width: 479px) .duRjpb (2 times)
  • @media only screen and ([...]80px) and (max-width: 767px) .PsKE7e (2 times)
  • .JYVBee (2 times)
  • .OmQG5e (2 times)
  • .O13XJf (2 times)
  • .dhtgD (2 times)
  • .Zjiec (2 times)
  • .TlfmSc (2 times)
  • and 15 others


 
Read more
Security 

0/100

Disable the auto detection of resource type

Protect yourself from malicious exploitation via MIME sniffing.

MIME-Type sniffing explained

Internet Explorer and Chrome browsers have a feature called "MIME-Type sniffing" that automatically detects a web resource's type. This means, for example, that a resource identified as an image can be read as a script if its content is a script.

This property allows a malicious person to send a file to your website to inject malicious code. We advise you to disable the MIME-Type sniffing to limit such activity.

How to prevent MIME-Type sniffing

Configure a "X-Content-Type-Options" HTTP header. Add the "X-Content-Type-Options" HTTP header in the responses of each resource, associated to the "nosniff" value. It allows you to guard against such misinterpretations of your resources.


On this page, you should configure the following resources, that risk being misinterpreted:

Resources from "google"
Resources hosted by a third-party

It appears these files are hosted by a third-party, so they may not be within your control. However, you should consider any alternative to these resources to improve your page performance.


 
Read more
SEO 

0/100

This page does not specify a breadcrumb for search engines

The breadcrumb enables to visually enhance the results matching your website during a research. On Google, you can find it instead of the URL for example:

breadcrumb example

On a search made through a desktop device, the breadcrumb only replaces the URL if it is defined on the page.

About the mobile search, Google has been consistently displaying the breadcrumb since April 2015. If you haven’t defined a breadcrumb on your website, it will be generated automatically (in particular from the URL). We advise you to make this information explicit in your source code, in order to control the display.

Defining its own breadcrumb

You must define your breadcrumb using one of the accepted implementations (see Google recommendations).

<div id="a" itemscope itemtype="http://data-vocabulary.org/Breadcrumb" itemref="b">
<a href="http://www.example.com/mycategory" itemprop="url">
<span itemprop="title">My category</span>
</a> >
</div>
<div id="b" itemscope itemtype="http://data-vocabulary.org/Breadcrumb" itemprop="child">
<a href="http://www.example.com/mycategory/myproduct" itemprop="url">
<span itemprop="title">My product</span>
</a>
</div>

On this analysed page, we couldn’t find a breadcrumb.


 
Read more
Quality 

20/100

Separate the CSS styles from the HTML tags

Separating HTML tags and CSS directives improves code readability and promotes factorization.

How to define CSS styles

CSS styles are used to format the page. You can use one of three main methods to define them:

  • declare styles in a specific CSS file;
  • declare "inline" styles (<style> tag in your HTML template);
  • declare styles with the "style" attribute of a HTML tag.
How can I improve my page?

We recommend grouping your CSS styles in <style> tags or in separate files. That way, the HTML is only responsible for providing the structure of the page, and its layout is outsourced. The <style> attribute should only be generated by some JavaScript code (e.g., if you need to know the screen size).


This page uses 10 style attribute(s):

  • <nav class="plFg0c" jscontroller="tOKhWd" jsaction="rcuQ6b:rcuQ6b;eJOBBb:CfS0pe;" id="WDxLfe" style="visibility: hidden;">
  • <section id="h.p_SQQp4yCWqril" class="yaqOZd LB7kq cJgDec tpmmCb O13XJf" style="">
  • <div class="yaqOZd IFuOkc" style="background-size: cover; background-position: center center; background-image: url(https://lh5.googleusercontent.com/ym3Y_TcmQLH0tY00gUrm9AzI0vnc47-o7A8wsU8tQu2NcL4v3V7ebLv8hRju83p1QXW6lrQQ=w1176);" jsname="LQX2Vd">
  • <h1 id="h.p_yPb292ytqrkF" class="zfr3Q duRjpb" style="text-align: center;">
  • and 6 others


 
Read more
Data amount 

99/100

Optimize your images

Properly formatting and compressing images can save many bytes of data.

Optimize the following images to reduce their size by 3.2KiB (6% reduction).

It appears these files are hosted by a third-party, so they may not be within your control. However, you should consider any alternative to these resources to improve your page performance.

Images may contain data unnecessary for their use on the web. This data can increase their size significantly. Some tools automatically remove this unnecessary data without loss of quality and thus reduce your image sizes.

We recommend removing unnecessary image data using a tool such as jpegtran (JPEG files), OptiPNG (PNG files) or ImageRecycle.


 
Read more

Did you know?

Security 

9 resources on this page are for public use

By default, the browser accepts to perform AJAX requests, or to retrieve web fonts, only on the same domain name of the page. So a font provided by toto.com can only be used by the pages of toto.com. This prevents misuse of your resources by any site.

Some resources are public, and explicitly want to be available to everyone (eg Google Fonts). In this case, the HTTP header Access-Control-Allow-Origin can be used with the value "*". You should, however, use this property if your resource has aimed to be used by the greatest number. Otherwise, we recommend that you keep the default, or set a specific domain name in the "Access-Control-Allow-Origin" HTTP header.

You should be aware of the following resources, that use a Access-Control-Allow-Origin: * HTTP header. Make sure they are actually intended to be used by pages from all domain names:

It appears these files are hosted by a third-party, so they may not be within your control. However, you should consider any alternative to these resources to improve your page performance.


 
Read more
Data amount 

1 domain sends 792 bytes of cookies

HTTP cookies are used to track a user to costumize the page according to their profile. They are sent as a HTTP header from the web server to the browser. Then, each time the browser accesses to the server, it sends a request containing the cookie received at the first response. See more information.

Here, 1 domain sends 792 bytes of cookies:

Domain name: google
  • NID: 792 bytes distributed on 6 request(s)


 
Read more
Browser rendering 

The Slowest Resources

The page load time is 2.2 seconds. Listed below, are your site's slowest loading requests:

Listed below, are your site's 10 slowest requests:

Excessively slow response times can be due to any number of reasons, usually because of a heavy resource that's loading or a temporary network issue.

For more information on page load time, you can consult the timeline.


 
Read more
Security 

Do all third parties resources deliver the right content?

This page loads data from third parties, you should ensure their integrity.

SubResource Integrity (SRI)

Use SRI to ensure that a third party resource has not been tampered. Add the integrity attribute to <script> and <link> tags loading this kind of resource. Example:

<script src="https://exemple.com/exemple-framework.js"
integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
crossorigin="anonymous">
</script>

The integrity attribute value is equal to the base64-encoded hash (SHA) of the resource. The browser compares this hash with the downloaded content in order to determine if the resource matches the expected content.

You can create the SHA thanks to several tool. In command line, you can use openssl. You can also test some online tools, as srihash.org or report-uri.io. Learn more about SubResource Integrity.


 
Read more
Security 

Specify which SSL certificates can be accepted by the browser

Provide the list of valid public cryptographic keys to the web browser in order to avoid some Man-In-The-Middle attacks.

Public Key Pinning

The HTTP Public Key Pinning header allows to define all the public cryptographic keys supported to access your domain via SSL:

Public-Key-Pins: pin-sha256="base64=="; max-age=expireTime
[; includeSubdomains][; report-uri="reportURI"]

The browser stores this list. During the second visit, it will compare this list with the key provided by the certificate authority (CA). If they don't match, the browser will consider the certificate as corrupted and will block the access to the page.

Please, be careful while configuring this header: if the provided certificates are not up to date, your website will be unreachable (see a detailed feedback). Do specify several certificates, including (at least) one fallback certificate. It will allow to deal with the expiration or invalidation cases of a certificate.

Note: We advise you to deploy it progressively by using the report-only mode (Public-Key-Pins-Report-Only header) and limited cache validation times.

Read more about HPKP.

This page doesn't send a Public Key Pinning header.


 
Read more
Number of requests 

Resources distribution by domain

This page loads data from 11 domains. This best practice retrieves the following metrics for each of these domains:

  • Loading Time (Cumulative): total time spent to load all the resources
  • Server Time (Cumulative): total time spent to retrieve the responses from the server (TCP connection + wait for first byte)
  • Weight: data amount loaded
  • Number of requests

Here is the list of all the domains used by the page:

DomainTime (ms)Server Time (ms)Weight (kB)Requests
www.gstatic.com 882 631 166 7
apis.google.com 369 240 103 4
fonts.gstatic.com 253 148 61 3
www.google-analytics.com 211 156 13 2
sites.google.com 393 357 9 2
ssl.gstatic.com 158 125 5 2
fonts.googleapis.com 185 154 2 2
accounts.google.com 184 107 1 1
stats.g.doubleclick.net 152 128 0 1
csi.gstatic.com 525 501 0 1
lh5.googleusercontent.com 346 264 56 1


 
Read more

Well done, these best practices are respected

Accessibility 

100/100

All labels refer to an element

The for attribute associates the label to an other element of the page, and help screen readers to better interpret your content.

Label and for attribute

A label describes an element (a text to fill, a checkbox, etc.). When a user click on a label associated with a radio button, the option will be directly selected, improving the user experience.

How to use a label?

Associate the label to an element of the page by indicating the ID of the element. Example:

<form action="/action">
<label for="myId">
<input type="radio" name="myOptions" id="myId" value="1" >


 
Read more
Cache policy 

100/100

You do not use too long inline scripts

Any script with a significant size should let the browser cached them in order to reduce loading time/improve performance of your returning visitor.

Inline scripts / cache policy

"inline" scripts allow to integrate easily small portions of scripts directly in the HTML code. Example:

<script type="text/javascript">
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']...,'/analytics.js','ga');
    ga('create', 'UA-11111111-1', 'mywebsite.com');
</script>

By doing so, you avoid making a request to the server to retrieve the resource. So inline scripts represent a performance gain if you want to integrate small scripts.

However, once a script has a fairly substantial size, we advise you to outsource it and perform a request to retrieve it. So you will benefit from the cache mechanism.

What should I do?

Outsource your scripts with more than 1500 characters in one or more separate files.


 
Read more
Compliance 

100/100

No frameset, frame and noframes tags detected

These tags are obsolete, due to several issues related to the navigation consistency, SEO or browsers' bookmark features for example.

None of these tags is detected on this page.

The use of the iframe tag is prefered.


 
Read more
SEO 

100/100

This page specifies a <title> tag

The page should define a unique title (using a <title> tag).

Use of titles by search engines

Once properly configured, the page title can be displayed in the search engine results page:

Using a suitable title is a major criterion for SEO. It allows you to control at best what is displayed in search results pages, and determine the keywords you want your site pops out.

How to define the title of a web page?

The title of the page is specified into the <title> tag, which must be placed into the <head> tag, at the beginning of the code.


This page defines a title the title tag.

Here is the page's title:

Все  об Алле Пугачевой - Жизнь Аллы Пугачевой


 
Read more
Compliance 

100/100

No Java applets detected

Java applets are considered obsolete in 2015. HTML5 is powerful and more widely supported. Using Java applets can lead to compatibility issues and may send negative signals to your users (eg the browser indicating that content was blocked because it could be dangerous).

Congratulations, this page doesn't contain Java applets.


 
Read more
Compliance 

100/100

Do not use <bgsound> tag

No bgsound tag detected. This is a good practice: this element is not a HTML standard. See more information.

Use the audio tag to deliver audio content on your page.

<audio src="my-audio-file.ogg" autoplay>
Your browser doesn't support the audio element.
</audio>


 
Read more