Quality and Performance report

https://sites.google.com/site/pesnyaladasedan/
Report generated on May 1, 2017 5:50:01 PM
Download report
SIMULATED VISITOR: Chrome Paris 8.0/1.5Mbps (Latency: 50 ms) Edit

Requests

24

Weight

352kB

HTML CSS Scripts Images Others
Timeline / Waterfall

First Byte

0.22sec

Start Render

0.67sec

Fully loaded

2.52sec


Browser warnings 0OK
HTTP/2 Ready: 100%
Speed Index: 669

Technologies :

Google Analytics

Google Sites

OpenGSE

Java


Share this report by email

Feel free to share this report with your collaborators, by copying the URL from the address bar,
or by clicking below:

Share the report

Tips and best practices:

Things to improve

Browser rendering 

0/100

1 critical dependency detected

The failure of a third-party content provider could bring an overall breakdown of your website.

Single Point Of Failure

A Frontend Single Point Of Failure (SPOF) is a critical dependency on a third-party content, that may block the entire display of your page in case of failure of the content provider.

As an example, if your web page uses a blocking script hosted by Google’s servers, then your page is reliant on any failure from this script. Please read our blog post dedicated to SPOF for more information.

How to avoid SPOF?

As far as possible, exclude any of these dependencies, even from renowned providers. If you have to use a third-party content, ensure that you choosed an asynchronous integration and that you have a fallback in case of problem.


We are checking if the tested web page depends (in a critical way) on some of most widespread external resources (googleapis, typekit,...). That are known as Frontend SPOF (Single Point Of Failure) cases.

This resource represents a SPOF for this page:


 
Read more
Browser rendering 

0/100

Defer parsing of JavaScript

JavaScript can significantly slow down a page display, especially if it is necessary to download an external script.

Defer the use of JavaScript as much as possible to provide a faster start for the page display.

How can I fix this?

Use one of the methods below to defer parsing for external JavaScript files:

  • use the async attribute;
  • use the defer attribute;
  • append the script to the DOM in JavaScript during the onload event;
  • make sure your scripts are placed at the bottom of the page (ideally at the end of the body).

263.5KiB of JavaScript is parsed during initial page load. Defer parsing JavaScript to reduce blocking of page rendering.


 
Read more
SEO 

0/100

You should define a 'description' meta tag

The page should define a unique description.

Description in search engines

The description of the page may be directly displayed in search engine results pages (SERP):

It allows you to control at best the entry preview in search engines, and to improve the click rate to your page. Learn more.

How to define a page's description?

Use <meta name="description" content="page description"> and place it in the <head> tag.

No <meta> description has been found on this page. Please provide a <meta> description.


 
Read more
Security 

0/100

The Content Security Policy is missing

It is critical to restrict the origin of the contents of your webpage to protect your website from cross-site scripting attacks (XSS).

XSS attacks explained

An XSS attack aims to inject content into a page.

You can protect your pages against these attacks by implementing a content security policy that tells the web browser which servers are allowed to deliver resources on each page. If the browser makes a request to an unauthorized server, it must inform the user.

How can I prevent an XSS attack?

Set up a "Content-Security-Policy" (CSP) HTTP header. To specify a security policy on the source of your resources, configure your server so the response of the first resource contains the "Content-Security-Policy" HTTP header.

Here's an example:

Content-Security-Policy: script-src 'self' https://apis.google.com

In this case, the page loads correctly provided that all the scripts come from the current host or https://apis.google.com.

Read more about the CSP HTTP header. You can also look at the CSP directives.

Please, be careful, if the header is misconfigured, some of your content, scripts, or styles may be blocked. That could cause unwanted side effects. Moreover, the restrictions apply to all pages of the website. We recommend you test the different pages of your website before deploying this header in your production environment.


No Content Security Policy on this page: it is more easily exposed to XSS attacks.


 
Read more
Accessibility 

0/100

Set a lang for your page

Your page should define a lang attribute on the html root node: this will allow screen readers to correctly understand your website.


 
Read less
Cache policy 

44/100

Specify a 'Vary: Accept-Encoding' header

The following publicly cacheable, compressible resources should have a "Vary: Accept-Encoding" header:

The Vary: Accept-Encoding header allows to cache two versions of the resource on proxies: one compressed, and one uncompressed. So, the clients who cannot properly decompress the files are able to access your page via a proxy, using the uncompressed version. The other users will get the compressed version.


 
Read more

Did you know?

Security 

Your server should be able to communicate with HTTP while it uses a HTTPS connection

Take precautionary measures against attacks like "man in the middle" by making sure to only communicate in HTTPS with the server.

The HTTP Strict Transport Security (HSTS) Header

When you communicate with a server through a secured connection, every sent request towards this server should use the HTTPS protocol. The HTTP HSTS header allows to indicate to the browser that all the requests sent to the domain concerned must be done via HTTPS. If the URL is presented under "http://...", the web browser is automatically going to replace it by "https://...".

However, we advise you to not set this header unless your entire website serves its resources in HTTPS.

No HSTS header has been detected on this page.


 
Read more
Data amount 

1 domain sends 27 bytes of cookies

HTTP cookies are used to track a user to costumize the page according to their profile. They are sent as a HTTP header from the web server to the browser. Then, each time the browser accesses to the server, it sends a request containing the cookie received at the first response. See more information.

Here, 1 domain sends 27 bytes of cookies:

Domain name: google
  • _ga: 26 bytes distributed on 1 request(s)
  • _gat_SitesTracker: 1 bytes distributed on 1 request(s)


 
Read more
Security 

4 resources on this page are for public use

By default, the browser accepts to perform AJAX requests, or to retrieve web fonts, only on the same domain name of the page. So a font provided by toto.com can only be used by the pages of toto.com. This prevents misuse of your resources by any site.

Some resources are public, and explicitly want to be available to everyone (eg Google Fonts). In this case, the HTTP header Access-Control-Allow-Origin can be used with the value "*". You should, however, use this property if your resource has aimed to be used by the greatest number. Otherwise, we recommend that you keep the default, or set a specific domain name in the "Access-Control-Allow-Origin" HTTP header.

You should be aware of the following resources, that use a Access-Control-Allow-Origin: * HTTP header. Make sure they are actually intended to be used by pages from all domain names:

Resources from "google"
Resources hosted by a third-party

It appears these files are hosted by a third-party, so they may not be within your control. However, you should consider any alternative to these resources to improve your page performance.


 
Read more
Browser rendering 

The Slowest Resources

The page load time is 2.5 seconds. Listed below, are your site's slowest loading requests:

Listed below, are your site's 10 slowest requests:

Excessively slow response times can be due to any number of reasons, usually because of a heavy resource that's loading or a temporary network issue.

For more information on page load time, you can consult the timeline.


 
Read more
Accessibility 

No <noscript> tag is detected

When a web page uses scripts, it is advised to set at least one noscript tag. It is required to display a message when JavaScript is disabled by the user.

<script  type="text/javascript">
document.write('Hello World!')
</script>
<noscript>Your browser does not support JavaScript!</noscript>


 
Read more
Security 

Do all third parties resources deliver the right content?

This page loads data from third parties, you should ensure their integrity.

SubResource Integrity (SRI)

Use SRI to ensure that a third party resource has not been tampered. Add the integrity attribute to <script> and <link> tags loading this kind of resource. Example:

<script src="https://exemple.com/exemple-framework.js"
integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
crossorigin="anonymous">
</script>

The integrity attribute value is equal to the base64-encoded hash (SHA) of the resource. The browser compares this hash with the downloaded content in order to determine if the resource matches the expected content.

You can create the SHA thanks to several tool. In command line, you can use openssl. You can also test some online tools, as srihash.org or report-uri.io. Learn more about SubResource Integrity.


 
Read more

Well done, these best practices are respected

Compliance 

100/100

Your font formats are well used

Be sure to deliver the most suitable font format for each platform.

Declaring several font formats

The web browsers (Firefox, Chrome, Safari, Internet Explorer, Opera ...) do not support all the same font formats. Your goal is to use the lightest possible format for each platform. When you use a font, you can specify several formats, via the @font-face CSS instruction: so the browser will use the first compatible format that it supports.

How to declare your font formats?

Check if your formats are well ordered in the @font-face's src property. Here's an article about this topic to help you to determine the right order to declare your fonts. TL; DR order to respect for your webfont formats: EOT, WOFF2, WOFF, TTF, and SVG.


All fonts are well ordered in the @font-face instructions.


 
Read more
Cache policy 

100/100

You do not use too long inline scripts

Any script with a significant size should let the browser cached them in order to reduce loading time/improve performance of your returning visitor.

Inline scripts / cache policy

"inline" scripts allow to integrate easily small portions of scripts directly in the HTML code. Example:

<script type="text/javascript">
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']...,'/analytics.js','ga');
    ga('create', 'UA-11111111-1', 'mywebsite.com');
</script>

By doing so, you avoid making a request to the server to retrieve the resource. So inline scripts represent a performance gain if you want to integrate small scripts.

However, once a script has a fairly substantial size, we advise you to outsource it and perform a request to retrieve it. So you will benefit from the cache mechanism.

What should I do?

Outsource your scripts with more than 1500 characters in one or more separate files.


 
Read more
SEO 

100/100

This page uses only standard image formats

The images that use a non-standard format may not be indexed by search engines.

Only these image formats are considered standard on the web: jpeg, jpg, png, gif, svg, ico, webp. You should consider an alternative to any other format.

Moreover, remember to treat the text around your images: some search engines analyze approximately the 10 words preceding and following the image in order to add a context to the image.


 
Read more
Compliance 

100/100

No frameset, frame and noframes tags detected

These tags are obsolete, due to several issues related to the navigation consistency, SEO or browsers' bookmark features for example.

None of these tags is detected on this page.

The use of the iframe tag is prefered.


 
Read more
SEO 

100/100

This page specifies a <title> tag

The page should define a unique title (using a <title> tag).

Use of titles by search engines

Once properly configured, the page title can be displayed in the search engine results page:

Using a suitable title is a major criterion for SEO. It allows you to control at best what is displayed in search results pages, and determine the keywords you want your site pops out.

How to define the title of a web page?

The title of the page is specified into the <title> tag, which must be placed into the <head> tag, at the beginning of the code.


This page defines a title the title tag.

Here is the page's title:

Тимати Лада Седан


 
Read more
Compliance 

100/100

No Java applets detected

Java applets are considered obsolete in 2015. HTML5 is powerful and more widely supported. Using Java applets can lead to compatibility issues and may send negative signals to your users (eg the browser indicating that content was blocked because it could be dangerous).

Congratulations, this page doesn't contain Java applets.


 
Read more