Quality and Performance report

http://argowindowrepair.com
Report generated on Mar 20, 2018 10:23:55 PM

SIMULATED VISITOR: Chrome Paris 8.0/1.5Mbps (Latency: 50 ms) Edit

Requests

117

Weight

2.11MB

HTML CSS Scripts Images Others
Timeline / Waterfall

First Byte

0.56sec

Start Render

1.30sec

Fully loaded

3.61sec


Browser warnings 0OK
HTTP/2 Ready: 9%
Speed Index: 1695

Technologies :

Apache

Google Analytics

Google Tag Manager

jQuery


Share this report by email

Feel free to share this report with your collaborators, by copying the URL from the address bar,
or by clicking below:

Share the report

Tips and best practices:

Things to improve

Data amount 

0/100

Reduce the page weight (2.1MB)

The page weight is too high, slowing down its display, especially on low speed connections. This can lead to frustration for users paying for data (see whatdoesmysitecost.com).

Evaluate the Weight of my Web Page

In February 2016, the average weight of 100 most visited websites in the world was 1,38MB.

How to reduce the weight of my page?

You can report to our "Data amount" category to discover the possible optimizations in your case. Images are often involved.
Moreover, make sure to build your web pages in order to load data that is essential to the user experience (rendering optimization of the critical path).
For other contents (social networking plugins, advertising, content at the bottom of the page ...), it is better to delay the loading (asynchronous, lazy-loading ...), so they don't override priority contents.

We strongly recommend that you define performance budgets before you carry out your web projects. These budgets can be settled through the DareBoost monitoring feature.


We have established the weight distribution of the page by resource type:

  • Images : 88,80% of total weight
  • JavaScript : 9,73% of total weight
  • CSS : 0,76% of total weight
  • Texts : 0,60% of total weight
  • JSON : 0,03% of total weight

Here is the weight of the 10 heaviest resources over the network, and that are necessary to load the page:


 
Read more
Data amount 

21/100

4 images are resized on browser side

Images must not be delivered larger than they are actually displayed to avoid loading unnecessary data.

Resizing images explained

Resizing images on browser side to reduce their rendering size is not recommended.

For instance, if your image is set to render at 300px by 300px on a particular page, don't upload the original 1000px by 1000px version of that image to your page. Instead, resize/crop the image to fit the display size and then upload it to your site to decrease the page weight and loading time.

Using images with responsive designs or retina screens?

Responsive website designs and retina screens do not justify an image resizing. Even in such cases, some methods exist to deliver your pictures to the right size. We recommend reading the following resources:

Don't resize the following images:

On this page, 16 images are resized by less than 35%. This can be consistent in a Responsive Web Design website, so this best practice does not penalize the following resources, but please make sure that they do not affect the page performance:


 
Read more
Browser rendering 

0/100

2 critical dependencies detected

The failure of a third-party content provider could bring an overall breakdown of your website.

Single Point Of Failure

A Frontend Single Point Of Failure (SPOF) is a critical dependency on a third-party content, that may block the entire display of your page in case of failure of the content provider.

As an example, if your web page uses a blocking script hosted by Google’s servers, then your page is reliant on any failure from this script. Please read our blog post dedicated to SPOF for more information.

How to avoid SPOF?

As far as possible, exclude any of these dependencies, even from renowned providers. If you have to use a third-party content, ensure that you choosed an asynchronous integration and that you have a fallback in case of problem.


We are checking if the tested web page depends (in a critical way) on some of most widespread external resources (googleapis, typekit,...). That are known as Frontend SPOF (Single Point Of Failure) cases.

The following resources represent a SPOF for this page:


 
Read more
jQuery 

0/100

Consider using jQuery 1.12

You webpage uses jQuery 1.11.0. You should migrate to the latest version of the 1.x branch: jQuery 1.12, that contains several bug and security fixes.

Should I migrate to the last version of jQuery ?

Migrating from a 1. x version of jQuery to the latest version (3.x) can have many unintended impacts and means losing compatibility with older browsers. You should only consider abandoning jQuery 1.x as a part of a complete overhaul of your Front-End infrastructure. As you reflect on it, you will surely discover that you might not need jQuery.


 
Read more
Security 

0/100

You should use a secured connection (HTTPS)

HTTPS guarantees the confidentiality and security of communications over the internet: data is encrypted, so protected against attacks and data corruption.

Google is multiplying its actions to push more and more websites towards HTTPS. Google first added HTTPS in its SEO criteria (see the announcement). Since then, Chrome has been evolving and now highlights the absence of a secure environment in various cases where information is collected from users. Other browsers are also following this trend.

Setting up HTTPS on a website sometimes causes some reservations (cost, impacts on performance, compatibility with technical partners…). But the market has changed in recent years and you should not worry about migrating to HTTPS. You should consider switching your site to HTTPS.

How to set up the HTTPS protocol

You have to set up a certificate you got from a reliable certification authority. Learn more by contacting your website host who can help you getting this certificate. Besides, the following page help you in your migration procedure to the HTTPS protocol.

A free certificate? Try Let's Encrypt!

Let's Encrypt is a free, automated, and open certificate authority. Many hosting providers offer to enable the generation and automatic renewal of free certificates directly from the administration interface of your domain. Contact your website host for more information.


 
Read more
Browser rendering 

0/100

Defer parsing of JavaScript

JavaScript can significantly slow down a page display, especially if it is necessary to download an external script.

Defer the use of JavaScript as much as possible to provide a faster start for the page display.

How can I fix this?

Use one of the methods below to defer parsing for external JavaScript files:

  • use the async attribute;
  • use the defer attribute;
  • append the script to the DOM in JavaScript during the onload event;
  • make sure your scripts are placed at the bottom of the page (ideally at the end of the body).

294.2KiB of JavaScript is parsed during initial page load. Defer parsing JavaScript to reduce blocking of page rendering.


 
Read more

Did you know?

Quality 

No HTML code is commented

Comments allow you to detail a portion of code and help you navigate more efficiently in the DOM. However, make sure no sensitive information is exposed in your comments.

Well done, none of your comments contains HTML code.


 
Read more
jQuery 

More informations about jQuery performance

jQuery is the most used JavaScript library. Upgrade your website performance respecting the jQuery best practices. We recommend that you learn the basics of the jQuery performance, reading the following link: http://learn.jquery.com/performance/.


 
Read more

This page contains 51 links

Two kind of links exist:

  • Internal links that refer to pages with the same domain name;
  • External links that point to other websites (must be relevant and point towards quality content).

If you reference many links, you can ask the SEO crawlers to consider only some of them, by adding the rel=nofollow attribute to the irrelevant ones (e.g., advertisements).

Here is the distribution of 51 links present in the page:

  • 44 internal links (86,27%)
  • 7 "follow" external links (13,73%)
  • No "nofollow" external link (0,00%)


 
Read more
Security 

5 resources on this page are for public use

By default, the browser accepts to perform AJAX requests, or to retrieve web fonts, only on the same domain name of the page. So a font provided by toto.com can only be used by the pages of toto.com. This prevents misuse of your resources by any site.

Some resources are public, and explicitly want to be available to everyone (eg Google Fonts). In this case, the HTTP header Access-Control-Allow-Origin can be used with the value "*". You should, however, use this property if your resource has aimed to be used by the greatest number. Otherwise, we recommend that you keep the default, or set a specific domain name in the "Access-Control-Allow-Origin" HTTP header.

You should be aware of the following resources, that use a Access-Control-Allow-Origin: * HTTP header. Make sure they are actually intended to be used by pages from all domain names:

It appears these files are hosted by a third-party, so they may not be within your control. However, you should consider any alternative to these resources to improve your page performance.


 
Read more
Security 

Do "target=_blank" links introduce a security leak on this page?

Using the target=_blank attribute is rarely recommended. Nevertheless, if you need to use this attribute, note that a security leak could cause harm to your visitors, particularly if your site is open to visitor contributions.

It allows the targeted page to manipulate the window.opener.location property, and thus to perform a redirect within the parent tab. When the user gets back to the parent tab, he can be facing a malicious website (phishing, etc).

We recommend you to add the rel=noreferrer attribute when using a target = _blank to an external website. This will block access to "window.opener".
If your website allows users to publish contributive content (eg comments, customer reviews, etc.), be sure to automate the addition of this protection. Otherwise, a user could easily exploit this breach.

The following links may be exposed to this vulnerability:

  • <a target="_blank" href="https://www.angieslist.com/companylist/us/wi/milwaukee/argo-glass-and-windows-reviews-9222830.htm"><img alt="#" src="http://argowindowrepair.com/images/icon/ico1.png"></a>
  • <a target="_blank" href="https://www.homeadvisor.com/rated.ArgoGlassWindows.62656223.html"><img alt="#" src="http://argowindowrepair.com/images/icon/ico2.png"></a>
  • <a target="_blank" href="https://www.yelp.com/biz/argo-glass-and-windows-milwaukee"><img alt="#" src="http://argowindowrepair.com/images/icon/ico3.png"></a>
  • <a target="_blank" href="https://www.bbb.org/wisconsin/business-reviews/window-installation/argo-glass-windows-inc-in-milwaukee-wi-1000025726"><img alt="#" src="http://argowindowrepair.com/images/icon...
  • <a target="_blank" href="https://www.facebook.com/https://www.facebook.com/argowindowglassrepair" class="soctext facebook">Facebook</a>
  • <a target="_blank" href="https://plus.google.com/https://plus.google.com/u/3/105196022711987361246" class="soctext googlplus">Google+</a>
  • <a target="_blank" href="https://www.instagram.com/https://www.instagram.com/argowindowglassrepair/" class="soctext instagram">Instagram</a>


 
Read more
Security 

4 cookies are not secured

A cookie sent from the server to a web browser via the HTTPs protocol should only transit on a secure connection (except for some specific cases).

HTTP cookies

HTTP cookies are set by the server to the web browser via the Set-Cookie HTTP header. Then, the browser transmits the cookies to the server for the next requests by using the Cookie HTTP header. When the server uses a secure connection (HTTPs), the cookie probably contains some sensitive data: you have to garantee that the cookie cannot be exploited on an insecure connection.

The Secure directive

By adding the Secure instruction in the Set-Cookie HTTP header, the server informs the browser that it is allowed to transmit the cookie over secure connection only. Read this blog post to learn more.

Caution: Ensure that the HTTP to HTTPS redirect is activated on your website. Otherwise, the Secure cookie may not be sent on HTTP request.

Apache logo The Set-Cookie HTTP header can be configured with your Apache server. Make sure that the mod_headers module is enabled. Then, you can specify the header (in your .htaccess file, for example). Here is an example:

<IfModule mod_headers.c>
# only for Apache > 2.2.4:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

# lower versions:
Header set Set-Cookie HttpOnly;Secure
</IfModule>

The following Cookies are not secure:

mc.yandex.ru/watch/44931685?wmode=7&page-url=htt[...]20of%20Damaged%20Windows

  • Set-Cookie: yandexuid=2672713441521584639; domain=.yandex.ru; path=/; expires=Fri, 17-Mar-2028 22:23:59 GMT
  • Set-Cookie: yp=1836944639.yrts.1521584639; domain=.yandex.ru; path=/; expires=Fri, 17-Mar-2028 22:23:59 GMT
  • Set-Cookie: yabs-sid=292274701521584639; path=/
  • Set-Cookie: i=SCKai3bE7XiJGb3OTvkb8lkVnzo37xtRXRXhv08UtvUM/S5Nly4jzDCn+vwzHeeIezrjOuNWBMtYfb26u0XI20wEVew=; Expires=Fri, 17-Mar-2028 22:23:59 GMT; Domain=.yandex.ru; Path=/; HttpOnly


 
Read more

Well done, these best practices are respected

Cache policy 

100/100

You do not use too long inline scripts

Any script with a significant size should let the browser cached them in order to reduce loading time/improve performance of your returning visitor.

Inline scripts / cache policy

"inline" scripts allow to integrate easily small portions of scripts directly in the HTML code. Example:

<script type="text/javascript">
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']...,'/analytics.js','ga');
    ga('create', 'UA-11111111-1', 'mywebsite.com');
</script>

By doing so, you avoid making a request to the server to retrieve the resource. So inline scripts represent a performance gain if you want to integrate small scripts.

However, once a script has a fairly substantial size, we advise you to outsource it and perform a request to retrieve it. So you will benefit from the cache mechanism.

What should I do?

Outsource your scripts with more than 1500 characters in one or more separate files.


 
Read more
SEO 

100/100

This page defines <h1> and <h2> tags

We recommend putting page keywords in at least the h1 and h2 tags. Search engines use the h1, h2, and h3 tags for SEO purposes.
This page contains:

  • 1 <h1> element(s)
  • 8 <h2> element(s)
  • 9 <h3> element(s)


 
Read more
Accessibility 

100/100

<noscript> tag detected

This page uses noscript tag. It allows to display a message when JavaScript is disabled by the user.


 
Read less
Apache 

100/100

Your Apache server version is not exposed

You are using Apache, but we are not able to detect the version. It is more difficult for a hacker to attack your website, because he does not know the version you use. This is a good practice.

There are two values to check if you want to hide your server version: the ServerSignature and the ServerTokens (/etc/apache2/conf.d/security file on a Linux server).

# Hide the version from the 'Server' HTTP Header.
# (e.g.): display only "Server: Apache"
ServerTokens Prod
# Don't add a trailing footer line under server-generated document,
# containing the server name and its version.
ServerSignature Off

However, keep in mind that the best way to protect your system from attacks is to regularly update your Apache server.


 
Read more
SEO 

100/100

You have defined a <meta> 'description'

The page should define a unique description.

Description in search engines

The description of the page may be directly displayed in search engine results pages (SERP):

It allows you to control at best the entry preview in search engines, and to improve the click rate to your page. Learn more.

How to define a page's description?

Use <meta name="description" content="page description"> and place it in the <head> tag.

This page defines one <meta> description:

Wooden windows restoration. One stop windows & glass repair service provider. Save up to 70% of the budget for restoration in just 1 day. Call for free estimate


 
Read more
SEO 

100/100

This page uses only standard image formats

The images that use a non-standard format may not be indexed by search engines.

Only these image formats are considered standard on the web: jpeg, jpg, png, gif, svg, ico, webp. You should consider an alternative to any other format.

Moreover, remember to treat the text around your images: some search engines analyze approximately the 10 words preceding and following the image in order to add a context to the image.


 
Read more