Quality and Performance report

Report generated on Mar 29, 2018 6:56:31 AM

SIMULATED VISITOR: Chrome Paris 8.0/1.5Mbps (Latency: 50 ms) Edit





HTML CSS Scripts Images Others
Timeline / Waterfall

First Byte


Start Render


Fully loaded


Browser warnings 1Severe
Speed Index: 1708

Technologies :

Google Font API

Google Maps


Twitter Bootstrap


Share this report by email

Feel free to share this report with your collaborators, by copying the URL from the address bar,
or by clicking below:

Share the report

Tips and best practices:

Things to improve

Data amount 


6 images are resized on browser side

Images must not be delivered larger than they are actually displayed to avoid loading unnecessary data.

Resizing images explained

Resizing images on browser side to reduce their rendering size is not recommended.

For instance, if your image is set to render at 300px by 300px on a particular page, don't upload the original 1000px by 1000px version of that image to your page. Instead, resize/crop the image to fit the display size and then upload it to your site to decrease the page weight and loading time.

Using images with responsive designs or retina screens?

Responsive website designs and retina screens do not justify an image resizing. Even in such cases, some methods exist to deliver your pictures to the right size. We recommend reading the following resources:

Don't resize the following images:

On this page, 1 image is resized by less than 35%. This can be consistent in a Responsive Web Design website, so this best practice does not penalize the following resource, but please make sure that it does not affect the page performance:

Read more
Browser rendering 


1 critical dependency detected

The failure of a third-party content provider could bring an overall breakdown of your website.

Single Point Of Failure

A Frontend Single Point Of Failure (SPOF) is a critical dependency on a third-party content, that may block the entire display of your page in case of failure of the content provider.

As an example, if your web page uses a blocking script hosted by Google’s servers, then your page is reliant on any failure from this script. Please read our blog post dedicated to SPOF for more information.

How to avoid SPOF?

As far as possible, exclude any of these dependencies, even from renowned providers. If you have to use a third-party content, ensure that you choosed an asynchronous integration and that you have a fallback in case of problem.

We are checking if the tested web page depends (in a critical way) on some of most widespread external resources (googleapis, typekit,...). That are known as Frontend SPOF (Single Point Of Failure) cases.

This resource represents a SPOF for this page:

Read more


Consider using jQuery 1.12

You webpage uses jQuery 1.7.2. You should migrate to the latest version of the 1.x branch: jQuery 1.12, that contains several bug and security fixes.

Should I migrate to the last version of jQuery ?

Migrating from a 1. x version of jQuery to the latest version (3.x) can have many unintended impacts and means losing compatibility with older browsers. You should only consider abandoning jQuery 1.x as a part of a complete overhaul of your Front-End infrastructure. As you reflect on it, you will surely discover that you might not need jQuery.

Read more


You should use a secured connection (HTTPS)

HTTPS guarantees the confidentiality and security of communications over the internet: data is encrypted, so protected against attacks and data corruption.

Google is multiplying its actions to push more and more websites towards HTTPS. Google first added HTTPS in its SEO criteria (see the announcement). Since then, Chrome has been evolving and now highlights the absence of a secure environment in various cases where information is collected from users. Other browsers are also following this trend.

Setting up HTTPS on a website sometimes causes some reservations (cost, impacts on performance, compatibility with technical partners…). But the market has changed in recent years and you should not worry about migrating to HTTPS. You should consider switching your site to HTTPS.

How to set up the HTTPS protocol

You have to set up a certificate you got from a reliable certification authority. Learn more by contacting your website host who can help you getting this certificate. Besides, the following page help you in your migration procedure to the HTTPS protocol.

A free certificate? Try Let's Encrypt!

Let's Encrypt is a free, automated, and open certificate authority. Many hosting providers offer to enable the generation and automatic renewal of free certificates directly from the administration interface of your domain. Contact your website host for more information.

Read more
Browser rendering 


Defer parsing of JavaScript

JavaScript can significantly slow down a page display, especially if it is necessary to download an external script.

Defer the use of JavaScript as much as possible to provide a faster start for the page display.

How can I fix this?

Use one of the methods below to defer parsing for external JavaScript files:

  • use the async attribute;
  • use the defer attribute;
  • append the script to the DOM in JavaScript during the onload event;
  • make sure your scripts are placed at the bottom of the page (ideally at the end of the body).

249.4KiB of JavaScript is parsed during initial page load. Defer parsing JavaScript to reduce blocking of page rendering.

Read more


Define at least <h1> and <h2> tags in your page

We recommend putting page keywords in at least the h1 and h2 tags. Search engines use the h1, h2, and h3 tags for SEO purposes.
No h1, h2 or h3 tag detected on this page.

Read more


The Content Security Policy is missing

It is critical to restrict the origin of the contents of your webpage to protect your website from cross-site scripting attacks (XSS).

XSS attacks explained

An XSS attack aims to inject content into a page.

You can protect your pages against these attacks by implementing a content security policy that tells the web browser which servers are allowed to deliver resources on each page. If the browser makes a request to an unauthorized server, it must inform the user.

How can I prevent an XSS attack?

Set up a "Content-Security-Policy" (CSP) HTTP header. To specify a security policy on the source of your resources, configure your server so the response of the first resource contains the "Content-Security-Policy" HTTP header.

Here's an example:

Content-Security-Policy: script-src 'self' https://apis.google.com

In this case, the page loads correctly provided that all the scripts come from the current host or https://apis.google.com.

Read more about the CSP HTTP header. You can also look at the CSP directives.

Please, be careful, if the header is misconfigured, some of your content, scripts, or styles may be blocked. That could cause unwanted side effects. Moreover, the restrictions apply to all pages of the website. We recommend you test the different pages of your website before deploying this header in your production environment.

No Content Security Policy on this page: it is more easily exposed to XSS attacks.

Read more


Set a lang for your page

Your page should define a lang attribute on the html root node: this will allow screen readers to correctly understand your website.

Read less
Google Font API 


You should retrieve Google Fonts in one-time

The Google Font API allows to minimize the number of requests to retrieve the font you want.

The fonts with Google Font API

This page uses fonts provided by Google to improve its rendering.

How to retrieve them?

It is possible to load the Google fonts in a single request. For example, if your code looks like this:

<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Droid+Sans:normal,italic">
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Lobster:bold,bolditalic">

You should replace it with the following form, which will retrieve the same content with one request:

 <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Droid+Sans:normal,italic|Lobster:bold,bolditalic">

You should optimize the following requests:

Read more
Browser rendering 


Specify a character set

The following resources have no character set specified in their HTTP headers. Specifying a character set in HTTP headers can speed up browser rendering.

Specify the character set used in the Content-Type HTTP header allows the browser to parse immediately the page.

Read more


Add alt attribute on <img> tags

Moreover, the alt attribute is also an important criterion for SEO. Indeed, search engines crawlers cannot parse graphic contents. That is why they use the alternative text to return consistent results, like in Google images.

<img src="product.jpg" alt="My product description"/>

The alt attribute is used in several cases unrelated to SEO:

  • When a screen reader is in use for accessibility purposes;
  • While image is loading, particularly for slow connections;
  • When the image file is not found.

You have 31 img tags, but 15 tags do not define the alt attribute:

  • <img src="images/ik1.jpg" />
  • <img src="images/menu-linia.jpg" class="odstep_lewa_prawa_15 ukryj_mobile3" />
  • <img src="images/menu-linia.jpg" class="odstep_lewa_prawa_15" />
  • <img src="images/menu-linia.jpg" class="odstep_lewa_prawa_15" />
  • <img src="images/menu-linia.jpg" class="odstep_lewa_prawa_15" />
  • <img src="images/menu-linia.jpg" class="odstep_lewa_prawa_15" />
  • <img src="images/menu-linia.jpg" class="odstep_lewa_prawa_15" />
  • <img src="images/menu-linia.jpg" class="odstep_lewa_prawa_15" />
  • <img src="images/menu-linia.jpg" class="odstep_lewa_prawa_15" />
  • <img src="images/linia.png" />
  • <img src="images/linia.png" />
  • <img src="images/linia.png" />
  • <img src="images/linia.png" />
  • <img src="images/linia.png" />
  • <img src="images/cookie_yes.png" />

If nothing seems appropriate for describing an image, you might set an empty text. We advise you to make sure the majority of your images define a relevant text. Read the W3C recommendations here.

Read more


1 label does not refer to an element

The for attribute associates the label to an other element of the page, and help screen readers to better interpret your content.

Label and for attribute

A label describes an element (a text to fill, a checkbox, etc.). When a user click on a label associated with a radio button, the option will be directly selected, improving the user experience.

How to use a label?

Associate the label to an element of the page by indicating the ID of the element. Example:

<form action="/action">
<label for="myId">
<input type="radio" name="myOptions" id="myId" value="1" >

The following label does not define a for attribute:

  • <label style="vertical-align: middle; cursor: pointer;">

Read more


This page is exposed to "clickjacking" type attacks

Keep malicious people from integrating your pages into their websites.

Clickjacking explained

This kind of attack happens when your page gets integrated with a malicious website via <frame> or <iframe> tags. By doing this, attackers can persuade users that they are on your own page when they are not. The unsuspecting user may enter personal information that is visible on and thus vulnerable to the malicious website.

To avoid this, always indicate which domains have permission to integrate your pages.

How to prevent clickjacking?

Configure a "X-Frame-Options" HTTP header. Configure your server so the main resource response includes the "X-Frame-Options" HTTP header.

Three values may be defined:

  • DENY to prevent any frame or iframe from integrating the page;
  • SAMEORIGIN to authorize only frames from the same domain name;
  • ALLOW-FROM uri to indicate the domains allowed to integrate a page into frame (however is not compatible with some browsers)

  • The "X-Frame-Options" HTTP header is not configured on this page; you are more likely to be exposed to clickjacking.

    Read more


    4 empty elements can disturb screen readers

    <p>, <li>, <button>, <legend>, <caption>, <figcaption> and <quote> elements must not be empty because if they are, some screen readers will have difficulties interpreting their presence.

    Remove these empty elements from you code or decorate them with the aria-hidden attribute so that the screen readers ignore them.

    <p aria-hidden="true"></p>

    The following elements are empty:

    • <p class="gm-style-pbt">
    • <li class="showli">
    • <li>
    • <li>

    Read more


    robots.txt file should be defined

    Indicate to web crawlers which URLs should be explored on your website.

    The robots.txt file

    Place your robots.txt file in the root of the website. It will be interpreted by the robots in charge of your SEO. It delivers instructions to specify the pages to explore by robots, like Google bot.

    Note that these directives are indicative only. A lambda robot will not be blocked by the restrictions specified by the file.

    We have not detected the robots.txt file on this website, you should define one:

    Read more
    Browser rendering 


    Avoid http-equiv <meta> tags

    HTTP headers are more efficient than the http-equiv meta tags.

    The <meta http-equiv=""/> tags

    The http-equiv meta tags allow to communicate to the web browser information equivalent to the ones of HTTP headers. For example, the meta <meta http-equiv="content-type"/> will have the same consequences than the HTTP Content-Type header.

    Two points don’t stimulate the use of http-equiv meta tags:

    • Going through the meta requires to interpret the beginning of the HTML page, which is slower than going through the HTTP headers in terms of performance
    • If the HTTP header is already present, the meta is ignored
    In which cases are the <meta http-equiv=""/> useful?

    Only one case can justify the presence of these meta tags: if you don’t have access to the configuration of your server, and that is to say to the HTTP headers.

    However, we advice you to use a configurable server so that you can establish the most efficient site possible.

    This page contains 1 http-equiv meta tag. If possible, you should replace it:

    • X-UA-Compatible

    Read more


    Avoid HTML code in comments

    Comments allow you to detail a portion of code and help you navigate more efficiently in the DOM. However, make sure no sensitive information is exposed in your comments.

    1 of your 4 comments contains HTML code. You should remove the code for your production version. You'll save 188 useless characters:

    • <!--                <a href="en"><img src="images/f2.jpg" class="odstep_lewa_15" /></a>                <a href="pl"><img src="images/f1.jpg" class="odstep_lewa_5" /></a>                -->

    Read more

    Did you know?


    No <noscript> tag is detected

    When a web page uses scripts, it is advised to set at least one noscript tag. It is required to display a message when JavaScript is disabled by the user.

    <script  type="text/javascript">
    document.write('Hello World!')
    <noscript>Your browser does not support JavaScript!</noscript>

    Read more

    More informations about jQuery performance

    jQuery is the most used JavaScript library. Upgrade your website performance respecting the jQuery best practices. We recommend that you learn the basics of the jQuery performance, reading the following link: http://learn.jquery.com/performance/.

    Read more
    Data amount 

    This page does not load too much data (1.1MB)

    A too high page weight slows down the display, especially on low speed connections. This can lead to frustration for users paying for data (see whatdoesmysitecost.com).

    Evaluate the Weight of my Web Page

    In February 2016, the average weight of 100 most visited websites in the world was 1,38MB.

    How to reduce the weight of my page?

    You can report to our "Data amount" category to discover the possible optimizations in your case. Images are often involved.
    Moreover, make sure to build your web pages in order to load data that is essential to the user experience (rendering optimization of the critical path).
    For other contents (social networking plugins, advertising, content at the bottom of the page ...), it is better to delay the loading (asynchronous, lazy-loading ...), so they don't override priority contents.

    We strongly recommend that you define performance budgets before you carry out your web projects. These budgets can be settled through the DareBoost monitoring feature.

    We have established the weight distribution of the page by resource type:

    • Images : 67,65% of total weight
    • JavaScript : 23,90% of total weight
    • Font : 5,54% of total weight
    • CSS : 2,41% of total weight
    • Texts : 0,51% of total weight

    Here is the weight of the 10 heaviest resources over the network, and that are necessary to load the page:

    Read more

    This page contains 39 links

    Two kind of links exist:

    • Internal links that refer to pages with the same domain name;
    • External links that point to other websites (must be relevant and point towards quality content).

    If you reference many links, you can ask the SEO crawlers to consider only some of them, by adding the rel=nofollow attribute to the irrelevant ones (e.g., advertisements).

    Here is the distribution of 39 links present in the page:

    • 35 internal links (89,74%)
    • 4 "follow" external links (10,26%)
    • No "nofollow" external link (0,00%)

    Read more

    37 resources on this page are for public use

    By default, the browser accepts to perform AJAX requests, or to retrieve web fonts, only on the same domain name of the page. So a font provided by toto.com can only be used by the pages of toto.com. This prevents misuse of your resources by any site.

    Some resources are public, and explicitly want to be available to everyone (eg Google Fonts). In this case, the HTTP header Access-Control-Allow-Origin can be used with the value "*". You should, however, use this property if your resource has aimed to be used by the greatest number. Otherwise, we recommend that you keep the default, or set a specific domain name in the "Access-Control-Allow-Origin" HTTP header.

    You should be aware of the following resources, that use a Access-Control-Allow-Origin: * HTTP header. Make sure they are actually intended to be used by pages from all domain names:

    It appears these files are hosted by a third-party, so they may not be within your control. However, you should consider any alternative to these resources to improve your page performance.

    Read more

    Do "target=_blank" links introduce a security leak on this page?

    Using the target=_blank attribute is rarely recommended. Nevertheless, if you need to use this attribute, note that a security leak could cause harm to your visitors, particularly if your site is open to visitor contributions.

    It allows the targeted page to manipulate the window.opener.location property, and thus to perform a redirect within the parent tab. When the user gets back to the parent tab, he can be facing a malicious website (phishing, etc).

    We recommend you to add the rel=noreferrer attribute when using a target = _blank to an external website. This will block access to "window.opener".
    If your website allows users to publish contributive content (eg comments, customer reviews, etc.), be sure to automate the addition of this protection. Otherwise, a user could easily exploit this breach.

    The following links may be exposed to this vulnerability:

    • <a target="_blank" href="https://maps.google.com/maps?ll=52.131199,21.062831&z=16&t=m&hl=fr-FR&gl=US&mapclient=apiv3" title="Cliquez ici pour afficher cette zone sur Google Ma...
    • <a href="https://www.google.com/intl/fr-FR_US/help/terms_maps.html" target="_blank" style="text-decoration: none; cursor: pointer; color: rgb(68, 68, 68);">Conditions d'utilisation</a>

    Read more

    Well done, these best practices are respected

    Cache policy 


    You do not use too long inline scripts

    Any script with a significant size should let the browser cached them in order to reduce loading time/improve performance of your returning visitor.

    Inline scripts / cache policy

    "inline" scripts allow to integrate easily small portions of scripts directly in the HTML code. Example:

    <script type="text/javascript">
        ga('create', 'UA-11111111-1', 'mywebsite.com');

    By doing so, you avoid making a request to the server to retrieve the resource. So inline scripts represent a performance gain if you want to integrate small scripts.

    However, once a script has a fairly substantial size, we advise you to outsource it and perform a request to retrieve it. So you will benefit from the cache mechanism.

    What should I do?

    Outsource your scripts with more than 1500 characters in one or more separate files.

    Read more


    You have defined a <meta> 'description'

    The page should define a unique description.

    Description in search engines

    The description of the page may be directly displayed in search engine results pages (SERP):

    It allows you to control at best the entry preview in search engines, and to improve the click rate to your page. Learn more.

    How to define a page's description?

    Use <meta name="description" content="page description"> and place it in the <head> tag.

    This page defines one <meta> description:

    Zapraszamy do naszej kliniki ortodontycznej: Warszawa - Ursynów. Lekarz ortodonta dobierze najlepszy aparat ortodontyczny. W naszej ofercie: rtg zębów, tomografia.

    Read more


    This page uses only standard image formats

    The images that use a non-standard format may not be indexed by search engines.

    Only these image formats are considered standard on the web: jpeg, jpg, png, gif, svg, ico, webp. You should consider an alternative to any other format.

    Moreover, remember to treat the text around your images: some search engines analyze approximately the 10 words preceding and following the image in order to add a context to the image.

    Read more


    No frameset, frame and noframes tags detected

    These tags are obsolete, due to several issues related to the navigation consistency, SEO or browsers' bookmark features for example.

    None of these tags is detected on this page.

    The use of the iframe tag is prefered.

    Read more


    This page specifies a <title> tag

    The page should define a unique title (using a <title> tag).

    Use of titles by search engines

    Once properly configured, the page title can be displayed in the search engine results page:

    Using a suitable title is a major criterion for SEO. It allows you to control at best what is displayed in search results pages, and determine the keywords you want your site pops out.

    How to define the title of a web page?

    The title of the page is specified into the <title> tag, which must be placed into the <head> tag, at the beginning of the code.

    This page defines a title the title tag.

    Here is the page's title:

    Dobry ortodonta Warszawa - Ursynów

    Read more


    No Java applets detected

    Java applets are considered obsolete in 2015. HTML5 is powerful and more widely supported. Using Java applets can lead to compatibility issues and may send negative signals to your users (eg the browser indicating that content was blocked because it could be dangerous).

    Congratulations, this page doesn't contain Java applets.

    Read more