Tested 2026-05-26 05:37:06 using Firefox 150.0.2 (runtime settings)
Use --filmstrip.showAll to show all filmstrips.
0 s1.2 sDOM Content Loaded Time 1.114 sPage Load Time 1.120 s1.3 sFirst Contentful Paint 1.300 sLCP <P> 1.300 s
1.4 sFirst Visual Change 1.333 sVisual Complete 85% 1.333 sVisual Complete 95% 1.333 s
1.5 sFully Loaded 1.410 s
1.6 s
1.7 s
1.8 s
1.9 s
2 s
2.1 s
2.2 s
2.3 s
2.4 s
2.5 sVisual Complete 99% 2.433 sLast Visual Change 2.467 sThe coach helps you find performance problems on your web page using web performance best practice rules. And gives you advice on privacy and best practices. Tested using Coach-core version 9.2.1.
decodingAsyncThe page has 3 images (out of 3) without a decoding hint. Add decoding="async" to non-critical images so the browser can decode them off the main thread.
Setting decoding="async" on an <img> tells the browser it can decode the image off the main thread, which keeps the page responsive to user interactions while images are being processed. The default ("auto") leaves the choice to the browser. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#decoding
avoidRenderBlockingThe style https://query.wikidata.org/querybuilder/assets/index.58783912.css is larger than the magic number TCP window size 14.5 kB. Make the file smaller and the page will render faster. Avoid loading synchronously JavaScript inside of head, you shouldn't need JavaScript to render your page! The page has 1 render blocking CSS request and 1 blocking JavaScript request inside of head.
The critical rendering path is what the browser needs to do to start rendering the page. Every file requested inside of the head element will postpone the rendering of the page, because the browser need to do the request. Avoid loading JavaScript synchronously inside of the head (you should not need JavaScript to render the page), request files from the same domain as the main document (to avoid DNS lookups) and inline CSS for really fast rendering and a short rendering path.
cacheHeadersLongThe page has 9 requests that have a shorter cache time than one year (but still a cache time).
Setting a cache header is good. Setting a long cache header (a year) is even better because the asset will stay in the browser cache across visits. For content-hashed URLs (e.g. app.4af2.css) you can safely use Cache-Control: max-age=31536000, immutable. For unversioned URLs that may change, use a revalidating strategy instead.
cumulativeLayoutShiftLayout Shift is not supported in this browser
Cumulative Layout Shift measures the sum total of all individual layout shift scores for unexpected layout shift that occur. The metric is measuring visual stability by quantify how often users experience unexpected layout shifts. It is one of Google Web Vitals.
metaDescriptionThe page is missing a meta description.
Use a page description to make the page more relevant to search engines.
unnecessaryHeadersThere are 11 responses that sets a server header.
Do not send headers that you don't need. We look for p3p, cache-control and max-age, pragma, server and x-frame-options headers. Have a look at Andrew Betts - Headers for Hackers talk as a guide https://www.youtube.com/watch?v=k92ZbrY815c or read https://www.fastly.com/blog/headers-we-dont-want.
referrerPolicyNo <meta name="referrer"> tag was found on the page. Set a Referrer-Policy response header (preferred) or add a meta tag, for example <meta name="referrer" content="strict-origin-when-cross-origin">.
Without an explicit referrer policy the browser falls back to the user-agent default and may leak the full URL of the previous page (including query strings) to every cross-origin request. Set a Referrer-Policy response header (preferred) or a <meta name="referrer"> tag in the document. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
contentSecurityPolicyHeaderSet a Content-Security-Policy header to mitigate cross-site scripting attacks. You can start with a Content-Security-Policy-Report-Only header, which only reports violations rather than blocking them.
A Content-Security-Policy response header tells the browser which sources of script, style, and other content are allowed. The most effective form is a strict CSP using nonces or hashes together with strict-dynamic; the worst is a missing header, with unsafe-inline and unsafe-eval close behind. https://web.dev/articles/strict-csp
crossOriginEmbedderPolicyHeaderSet a Cross-Origin-Embedder-Policy header (typically require-corp or credentialless) on the document response to control cross-origin embedding.
Cross-Origin-Embedder-Policy (COEP) makes the page refuse to load cross-origin subresources unless they explicitly opt in via CORP or CORS. Together with Cross-Origin-Opener-Policy it puts the page in a cross-origin isolated context, which mitigates cross-window side-channel attacks (Spectre) and unlocks high-resolution timers and SharedArrayBuffer. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy
crossOriginOpenerPolicyHeaderSet a Cross-Origin-Opener-Policy header (typically same-origin) on the document response to isolate the page from cross-origin windows.
Cross-Origin-Opener-Policy (COOP) lets a page sever its window-group ties to cross-origin documents that opened it or that it opens. Together with Cross-Origin-Embedder-Policy it puts the page in a cross-origin isolated context, which mitigates cross-window side-channel attacks (Spectre) and unlocks high-resolution timers and SharedArrayBuffer. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy
crossOriginResourcePolicyHeaderSet a Cross-Origin-Resource-Policy header (same-origin, same-site or cross-origin) on the document response to limit who may embed it.
Cross-Origin-Resource-Policy (CORP) is a per-response opt-in that tells the browser which origins are allowed to embed the resource. It blocks cross-origin or cross-site no-cors embedding (img, script, iframe, etc.) and is one of the building blocks of cross-origin isolation. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy
permissionsPolicyHeaderSet a Permissions-Policy header to control which browser features the page can use.
The Permissions-Policy response header (the successor to Feature-Policy) lets a site explicitly opt in or out of powerful browser features such as camera, microphone, geolocation, payment and clipboard. Setting a strict policy reduces the attack surface and limits what embedded third parties can do. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
referrerPolicyHeaderSet a referrer-policy header to make sure you do not leak user information.
Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. https://scotthelme.co.uk/a-new-security-header-referrer-policy/.
xContentTypeOptionsHeaderSet X-Content-Type-Options: nosniff on the document response to prevent MIME-sniffing.
X-Content-Type-Options: nosniff prevents browsers from interpreting files as a different MIME type than what is declared in the Content-Type header. This blocks a class of cross-site scripting and content-type confusion attacks and should be set on every response. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
Data collected using
Coach-core version 9.2.1. With updated code from
Webappanalyzer 2026-05-04. Use
--browsertime.firefox.includeResponseBodies html or
--browsertime.chrome.includeResponseBodies html to help Wappalyzer find more information about technologies used.
0.0s1.3s1.5s1.7s1.9s2.1s2.3s2.5sWhen the page main content is rendered, collected via the Largest Contentful Paint API. Read more about Largest Contentful Paint.
body > div#app > div#app > div > main > p
The LCP element is highlighted in the screenshot. If nothing is highlighted the element was removed before the screenshot or the LCP API couldn't find it.
| Name | Duration | Description |
|---|---|---|
cache | 0 ms | pass |
host | 0 ms | cp3070 |
There are no custom configured scripts.
There are no custom extra metrics from scripting.
How the page is built.
| URL | Type | Transfer Size | Content Size |
|---|---|---|---|
| https://query.wikida...index.97f88779.js | javascript | 169.5 KB | 0 b |
| https://query.wikida...ndex.58783912.css | css | 24.0 KB | 0 b |
| https://query.wikidata.org/favicon.ico | favicon | 5.7 KB | 0 b |
| https://query.wikida...r/img/QB_Logo.svg | svg | 4.1 KB | 0 b |
| https://query.wikida...lder/i18n/en.json | json | 3.1 KB | 0 b |
| https://query.wikidata.org/querybuilder/ | html | 2.1 KB | 0 b |
| https://query.wikida...der/img/clear.svg | svg | 1.3 KB | 0 b |
| https://query.wikida...er/img/search.svg | svg | 1.2 KB | 0 b |
| https://query.wikida...der/img/close.svg | svg | 1.1 KB | 0 b |
| https://www.wikidata...org/beacon/statsv | plain | 915 B | 0 b |
| https://query.wikida...lder/i18n/en.json | json | 0 b | 0 b |
| Content | Header Size | Transfer Size | Content Size | Requests |
|---|---|---|---|---|
| html | 1.1 KB | 2.1 KB | 0 b | 1 |
| css | 1.1 KB | 24.0 KB | 0 b | 1 |
| javascript | 1.1 KB | 169.5 KB | 0 b | 1 |
| favicon | 953 B | 5.7 KB | 0 b | 1 |
| json | 968 B | 3.1 KB | 0 b | 2 |
| plain | 903 B | 915 B | 0 b | 1 |
| svg | 3.8 KB | 7.8 KB | 0 b | 4 |
| Total | 9.8 KB | 213.1 KB | 0 b | 11 |
| Domain | Total download time | Transfer Size | Content Size | Requests |
|---|---|---|---|---|
| query.wikidata.org | 1.848 s | 212.2 KB | 0 b | 10 |
| www.wikidata.org | 184 ms | 915 B | 0 b | 1 |
| type | min | median | max |
|---|---|---|---|
| Expires | 0 seconds | 1 hour | 1 hour |
| Last modified | 5 weeks | 45 weeks | 45 weeks |
