Page summary

The page has 6 images (out of 6) without a decoding hint. Add decoding="async" to non-critical images so the browser can decode them off the main thread.

Setting decoding="async" on an <img> tells the browser it can decode the image off the main thread, which keeps the page responsive to user interactions while images are being processed. The default ("auto") leaves the choice to the browser. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#decoding

Offenders

• https://en.wikipedia.org/static/images/donate/donate.gif
• https://auth.wikimedia.org/static/images/mobile/copyright/wikipedia-wordmark-en-25.svg
• https://auth.wikimedia.org/static/images/icons/enwiki-25.svg
• https://auth.wikimedia.org/static/images/mobile/copyright/wikipedia-wordmark-en-25.svg
• https://auth.wikimedia.org/static/images/footer/wikimedia.svg
• https://auth.wikimedia.org/enwiki/w/resources/assets/mediawiki_compact.svg

The page has 6 CPU long tasks with the total of 680 ms. The total blocking time is 340 ms and 1 long task before first contentful paint with total time of 90 ms. However the CPU Long Task is depending on the computer/phones actual CPU speed, so you should measure this on the same type of the device that your user is using. Use Geckoprofiler for Firefox or Chromes tracelog to debug your long tasks.

Long CPU tasks locks the thread. To the user this is commonly visible as a "locked up" page where the browser is unable to respond to user input; this is a major source of bad user experience on the web today. However the CPU Long Task is depending on the computer/phones actual CPU speed, so you should measure this on the same type of the device that your user is using. To debug you should use the Chrome timeline log and drag/drop it into devtools or use Firefox Geckoprofiler.

Offenders

• unknown
• unknown
• self
• self
• self
• self

The page ships 1 image (out of 1) in JPEG/PNG/GIF without a modern alternative. Wrap them in a <picture> with a <source type="image/avif"> or "image/webp" before the legacy <img>, or serve modern formats from your image pipeline directly. AVIF and WebP usually deliver 25–50% smaller files at the same quality.

AVIF and WebP routinely deliver 25–50% smaller files than JPEG and PNG at the same perceived quality, and every browser version still under support understands at least one of them. Ship modern formats either through a <picture> element with <source type="image/avif"> / "image/webp" entries in front of the legacy <img>, or directly from a content-negotiating image pipeline that returns AVIF / WebP when the client accepts it. https://web.dev/articles/serve-images-webp

Offenders

• https://en.wikipedia.org/static/images/donate/donate.gif

The main document gets redirected 3 time(s). Remove those redirect and make the page faster!

You should never ever redirect the main document, because it will make the page load slower for the user. Well, you should redirect the user if the user tries to use HTTP and there's an HTTPS version of the page. The coach checks for that. :)

Offenders

• https://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Main+Page
• https://auth.wikimedia.org/metawiki/wiki/Special:CentralAutoLogin/checkLoggedIn...gin/checkLoggedIn
• https://en.wikipedia.org/w/index.php...a.org/w/index.php

The total JavaScript transfer size is 302.3 kB and the uncompressed size is 1.3 MB. This is totally crazy! There is really room for improvement here.

A lot of JavaScript often means you are downloading more than you need. How complex is the page and what can the user do on the page? Do you use multiple JavaScript frameworks?

Offenders

First contentful paint can be improved (2.068 s). It is in the Google Web Vitals needs improvement range, slower than 1.8 seconds.

The First Contentful Paint (FCP) metric measures the time from when the page starts loading to when any part of the page content is rendered on the screen. For this metric, "content" refers to text, images (including background images), <svg> elements, or non-white <canvas> elements.

The page has 5 requests that are missing a cache time. Configure a cache time so the browser doesn't need to download them every time. It will save 21 kB the next access.

The easiest way to make your page fast is to avoid doing requests to the server. Setting a cache header on your server response will tell the browser that it doesn't need to download the asset again during the configured cache time! Always try to set a cache time if the content doesn't change for every request.

Offenders

• https://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Main+Page
• https://auth.wikimedia.org/metawiki/wiki/Special:CentralAutoLogin/checkLoggedIn...gin/checkLoggedIn
• https://en.wikipedia.org/w/index.php...a.org/w/index.php
• https://auth.wikimedia.org/enwiki/w/api.php?action=webapp-manifest
• https://auth.wikimedia.org/enwiki/w/api.php?action=webapp-manifest

The page has 5 requests with private headers. The main page has a private header. It could be right in some cases where the user can be logged in and served specific content. But if your asset is static it should never be private. Make sure that the assets really should be private and only used by one user. Otherwise, make it cacheable for everyone.

If you set private headers on content, that means that the content are specific for that user. Static content should be able to be cached and used by everyone. Avoid setting the cache header to private.

Offenders

• https://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Main+Page
• https://en.wikipedia.org/w/index.php...a.org/w/index.php
• https://auth.wikimedia.org/enwiki/wiki/Special:UserLogin...Special:UserLogin
• https://auth.wikimedia.org/enwiki/w/api.php?action=webapp-manifest
• https://auth.wikimedia.org/enwiki/w/api.php?action=webapp-manifest

The page has 2 images that are scaled more than 100 pixels. It would be better if those images are sent so the browser don't need to scale them.

It's easy to scale images in the browser and make sure they look good in different devices, however that is bad for performance! Scaling images in the browser takes extra CPU time and will hurt performance on mobile. And the user will download extra kilobytes (sometimes megabytes) of data that could be avoided. Don't do that, make sure you create multiple version of the same image server-side and serve the appropriate one.

Offenders

• https://auth.wikimedia.org/static/images/mobile/copyright/wikipedia-wordmark-en-25.svg
• https://auth.wikimedia.org/static/images/mobile/copyright/wikipedia-wordmark-en-25.svg

The page has 2 redirects. 1 of the redirects are from the base domain, please fix them! 1 request are from other domains, it could be 3rd-party assets doing unnecessary redirects. :(

A redirect is one extra step for the user to download the asset. Avoid that if you want to be fast. Redirects are even more of a showstopper on mobile.

Offenders

• https://auth.wikimedia.org/metawiki/wiki/Special:CentralAutoLogin/checkLoggedIn...gin/checkLoggedIn
• https://en.wikipedia.org/w/index.php...a.org/w/index.php

The page has 11 requests that have a shorter cache time than one year (but still a cache time).

Setting a cache header is good. Setting a long cache header (a year) is even better because the asset will stay in the browser cache across visits. For content-hashed URLs (e.g. app.4af2.css) you can safely use Cache-Control: max-age=31536000, immutable. For unversioned URLs that may change, use a revalidating strategy instead.

Offenders

• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php

The page has 1 request inside of the head that can cause a SPOF (single point of failure). Load them asynchronously or move them outside of the document head.

A page can be stopped from loading in the browser if a single JavaScript, CSS, and in some cases a font, couldn't be fetched or is loading really slowly (the white screen of death). That is a scenario you really want to avoid. Never load 3rd-party components synchronously inside of the head tag.

Offenders

• https://en.wikipedia.org/w/load.php...ia.org/w/load.php

The page has 1 request that are served uncompressed. You could save a lot of bytes by sending them compressed instead.

In the early days of the Internet there were browsers that didn't support compressing (gzipping) text content. They do now. Make sure you compress HTML, JSON, JavaScript, CSS and SVG. It will save bytes for the user; making the page load faster and use less bandwith.

Offenders

https://en.wikipedia.org/w/load.php?lang=en&modules=mediawiki.codex.messagebox.styles%7Cmediawiki.hlist%7Cmediawiki.htmlform.codex.styles%7Cmediawiki.htmlform.styles%7Cmediawiki.special.userlogin.common.styles%7Cmediawiki.special.userlogin.login.styles%7Cmobile.init.styles%7Cmobile.special.styles%7Cskins.minerva.amc.styles%7Cskins.minerva.codex.styles%7Cskins.minerva.content.styles.images%7Cskins.minerva.icons%2Cstyles&only=styles&skin=minerva size is 32.7 kB (32684) and that is bigger than the limit of 25 kB. Try to keep each CSS response under 25 kB.

Render-blocking CSS holds up the first paint until it has fully downloaded, parsed and applied, so smaller CSS files mean a faster start. Split your CSS into a small critical bundle inlined or eagerly loaded, with the rest lazy-loaded.

Offenders

The page has both inline CSS and CSS requests even though it uses a HTTP/2-ish connection. If you have many users on slow connections, it can be better to only inline the CSS. Run your own tests and check the waterfall graph to see what happens.

In the early days of the Internet, inlining CSS was one of the ugliest things you can do. That has changed if you want your page to start rendering fast for your user. Always inline the critical CSS when you use HTTP/1 and HTTP/2 (avoid doing CSS requests that block rendering) and lazy load and cache the rest of the CSS. It is a little more complicated when using HTTP/2. Does your server support HTTP push? Then maybe that can help. Do you have a lot of users on a slow connection and are serving large chunks of HTML? Then it could be better to use the inline technique, becasue some servers always prioritize HTML content over CSS so the user needs to download the HTML first, before the CSS is downloaded.

The page has 1 blocking requests and 0 in body parser blocking (0 JavaScript and 1 CSS). There are 1 potentially render blocking requests. You need to verify if it is render blocking: https://en.wikipedia.org/w/load.php?lang=en&modules=startup&only=scripts&raw=1&safemode=1&skin=minerva

The critical rendering path is what the browser needs to do to start rendering the page. Every file requested inside of the head element will postpone the rendering of the page, because the browser need to do the request. Avoid loading JavaScript synchronously inside of the head (you should not need JavaScript to render the page), request files from the same domain as the main document (to avoid DNS lookups) and inline CSS for really fast rendering and a short rendering path.

The page is missing a meta description.

Use a page description to make the page more relevant to search engines.

The page do more requests to third party domains (14 requests and 349.3 kB) then first party (9 requests and 89.7 kB). The page transfer more bytes from third party domains (349.3 kB) then first party (89.7 kB). The regex .*wikimedia.* was used to calculate first/third party requests.

Do not load most of your content from third party URLs.

The page is using more than two request parameters. You should really rethink and try to minimize the number of parameters. The URL is 198 characters long. Try to make it less than 100 characters.

A clean URL is good for the user and for SEO. Make them human readable, avoid too long URLs, spaces in the URL, too many request parameters, and never ever have the session id in your URL.

There are 20 responses that sets both a max-age and expires header. There are 23 responses that sets a server header.

Do not send headers that you don't need. We look for p3p, cache-control and max-age, pragma, server and x-frame-options headers. Have a look at Andrew Betts - Headers for Hackers talk as a guide https://www.youtube.com/watch?v=k92ZbrY815c or read https://www.fastly.com/blog/headers-we-dont-want.

Offenders

• https://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Main+Page
• https://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Main+Page
• https://auth.wikimedia.org/metawiki/wiki/Special:CentralAutoLogin/checkLoggedIn...gin/checkLoggedIn
• https://en.wikipedia.org/w/index.php...a.org/w/index.php
• https://en.wikipedia.org/w/index.php...a.org/w/index.php
• https://auth.wikimedia.org/enwiki/wiki/Special:UserLogin...Special:UserLogin
• https://auth.wikimedia.org/enwiki/wiki/Special:UserLogin...Special:UserLogin
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://auth.wikimedia.org/static/images/icons/enwiki-25.svg
• https://auth.wikimedia.org/static/images/icons/enwiki-25.svg
• https://auth.wikimedia.org/static/images/mobile/copyright/wikipedia-wordmark-en-25.svg
• https://auth.wikimedia.org/static/images/mobile/copyright/wikipedia-wordmark-en-25.svg
• https://auth.wikimedia.org/enwiki/w/api.php?action=webapp-manifest
• https://auth.wikimedia.org/enwiki/w/api.php?action=webapp-manifest
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/resources/src/mediawiki.special.userlogin.login.style...-people-large.png
• https://auth.wikimedia.org/static/images/footer/wikimedia.svg
• https://auth.wikimedia.org/static/images/footer/wikimedia.svg
• https://auth.wikimedia.org/enwiki/w/resources/assets/mediawiki_compact.svg
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://auth.wikimedia.org/enwiki/w/api.php?action=webapp-manifest
• https://auth.wikimedia.org/enwiki/w/api.php?action=webapp-manifest
• https://auth.wikimedia.org/static/favicon/wikipedia.ico
• https://auth.wikimedia.org/static/favicon/wikipedia.ico

https://auth.wikimed...Special:UserLogin has a header set-cookie that is 616 characters long. https://auth.wikimed.../enwiki/w/api.php has a header content-security-policy that is 4600 characters long. https://en.wikipedia...ia.org/w/load.php has a header sourcemap that is 1201 characters long. https://auth.wikimed.../enwiki/w/api.php has a header content-security-policy that is 4600 characters long.

Do not send response headers that are too long.

Offenders

• https://auth.wikimedia.org/enwiki/wiki/Special:UserLogin...Special:UserLogin
• https://auth.wikimedia.org/enwiki/w/api.php?action=webapp-manifest
• https://en.wikipedia.org/w/load.php...ia.org/w/load.php
• https://auth.wikimedia.org/enwiki/w/api.php?action=webapp-manifest

Set a Content-Security-Policy header to mitigate cross-site scripting attacks. You can start with a Content-Security-Policy-Report-Only header, which only reports violations rather than blocking them.

A Content-Security-Policy response header tells the browser which sources of script, style, and other content are allowed. The most effective form is a strict CSP using nonces or hashes together with strict-dynamic; the worst is a missing header, with unsafe-inline and unsafe-eval close behind. https://web.dev/articles/strict-csp

Offenders

• https://auth.wikimedia.org/enwiki/wiki/Special:UserLogin...Special:UserLogin

Set a Cross-Origin-Embedder-Policy header (typically require-corp or credentialless) on the document response to control cross-origin embedding.

Cross-Origin-Embedder-Policy (COEP) makes the page refuse to load cross-origin subresources unless they explicitly opt in via CORP or CORS. Together with Cross-Origin-Opener-Policy it puts the page in a cross-origin isolated context, which mitigates cross-window side-channel attacks (Spectre) and unlocks high-resolution timers and SharedArrayBuffer. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy

Offenders

• https://auth.wikimedia.org/enwiki/wiki/Special:UserLogin...Special:UserLogin

Set a Cross-Origin-Opener-Policy header (typically same-origin) on the document response to isolate the page from cross-origin windows.

Cross-Origin-Opener-Policy (COOP) lets a page sever its window-group ties to cross-origin documents that opened it or that it opens. Together with Cross-Origin-Embedder-Policy it puts the page in a cross-origin isolated context, which mitigates cross-window side-channel attacks (Spectre) and unlocks high-resolution timers and SharedArrayBuffer. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy

Offenders

• https://auth.wikimedia.org/enwiki/wiki/Special:UserLogin...Special:UserLogin

Set a Cross-Origin-Resource-Policy header (same-origin, same-site or cross-origin) on the document response to limit who may embed it.

Cross-Origin-Resource-Policy (CORP) is a per-response opt-in that tells the browser which origins are allowed to embed the resource. It blocks cross-origin or cross-site no-cors embedding (img, script, iframe, etc.) and is one of the building blocks of cross-origin isolation. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy

Offenders

• https://auth.wikimedia.org/enwiki/wiki/Special:UserLogin...Special:UserLogin

Set a Permissions-Policy header to control which browser features the page can use.

The Permissions-Policy response header (the successor to Feature-Policy) lets a site explicitly opt in or out of powerful browser features such as camera, microphone, geolocation, payment and clipboard. Setting a strict policy reduces the attack surface and limits what embedded third parties can do. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy

Offenders

• https://auth.wikimedia.org/enwiki/wiki/Special:UserLogin...Special:UserLogin

Set a referrer-policy header to make sure you do not leak user information.

Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. https://scotthelme.co.uk/a-new-security-header-referrer-policy/.

Offenders

• https://auth.wikimedia.org/enwiki/wiki/Special:UserLogin...Special:UserLogin

The page sets 13 third party cookies.

Third party cookies are used to track the user. They are automatically blocked in Safari and Firefox.

Offenders

• .wikipedia.org
• .wikipedia.org
• .wikipedia.org
• .wikipedia.org
• .wikipedia.org
• .wikipedia.org
• .wikipedia.org
• .wikipedia.org
• .wikipedia.org
• .wikipedia.org
• .wikipedia.org
• .wikipedia.org
• .wikipedia.org