About Website Speed Test

Performs a real server-side HTTP request to measure website performance with socket-level precision. Breaks response time into DNS resolution, TCP connection, TLS handshake, server processing (TTFB), and content download. Audits 6 security headers and grades the site on both performance and security. Unlike browser-based tests, this has full access to response headers — no CORS limitations.

  • Server-side request with process.hrtime timing at each socket phase
  • Timing waterfall: DNS → TCP → TLS → TTFB → Download with stacked visualization
  • Redirect chain tracing with per-hop status codes and timing
  • Security header audit: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
  • Combined grade (A–F): 60% performance score + 40% security score
  • SSRF protection blocks private/internal IP addresses
  • Actionable recommendations for CDN, compression, caching, and missing security headers

Frequently Asked Questions

What is TTFB and why does it matter?
Time to First Byte (TTFB) is the server processing time — the gap between establishing the connection and receiving the first byte of the response. It excludes DNS, TCP, and TLS time. Google considers total TTFB (including connection setup) under 800ms as good.
Why is there a security score?
Security headers like HSTS, CSP, and X-Content-Type-Options protect users from common attacks (XSS, clickjacking, MIME sniffing). Sites missing these headers score lower because they leave users less protected.
Where does the test run from?
Tests run from the Azure data center hosting this site, not from your browser. This means timing reflects server-to-server latency from that region, and full response headers are available without CORS restrictions.

More Networking & IT Tools

All Networking & IT tools