Skip to content

Latest commit

 

History

History
96 lines (81 loc) · 3.42 KB

readme.MD

File metadata and controls

96 lines (81 loc) · 3.42 KB

Profiler

  1. Checks site features via header and body heuristics
  2. Checks Security using SSL Labs API
  3. Checks performance using Browsertime
  4. Writes results to Google Docs (setup required)
  5. Added independent script (fancycert.php) to analyze TLS certs for EV, wildcard or SAN status.

Fancy Cert checking

  1. Make sure you have openssl > 1.0 installed.
  2. Add domains or IPs with TLS certs to be tested to list.txt. One host per line, please.
  3. Execute fancycert.php
php fancycert.php

Installation

  1. Install PHP (I use homebrew and 5.6, anything should work)
  2. Install Composer
  3. Install Node.js
  4. Install Browsertime
npm install -g browsertime
  1. Clone this repo.
  2. Install Dependencies (Google Docs Client)
composer install
  1. Get the google credentials file from a yet to be determined source.
  2. Run the script.
php cli.php https://samplesite.com

Feature Checks

Feature checks may be added to the JSON files.

Header Checks

The JSON format for header checks is as follows:

  "Drupal": {
    "x-generator": "Drupal",
    "x-drupal-cache": ""
  }
  • If you only need to check for the existence of the header key then leave the value blank
  • If you need to check both header and value, the script will check for the the entire header value for the regex (without leading and trailing slashes) that you put in the value

Body Checks

  "Google Tag Manager": [
    "googletagmanager.com",
    "googletagservices.com"
  ]

The script will check for the string(s) in the entire HTML body. Try to be as explicit as possible

Security Checks

SSL Labs PHP library via Björn Roland

Scores

The letter grade that is assigned by SSL Labs is a pretty involved formula

tl;dr

  • If your site is susceptible to any known HTTPS attacks, weak ciphers or vulnerabilities, it is capped at a B but most likely will score lower.
  • An A+ is achievable on Pantheon using our free HTTPS service AND setting up HSTS.
  • An A is the default score for Pantheon sites using the free HTTPS service.

Performance Check

Performance Checks are done using browsertime. This must be installed locally using npm.

npm install -g browsertime

Backend Time

The time it takes the server to get the first byte back to the browser

First Paint Time

The time it takes for the user sees something happening in the browser

DOM Content Loaded Time

The time it takes for the entire page (HTML, CSS, JS) to be completely loaded in the browser.

Page Load Time

The time it takes for the page to be completely rendered in the browser.

RUM Speed Index

Here's a very long deck that explains Real User Monitoring (RUM) Speed Index

tl;dr

We use a real browser to calculate your speed index. It's based on what your browser times the page as visually complete as. Scores under 3000 are good.

TODO

  1. Stop using separate JSON files
  2. So much error checking
  3. Webify
  4. Figure out how to multithread browsertime without it nerfing