Website Benchmarks: 4 Free Tools

4 min

We’ll tell you about utilities that will help you evaluate the site’s performance and increase its security. The list includes both new tools – for example, Fast or Slow from the authors of the Wordfence plugin for WordPress, as well as time-tested systems like the Mozilla Observatory.

More benchmarks, including for Linux servers.

Photo – Matthew brodeur – Unsplash

Mozilla observatory

Helps web developers, system administrators and information security experts to set up sites. Tool has developed Security Engineer April King to test Mozilla domain security. Later, the functionality of the “Observatory” was expanded and opened access to it for all comers – the source code is laid out on github.

Mozilla Observatory Evaluates Network Security and Mechanisms CORS, HPKP, Hsts and others. Some of them are widespread, but some (for example, Content Security Policyprotecting against cross site scripting) uses less than one percent Internet resources. Observatory reports are supplemented by tips to improve security and links to useful materials.

Screenshot: test results for

Note that the Mozilla system doesn’t check site code for vulnerabilities. However, there are other free tools for these purposes – for example, Sucuri.

Security headers

Tool developed Scott Helme, British Information Security Advisor. It checks for security headers on the site. Among them are Content Security Policy, X-Frame-Options, Feature Policy and several others. The idea for the project came about when Scott set up CSP and HSTS on his own site. At the same time, the author wanted to make not just a benchmark, but a whole rating system.

Screenshot: site performance rating

All information on Security Headers is licensed. CC BY-SA 4.0. The resource is written in PHP and deployed on the virtual machines of a large cloud provider. But it uses the CodeIgniter MVC framework, which is considered obsolete today (Habr residents pointed out this in the comments) and practically has no advantages over other frameworks (like Laravel)

Fast or slow

The tool was introduced by a team of engineers from Wordfence. They are developing a WordPress plugin of the same name with a virus and malware scanner. Originally Fast or Slow intended for internal use (according to the authors, they were not able to find a third-party tool that would satisfy their tasks). But later they decided to make the service free and open access to it for everyone.

Fast or Slow simulates the operation of a browser and evaluates the quality of connection to a site from 12 regions – including from the USA, France, India, even Bahrain and South Africa. The tool shows the time to receive the first byte (Time To First Byte, TTFB), the time of reception and transmission (RTT) Among the metrics, the first significant mapping (First meaningful paint) – for how long the content on the page becomes visible to the user. Overall system uses Lighthouse audits running in containers, as well as several custom tests.

Screenshot: site performance rating

The tool is relatively young and began to gain popularity a few months ago. Hacker News even appeared thematic thread. Novelty imposes your fingerprint – for example, the system does not yet know how to cache test results. When re-checking, all benchmarks are restarted.

The process itself takes a long time, especially if a queue has formed. But the developers promise to fix these shortcomings. Now Fast or Slow is built on bare metal – servers are located in large data centers around the world. But soon the infrastructure migrate to the cloud of one of the largest Western IaaS providers to make it more scalable and flexible.


The project was presented by engineers from Theodo, a mobile app developer. Falco automates WebPageTest tests to evaluate site speed. The tool is open source with Github.

Screenshot: demo page

Falco is a self-hosted tool and needs to be deployed on a local server or in the cloud. He can catch regressions and evaluate the performance of individual URLs. Demo can be viewed link. For authorization you need to enter a username and password demo / demodemo.

Posts from the blog

Background: what is Continuous Delivery
Background: How the Continuous Integration Process Works
Potential attacks on HTTPS and how to defend against them
How to automate IT infrastructure management – discuss three trends


Leave a Reply