How does Wattspeed work?

Wattspeed helps you monitor and improve web pages in‌ ‌order‌ ‌to‌ ‌give‌ ‌your‌ site‌ ‌a‌ ‌speed‌ ‌bump.

Add a webpage illustration

Add a webpage

Choose what device type you want the page to monitor for: mobile, desktop, or both.

Inspect a snapshot illustration

Inspect a snapshot

Check out your website speed, HTML validation, or technologies, then get improvement tips.

Compare results illustration

Compare results

Run a new snapshot each time you improve a section and then compare the snapshot results.

Wattspeed workflow

Choose what pages you want to monitor using Wattspeed, along with a device type for each: mobile, desktop, or both. You can use analytics tools or Google Search Console to identify the most important pages of your website, those that drive most traffic or those that have big potential, e.g. high Impressions but low CTR.

After adding a web page to Wattspeed, you'll be able to inspect the initially generated snapshot. Once you dive into it, you may identify a potential issue or improvement that needs to be addressed.

Having more than two Wattspeed snapshots for a page enables you to compare Lighthouse scores, page source findings or spot screenshot differences.

What is a Wattspeed snapshot?

  • Performance, accessibility, progressive web apps and SEO insights from Lighthouse, plus real-world data from Chrome UX Report (CrUX).

  • Real-time Core Web Vitals monitoring with fine-grained insights about metrics and visits.

  • Page source visualization, code differences, and content grammar check with keyword extraction.

  • Simple hourly uptime monitoring with response time and HTTP status code.

  • W3C HTML validator that helps you catch unintended mistakes you might have otherwise missed.

  • DOM size, mixed content information and full web page screenshot you can later spot differences for.

  • Security headers and SSL checker to ensure that your server is protected against common threats.

Wattspeed snapshot

What is Lighthouse?

Lighthouse by Google is an open-source, automated tool for improving the quality of web pages. You can run it against any web page, public or requiring authentication. It has audits for performance, accessibility, progressive web apps, SEO and more.

  • Why am I getting different Performance score each time I run a snapshot?

    A multitude of factors contribute to the performance of webpages, therefore, due to variability in web and network technologies, Lighthouse variability is inevitable.

    Most of the time, the Performance score is the most susceptible to variation since it's calculated based on metrics related to server times and how fast the resources are fetched, parsed, and executed.

  • Why am I getting varying Performance scores from different tools in the wild?

    Each tool that offers Lighthouse insights runs on different infrastructure and with varying throttling settings. Therefore it's important to understand that it's impossible to expect the same results.

    Compared to some other tools in the wild, which either don't provide the throttling settings or merely don't show any desktop scores at all, Wattspeed's settings are based on the default Lighthouse Network throttling settings.

    The Lighthouse tests by Wattspeed are running on Amazon Web Services (AWS) and are using the 🇺🇸 South Carolina location.


Home

The home page is the place where you will see all your tracked domains, along with some insights that will provide a larger view of how those are performing. From the first sight, you will see which domain needs to be improved.

Wattspeed home

Overview

Meant to help you identify the URLs that need improvement, the Overview section will provide an in depth analysis for the chosen domain.

  • Average performance: The performance history for all domain's webpages, also spited by device.
  • URLs performance: Shows the percent of traced URLs grouped by performance.
  • Locations: The locations from where your URLs are being analyzed.
  • Uptime: The uptime history for domain's URLs.
  • Monitored URLs: The domain specific URLs that you are monitoring will appear in this section. The ability to filter by device, url performance or location will provide an easy to use, yet performant way to analyze your domain.
Wattspeed home

How to run more snapshots

When you add a webpage you want to monitor, Wattspeed automatically runs an initial snapshot for you. Here's how to run more snapshots so you can compare results in time:

  • Run a snapshot using a URL

    Using the settings' API endpoint for a webpage, you can make a GET request, so each time you deploy a website, Wattspeed will run a new snapshot automatically.

  • Scheduled snapshot

    Within the same settings section, you can choose the frequency Wattspeed scheduler should run new snapshots with for your webpage. The default is weekly, meaning one snapshot per week.

  • Manual snapshot

    Besides the methods above, you can always run a quick snapshot. This may be useful when you need to check out some recent improvements immediately.


Continuous integration (CI)

In some cases, you will want to monitor the metrics of a webpage after a change has been made and deployed. Here's how to integrate Wattspeed with your preferred Continuous integration (CI) service:

GitHub logo

GitHub Action

The Wattspeed's GitHub Action lets you run a snapshot as a step of your workflow.

GitLab logo

GitLab CI/CD

In .gitlab-ci.yml, add a new item inside the script section. Using for example curl, you will need to make a GET request to the endpoint that you will find in each Wattspeed URL's settings. Make sure you add it at the end, so it can run right after your new webpage version is online. 

before_script:
- apt-get update -qy
- apt-get install -y curl
script:
- curl https://api.wattspeed.com/update?token=xxxxx
Jenkins logo

Jenkins Plugin

You can use the Wattspeed Jenkins Plugin to trigger a snapshot as a build step of your Jenkins project.


Security

This section helps you identify potential security improvements, not only to keep attackers away but also to provide Google with one more reason to rank your website higher. SEJ references a study on web security performed by GoDaddy according to which 73.9% of hacking events were for SEO purposes. Such attacks are spam based and aim to modify the content of websites by adding links to malicious sites. It was noted that 1 out of 10 infected sites were found on Google's blocklist. Even if your site is not successfully hacked, the constant attacks from site hackers can prevent GoogleBot from adequately accessing your site. This causes your web server to slow down (throttle) your web traffic and even to stop showing web pages to Google.

Grading

Our security scan evaluates security headers and the SSL certificate chain, scoring them according to the criteria listed below. The scoring methodology was adopted from Scott Helm's Headers Test and Ivan Ristić's scoring formula for SSL Test .

Response Headers

Security scans for a list of 6 response headers and it checks whether a certain header was sent by the server. Points are rewarded based on severity for the headers which are set, except for the Strict-Transport-Security header which is excluded over an HTTP connection.

How do we score a website's security headers?

The highest grade you can get is an A+ and the lowest is an F.
The grades are composed based on the following score:

  • A+ for a score equal to or higher than 100
  • A for a score equal to or higher than 75
  • B for a score equal to or higher than 60
  • C for a score equal to or higher than 50
  • D for a score equal to or higher than 20
  • E for a score equal to or higher than 10
  • F for a score equal to or higher than 0

Security headers are scored as follows:

  • Strict-Transport-Security adds 25 points
  • Content-Security-Policy adds 25 points
  • X-Frame-Options adds 20 points
  • X-Content-Type-Options adds 10 points
  • Referrer-Policy adds 10 points
  • Permissions-Policy adds 10 points

SSL

Testing SSL involves a series of checks where the main targeted aspects are the certificate chain and server configuration (protocols & ciphers).

How do we score a website's SSL scan?

The standard grading is from A+ to F, however there is an additional grade (T) when a certificate is not trusted. Certificates act as a proof of identity for a server and are used to confirm whether or not communication endpoints are really who they say they are. Failing to do so can render the whole security of the connection vulnerable (man-in-the-middle attack), regardless of having a good server configuration or not.

Grades are awarded as follows:

  • A+ for a score equal to or higher than 95
  • A for a score equal to or higher than 80
  • B for a score equal to or higher than 65
  • C for a score equal to or higher than 50
  • D for a score equal to or higher than 35
  • E for a score equal to or higher than 20
  • F for a score equal to or higher than 0

An incorrect certificate having any of the following issues will bring the total score to 0:

  • Certificate not yet valid
  • Certificate expired
  • Hostname mismatch
  • Use of a certificate that is not trusted (unknown CA or some other validation error)
  • Use of a self-signed certificate
  • Insecure key
  • Insecure certificate signature (MD2 or MD5)

Protocols are scored based on the versions of TLS that are supported by the server. Since there can be multiple protocols supported, the score is determined by the average between the best and the worst.

Protocol support rating:

  • TLS 1.3 has a rating of 100
  • TLS 1.2 has a rating of 100
  • TLS 1.1 has a rating of 40
  • TLS 1.0 has a rating of 40

Ciphers are scored based on the strength against an attacker's effort to break the symmetric key of the cipher suites in all protocols. Since there can be multiple ciphers for each protocol, the score is determined by the average between the best and the worst.

Ciphers strength rating:

  • STRONG has a rating of 100
  • SECURE has a rating of 100
  • WEAK has a rating of 80
  • INSECURE has a rating of 0

Score changes:

  • the server is using an invalid certificate — score changed to T
  • the server uses insecure ciphers — score changed to F
  • the server does not support TLS 1.3 or TLS 1.2 — score capped at C
  • the server supports TLS 1.1 or TLS 1.0 — score capped at B

Alerts

You can create email and Slack alerts to monitor metric and score changes in Wattspeed.

Whenever a score, for one of your webpages, is lower than a value you previously set, you will receive an email or a Slack message with this information.

Wattspeed alerts


Wattspeed browser extensions

If you're looking to check out Lighthouse scores and other performance metrics while you're browsing the web, you should check out the following Wattspeed extensions: