I'm getting a lot of 'F' scores now that Webpagetest.org has updated. Is important or not?
I'm getting a lot of 'F' scores on Webpagetest.org, important or not?
I've noticed that Webpagetest.org is now measuring security score and using it as one of its metrics. And I'm noticing that the test result always seems to be bright RED.
To make sure, I checked several websites, including yours, and the result is consistently a large F in red. The problem is, it doesn't look nice to my customers, especially when all the other results appear in green.
We share your frustration about that test being added to a speed measurement tool. And we've been down a similar path on a couple sites where we "fixed" the security issues, which then broke the site's eCommerce systems.
Our advice is to take your time. Tell your clients 'you're working on that but you have to be careful with making changes because the changes might break something else on the site.'
For example, take WordPress. Best we can tell, it's using version 1.12.4 of jquery, which will score an F on this test, and the latest version of jquery is 3.4.0.
This is one of the files distributed with WordPress. That means that if you manually update the file to improve your score, the next WordPress update will wipe out the file and revert it back to whatever version WordPress is using.
However, you can do some things, like enable HSTS – the control panel on your host may give you that option. Or you could manually add it using htaccess if you're on Apache.
In our case, fixing Content Security Policy (CSP) consistently broke the sites we are working with. So, if you're going to work on fixing that then address just one issue at a time and then fully test to make sure you haven't broken anything.
In regard to the WordPress default libraries such as jquery, we're hoping they'll soon start using a newer version and solve the problem. Until that happens, we don't have any good solutions. S...