connorjclark
commented
3 years ago Thank you for filing this! I've raised this issue with the right people internally.
Open SoftCreatR opened 3 years ago
connorjclark
commented
3 years ago Thank you for filing this! I've raised this issue with the right people internally.
connorjclark
commented
3 years ago This seems to be a problem if the target page doesn't return a 200 response code.
I tried other pages that redirect: https://paulirish.com -> https://www.paulirish.com ; that redirects as expected, although the first request is done over http/1.1 in PSI (even tho it says h2 in devtools network panel...), the rest are h2. I suspect this is another bug.
For your url, it seems our system is getting into an infinite redirect loop (altho Chrome itself has no problem...)
output of curl command you gave:
HTTP/2 302
date: Fri, 05 Mar 2021 23:25:15 GMT
content-type: text/html; charset=UTF-8
location: https://www.softcreatr.com/
set-cookie: wsc_a05070_cookieHash=db3459a9a91968fc6f18d88a0993af342af3eff2; path=/; domain=.softcreatr.com; secure; HttpOnly; SameSite=Lax
server: softcreatr-media
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
expect-ct: max-age=604800
content-security-policy: default-src 'none'; base-uri 'self'; script-src 'self' softcreatr.com *.softcreatr.com https://js.stripe.com https://feedback.shopvote.de https://platform.twitter.com https://static-eu.payments-amazon.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' data: https: 'unsafe-inline'; style-src 'self' softcreatr.com *.softcreatr.com https://feedback.shopvote.de https://cdnjs.cloudflare.com 'unsafe-inline'; frame-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev https://js.stripe.com https://player.twitch.tv https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com https://platform.twitter.com https://static-eu.payments-amazon.com https://payments.amazon.de; connect-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev https://feedback.shopvote.de https://payments-de.amazon.com https://payments.amazon.de; frame-ancestors 'self' softcreatr.com *.softcreatr.com *.1-2.dev; form-action 'self' softcreatr.com *.softcreatr.com *.1-2.dev https://www.paypal.com/cgi-bin/webscr https://payments.amazon.de https://www.sofortueberweisung.de https://www.sofort.com data:; font-src 'self' softcreatr.com *.softcreatr.com https://cdnjs.cloudflare.com; manifest-src 'self' softcreatr.com *.softcreatr.com; worker-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev blob:; object-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev blob:; media-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev blob:;
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-staple: max-age=31536000; includeSubDomains; preload
x-tls-cipher: ECDHE-RSA-CHACHA20-POLY1305
x-tls-protocol: TLSv1.2
x-tls-sni-host: www.softcreatr.com
host: www.softcreatr.com
HTTP/2 302
date: Fri, 05 Mar 2021 23:25:15 GMT
content-type: text/html; charset=UTF-8
location: https://www.softcreatr.com/login/?url=https%3A%2F%2Fwww.softcreatr.com%2F
link: <https://www.softcreatr.com/font/getFont.php?family=&filename=fontawesome-webfont.woff2&v=4.7.0>; rel=preload; as=font; crossorigin=anonymous,<https://www.softcreatr.com/font/getFont.php?font=sc-brands&type=woff2&v=1.1>; rel=preload; as=font; crossorigin=anonymous
set-cookie: wsc_a05070_h2pushes=%5B%22https%3A%5C%2F%5C%2Fwww.softcreatr.com%5C%2Ffont%5C%2FgetFont.php%3Ffamily%3D%26filename%3Dfontawesome-webfont.woff2%26v%3D4.7.0%22%2C%22https%3A%5C%2F%5C%2Fwww.softcreatr.com%5C%2Ffont%5C%2FgetFont.php%3Ffont%3Dsc-brands%26type%3Dwoff2%26v%3D1.1%22%5D; path=/; domain=.softcreatr.com; secure; HttpOnly; SameSite=Lax
server: softcreatr-media
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
expect-ct: max-age=604800
content-security-policy: default-src 'none'; base-uri 'self'; script-src 'self' softcreatr.com *.softcreatr.com https://js.stripe.com https://feedback.shopvote.de https://platform.twitter.com https://static-eu.payments-amazon.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' data: https: 'unsafe-inline'; style-src 'self' softcreatr.com *.softcreatr.com https://feedback.shopvote.de https://cdnjs.cloudflare.com 'unsafe-inline'; frame-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev https://js.stripe.com https://player.twitch.tv https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com https://platform.twitter.com https://static-eu.payments-amazon.com https://payments.amazon.de; connect-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev https://feedback.shopvote.de https://payments-de.amazon.com https://payments.amazon.de; frame-ancestors 'self' softcreatr.com *.softcreatr.com *.1-2.dev; form-action 'self' softcreatr.com *.softcreatr.com *.1-2.dev https://www.paypal.com/cgi-bin/webscr https://payments.amazon.de https://www.sofortueberweisung.de https://www.sofort.com data:; font-src 'self' softcreatr.com *.softcreatr.com https://cdnjs.cloudflare.com; manifest-src 'self' softcreatr.com *.softcreatr.com; worker-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev blob:; object-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev blob:; media-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev blob:;
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-staple: max-age=31536000; includeSubDomains; preload
x-tls-cipher: ECDHE-RSA-CHACHA20-POLY1305
x-tls-protocol: TLSv1.2
x-tls-sni-host: www.softcreatr.com
host: www.softcreatr.com
HTTP/2 200
date: Fri, 05 Mar 2021 23:25:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 05 Mar 2021 23:25:15 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
x-ua-compatible: IE=edge
x-frame-options: SAMEORIGIN
server: softcreatr-media
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
expect-ct: max-age=604800
content-security-policy: default-src 'none'; base-uri 'self'; script-src 'self' softcreatr.com *.softcreatr.com https://js.stripe.com https://feedback.shopvote.de https://platform.twitter.com https://static-eu.payments-amazon.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' data: https: 'unsafe-inline'; style-src 'self' softcreatr.com *.softcreatr.com https://feedback.shopvote.de https://cdnjs.cloudflare.com 'unsafe-inline'; frame-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev https://js.stripe.com https://player.twitch.tv https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com https://embed.spotify.com https://open.spotify.com https://platform.twitter.com https://static-eu.payments-amazon.com https://payments.amazon.de; connect-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev https://feedback.shopvote.de https://payments-de.amazon.com https://payments.amazon.de; frame-ancestors 'self' softcreatr.com *.softcreatr.com *.1-2.dev; form-action 'self' softcreatr.com *.softcreatr.com *.1-2.dev https://www.paypal.com/cgi-bin/webscr https://payments.amazon.de https://www.sofortueberweisung.de https://www.sofort.com data:; font-src 'self' softcreatr.com *.softcreatr.com https://cdnjs.cloudflare.com; manifest-src 'self' softcreatr.com *.softcreatr.com; worker-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev blob:; object-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev blob:; media-src 'self' softcreatr.com *.softcreatr.com *.1-2.dev blob:;
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-staple: max-age=31536000; includeSubDomains; preload
x-tls-cipher: ECDHE-RSA-CHACHA20-POLY1305
x-tls-protocol: TLSv1.2
x-tls-sni-host: www.softcreatr.com
host: www.softcreatr.comIt seems the first request does https://www.softcreatr.com -> https://www.softcreatr.com/, then the second does https://www.softcreatr.com/ -> https://www.softcreatr.com/login/?url=https%3A%2F%2Fwww.softcreatr.com%2F . so.... That seems fine. Seems like our bug for sure.
connorjclark
commented
3 years ago More on the initial request not being h2 when redirected...
Here is the part of the devtools log I get from https://paulirish.com on LR/PSI . It redirects to https://www.paulirish.com
{
"method": "Network.requestWillBeSent",
"params": {
"requestId": "D3EE1699B7C6CCB9A2E3751CC66DA572",
"loaderId": "D3EE1699B7C6CCB9A2E3751CC66DA572",
"documentURL": "https://paulirish.com/",
"request": {
"url": "https://paulirish.com/",
"method": "GET",
"headers": {
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Linux; Android 7.0; Moto G (4)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4143.7 Mobile Safari/537.36 Chrome-Lighthouse",
"Accept-Language": "en-US"
},
"mixedContentType": "none",
"initialPriority": "VeryHigh",
"referrerPolicy": "no-referrer-when-downgrade"
},
"timestamp": 683681.556119,
"wallTime": 1614986232.949958,
"initiator": {
"type": "other"
},
"type": "Document",
"frameId": "0AF140F9EB36604229CEAA1D610DA467",
"hasUserGesture": false
}
},
{
"method": "Network.requestWillBeSent",
"params": {
"requestId": "D3EE1699B7C6CCB9A2E3751CC66DA572",
"loaderId": "D3EE1699B7C6CCB9A2E3751CC66DA572",
"documentURL": "https://www.paulirish.com/",
"request": {
"url": "https://www.paulirish.com/",
"method": "GET",
"headers": {
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Linux; Android 7.0; Moto G (4)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4143.7 Mobile Safari/537.36 Chrome-Lighthouse",
"Accept-Language": "en-US"
},
"mixedContentType": "none",
"initialPriority": "VeryHigh",
"referrerPolicy": "no-referrer-when-downgrade"
},
"timestamp": 683681.649908,
"wallTime": 1614986233.044964,
"initiator": {
"type": "other"
},
"redirectResponse": {
"url": "https://paulirish.com/",
"status": 301,
"statusText": "Moved Permanently",
"headers": {
"date": "Fri, 05 Mar 2021 23:17:13 GMT",
"cache-control": "max-age=3600",
"expires": "Sat, 06 Mar 2021 00:17:13 GMT",
"location": "https://www.paulirish.com/",
"cf-request-id": "08a6475cc30000303f2c14d000000001",
"expect-ct": "max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"",
"report-to": "{\"group\":\"cf-nel\",\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report?s=xfH9YOwvp19x%2FwY3oCpMAHYv5Pev%2B9xSaiXXNJL3231%2BexwJXbtU9K9Onbwz0XHogQnICUhzuDNswluW2ulxmdWTeT7Lxw7%2FZXz4S5m%2F\"}],\"max_age\":604800}",
"nel": "{\"report_to\":\"cf-nel\",\"max_age\":604800}",
"vary": "Accept-Encoding",
"server": "cloudflare",
"cf-ray": "62b70e746e00303f-ORD",
"X-TotalFetchedSize": "654",
"X-ProtocolIsH2": "true",
"X-TotalMs": "51",
"X-TCPMs": "30",
"X-RequestMs": "19",
"X-ResponseMs": "2"
},
"mimeType": "",
"connectionReused": false,
"connectionId": 0,
"remoteIPAddress": "",
"remotePort": 0,
"fromDiskCache": false,
"fromServiceWorker": false,
"fromPrefetchCache": false,
"encodedDataLength": 747,
"timing": {
"requestTime": 683681.556978,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": -1,
"dnsEnd": -1,
"connectStart": -1,
"connectEnd": -1,
"sslStart": -1,
"sslEnd": -1,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": -1,
"sendEnd": -1,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 92.257
},
"responseTime": 1614986233043.061,
"protocol": "http/1.1",
"securityState": "secure"
},
"type": "Document",
"frameId": "0AF140F9EB36604229CEAA1D610DA467",
"hasUserGesture": false
}
},
{
"method": "Network.responseReceived",
"params": {
"requestId": "D3EE1699B7C6CCB9A2E3751CC66DA572",
"loaderId": "D3EE1699B7C6CCB9A2E3751CC66DA572",
"timestamp": 683681.975976,
"type": "Document",
"response": {
"url": "https://www.paulirish.com/",
"status": 200,
"statusText": "OK",
"headers": {
"date": "Fri, 05 Mar 2021 23:17:13 GMT",
"content-type": "text/html",
"last-modified": "Thu, 15 Oct 2020 04:50:24 GMT",
"cache-control": "max-age=600",
"expires": "Fri, 05 Mar 2021 23:27:13 GMT",
"vary": "Accept-Encoding,User-Agent",
"content-security-policy": "default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://api.github.com https://disqus.com https://go.disqus.com https://*.disquscdn.com https://www.google-analytics.com https://paulirish.disqus.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com; img-src * 'self' data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://paulirish.com https://fonts.gstatic.com https://firebaseinstallations.googleapis.com https://firebaselogging.googleapis.com https://firebaseremoteconfig.googleapis.com https://www.google-analytics.com https://firebaselogging-pa.googleapis.com; frame-src 'self' https://platform.twitter.com https://accounts.google.com https://jsfiddle.net https://vimeo.com https://player.vimeo.com https://embed.verite.co https://www.youtube.com https://apis.google.com https://disqus.com https://paulirish.wufoo.com; upgrade-insecure-requests; report-uri https://paulirish.report-uri.com/r/d/csp/enforce;",
"cf-cache-status": "DYNAMIC",
"cf-request-id": "08a6475d190000c51838221000000001",
"expect-ct": "max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"",
"report-to": "{\"group\":\"cf-nel\",\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report?s=JBld3kM9CKdddDkrh3%2Fln%2Bf6e%2F853D9D%2B%2BkTGpbDRqpv8FRcEY9CwrJAdXVtgJf1AbJNPMqj47lhZehugCeTPbNojaTmbUQ4eaCB457yWJS1mg%3D%3D\"}],\"max_age\":604800}",
"nel": "{\"max_age\":604800,\"report_to\":\"cf-nel\"}",
"server": "cloudflare",
"cf-ray": "62b70e74ff5ac518-ORD",
"X-TotalFetchedSize": "23160",
"X-ProtocolIsH2": "true",
"X-TotalMs": "282",
"X-TCPMs": "29",
"X-RequestMs": "246",
"X-ResponseMs": "7",
"X-Original-Content-Encoding": "br"
},
"mimeType": "text/html",
"connectionReused": false,
"connectionId": 0,
"remoteIPAddress": "",
"remotePort": 0,
"fromDiskCache": false,
"fromServiceWorker": false,
"fromPrefetchCache": false,
"encodedDataLength": 2146,
"timing": {
"requestTime": 683681.651801,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": -1,
"dnsEnd": -1,
"connectStart": -1,
"connectEnd": -1,
"sslStart": -1,
"sslEnd": -1,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": -1,
"sendEnd": -1,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 319.849
},
"responseTime": 1614986233365.476,
"protocol": "http/1.1",
"securityState": "secure"
},
"frameId": "0AF140F9EB36604229CEAA1D610DA467"
}
},Here is the same section of the devtools log when running Lighthouse locally with chrome canary:
{
"method": "Network.requestWillBeSentExtraInfo",
"params": {
"requestId": "34017A3A2DC1CB0B4E3A2BDBC64F20B1",
"associatedCookies": [],
"headers": {
":method": "GET",
":authority": "paulirish.com",
":scheme": "https",
":path": "/",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Linux; Android 7.0; Moto G (4)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4420.0 Mobile Safari/537.36 Chrome-Lighthouse",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"sec-fetch-site": "none",
"sec-fetch-mode": "navigate",
"sec-fetch-user": "?1",
"sec-fetch-dest": "document",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US,en;q=0.9"
}
}
},
{
"method": "Page.lifecycleEvent",
"params": {
"frameId": "F004E3FF02335E2B610F933D672EBECB",
"loaderId": "EF61FDAF5AC9129665FE3A54C4F9D456",
"name": "networkAlmostIdle",
"timestamp": 37482.05489
}
},
{
"method": "Page.lifecycleEvent",
"params": {
"frameId": "F004E3FF02335E2B610F933D672EBECB",
"loaderId": "EF61FDAF5AC9129665FE3A54C4F9D456",
"name": "networkIdle",
"timestamp": 37482.05489
}
},
{
"method": "Network.responseReceivedExtraInfo",
"params": {
"requestId": "34017A3A2DC1CB0B4E3A2BDBC64F20B1",
"blockedCookies": [],
"headers": {
"date": "Fri, 05 Mar 2021 23:37:03 GMT",
"cache-control": "max-age=3600",
"expires": "Sat, 06 Mar 2021 00:37:03 GMT",
"location": "https://www.paulirish.com/",
"cf-request-id": "08a6598736000027f466246000000001",
"expect-ct": "max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"",
"report-to": "{\"max_age\":604800,\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report?s=Y41kf3chc3eTlqk1jpBHF4MThltyIDfsWP3C7jaoNz91%2FNYUV0JsKbG3gtrVBMgWzAFJs3awOQ7U7GOdZgbUldPFNsMk8ZPlt5MXAE8U\"}],\"group\":\"cf-nel\"}",
"nel": "{\"report_to\":\"cf-nel\",\"max_age\":604800}",
"vary": "Accept-Encoding",
"server": "cloudflare",
"cf-ray": "62b72b852b4727f4-SLC"
},
"resourceIPAddressSpace": "Public"
}
},
{
"method": "Network.requestWillBeSent",
"params": {
"requestId": "34017A3A2DC1CB0B4E3A2BDBC64F20B1",
"loaderId": "34017A3A2DC1CB0B4E3A2BDBC64F20B1",
"documentURL": "https://www.paulirish.com/",
"request": {
"url": "https://www.paulirish.com/",
"method": "GET",
"headers": {
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Linux; Android 7.0; Moto G (4)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4420.0 Mobile Safari/537.36 Chrome-Lighthouse"
},
"mixedContentType": "none",
"initialPriority": "VeryHigh",
"referrerPolicy": "strict-origin-when-cross-origin"
},
"timestamp": 37482.744821,
"wallTime": 1614987423.429662,
"initiator": {
"type": "other"
},
"redirectResponse": {
"url": "https://paulirish.com/",
"status": 301,
"statusText": "",
"headers": {
"date": "Fri, 05 Mar 2021 23:37:03 GMT",
"cache-control": "max-age=3600",
"expires": "Sat, 06 Mar 2021 00:37:03 GMT",
"location": "https://www.paulirish.com/",
"cf-request-id": "08a6598736000027f466246000000001",
"expect-ct": "max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"",
"report-to": "{\"max_age\":604800,\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report?s=Y41kf3chc3eTlqk1jpBHF4MThltyIDfsWP3C7jaoNz91%2FNYUV0JsKbG3gtrVBMgWzAFJs3awOQ7U7GOdZgbUldPFNsMk8ZPlt5MXAE8U\"}],\"group\":\"cf-nel\"}",
"nel": "{\"report_to\":\"cf-nel\",\"max_age\":604800}",
"vary": "Accept-Encoding",
"server": "cloudflare",
"cf-ray": "62b72b852b4727f4-SLC"
},
"mimeType": "",
"requestHeaders": {
":method": "GET",
":authority": "paulirish.com",
":scheme": "https",
":path": "/",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Linux; Android 7.0; Moto G (4)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4420.0 Mobile Safari/537.36 Chrome-Lighthouse",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"sec-fetch-site": "none",
"sec-fetch-mode": "navigate",
"sec-fetch-user": "?1",
"sec-fetch-dest": "document",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US,en;q=0.9"
},
"connectionReused": false,
"connectionId": 28,
"remoteIPAddress": "172.67.130.17",
"remotePort": 443,
"fromDiskCache": false,
"fromServiceWorker": false,
"fromPrefetchCache": false,
"encodedDataLength": 476,
"timing": {
"requestTime": 37482.195017,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": 0.255,
"dnsEnd": 56.17,
"connectStart": 56.17,
"connectEnd": 118.602,
"sslStart": 85.07,
"sslEnd": 118.596,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": 118.754,
"sendEnd": 118.868,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 548.109
},
"responseTime": 1614987423427.278,
"protocol": "h2",
"securityState": "secure",
"securityDetails": {
"protocol": "TLS 1.3",
"keyExchange": "",
"keyExchangeGroup": "X25519",
"cipher": "AES_128_GCM",
"certificateId": 0,
"subjectName": "sni.cloudflaressl.com",
"sanList": [
"paulirish.com",
"sni.cloudflaressl.com",
"*.paulirish.com"
],
"issuer": "Cloudflare Inc ECC CA-3",
"validFrom": 1595548800,
"validTo": 1627128000,
"signedCertificateTimestampList": [
{
"status": "Verified",
"origin": "Embedded in certificate",
"logDescription": "Google 'Argon2021' log",
"logId": "F65C942FD1773022145418083094568EE34D131933BFDF0C2F200BCC4EF164E3",
"timestamp": 1595567700006,
"hashAlgorithm": "SHA-256",
"signatureAlgorithm": "ECDSA",
"signatureData": "304502201E5CE83AA7BAE618403970F57D84CA4A9C511EE06062322FB70F6CE12AC8832002210094815E1767254B1EA7DDD9AAB3618BF4F293315E744F1449B0D716B3E7A92848"
},
{
"status": "Verified",
"origin": "Embedded in certificate",
"logDescription": "DigiCert Yeti2021 Log",
"logId": "5CDC4392FEE6AB4544B15E9AD456E61037FBD5FA47DCA17394B25EE6F6C70ECA",
"timestamp": 1595567700057,
"hashAlgorithm": "SHA-256",
"signatureAlgorithm": "ECDSA",
"signatureData": "3045022100FC2DCFCFB1EC2C64EC36A6E75938B8C49AD124BD0CC96F16B334E8FE7C9CB6400220609D434E61CD7A92413709FB2038950F368541DCD1BAD4118BB80B0528E85724"
}
],
"certificateTransparencyCompliance": "compliant"
}
},
"type": "Document",
"frameId": "F004E3FF02335E2B610F933D672EBECB",
"hasUserGesture": false
}
},
{
"method": "Network.requestWillBeSentExtraInfo",
"params": {
"requestId": "34017A3A2DC1CB0B4E3A2BDBC64F20B1",
"associatedCookies": [],
"headers": {
":method": "GET",
":authority": "www.paulirish.com",
":scheme": "https",
":path": "/",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Linux; Android 7.0; Moto G (4)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4420.0 Mobile Safari/537.36 Chrome-Lighthouse",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"sec-fetch-site": "none",
"sec-fetch-mode": "navigate",
"sec-fetch-user": "?1",
"sec-fetch-dest": "document",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US,en;q=0.9"
}
}
},
{
"method": "Network.responseReceivedExtraInfo",
"params": {
"requestId": "34017A3A2DC1CB0B4E3A2BDBC64F20B1",
"blockedCookies": [],
"headers": {
"date": "Fri, 05 Mar 2021 23:37:04 GMT",
"content-type": "text/html",
"set-cookie": "__cfduid=d83583d8f5b34bd7eae780a4d89fb35411614987424; expires=Sun, 04-Apr-21 23:37:04 GMT; path=/; domain=.paulirish.com; HttpOnly; SameSite=Lax",
"last-modified": "Thu, 15 Oct 2020 04:50:24 GMT",
"cache-control": "max-age=600",
"expires": "Fri, 05 Mar 2021 23:47:04 GMT",
"vary": "Accept-Encoding,User-Agent",
"content-security-policy": "default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://api.github.com https://disqus.com https://go.disqus.com https://*.disquscdn.com https://www.google-analytics.com https://paulirish.disqus.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com; img-src * 'self' data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://paulirish.com https://fonts.gstatic.com https://firebaseinstallations.googleapis.com https://firebaselogging.googleapis.com https://firebaseremoteconfig.googleapis.com https://www.google-analytics.com https://firebaselogging-pa.googleapis.com; frame-src 'self' https://platform.twitter.com https://accounts.google.com https://jsfiddle.net https://vimeo.com https://player.vimeo.com https://embed.verite.co https://www.youtube.com https://apis.google.com https://disqus.com https://paulirish.wufoo.com; upgrade-insecure-requests; report-uri https://paulirish.report-uri.com/r/d/csp/enforce;",
"cf-cache-status": "DYNAMIC",
"cf-request-id": "08a6598991000027f49e97f000000001",
"expect-ct": "max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"",
"report-to": "{\"max_age\":604800,\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report?s=7mkW3UYZt2GAmiBzKTYWID2%2BM3yVhEUlobwRWp4I8MMaGf4VwXeI49DeS7p7XHMeHcvrNQe%2BtEP0ywXveSL1i1sVnwKrnSZSJDY1Plg1EKnNuQ%3D%3D\"}],\"group\":\"cf-nel\"}",
"nel": "{\"report_to\":\"cf-nel\",\"max_age\":604800}",
"server": "cloudflare",
"cf-ray": "62b72b88e98d27f4-SLC",
"content-encoding": "br"
},
"resourceIPAddressSpace": "Public"
}
},
{
"method": "Network.responseReceived",
"params": {
"requestId": "34017A3A2DC1CB0B4E3A2BDBC64F20B1",
"loaderId": "34017A3A2DC1CB0B4E3A2BDBC64F20B1",
"timestamp": 37483.528308,
"type": "Document",
"response": {
"url": "https://www.paulirish.com/",
"status": 200,
"statusText": "",
"headers": {
"date": "Fri, 05 Mar 2021 23:37:04 GMT",
"content-type": "text/html",
"set-cookie": "__cfduid=d83583d8f5b34bd7eae780a4d89fb35411614987424; expires=Sun, 04-Apr-21 23:37:04 GMT; path=/; domain=.paulirish.com; HttpOnly; SameSite=Lax",
"last-modified": "Thu, 15 Oct 2020 04:50:24 GMT",
"cache-control": "max-age=600",
"expires": "Fri, 05 Mar 2021 23:47:04 GMT",
"vary": "Accept-Encoding,User-Agent",
"content-security-policy": "default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://api.github.com https://disqus.com https://go.disqus.com https://*.disquscdn.com https://www.google-analytics.com https://paulirish.disqus.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com; img-src * 'self' data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://paulirish.com https://fonts.gstatic.com https://firebaseinstallations.googleapis.com https://firebaselogging.googleapis.com https://firebaseremoteconfig.googleapis.com https://www.google-analytics.com https://firebaselogging-pa.googleapis.com; frame-src 'self' https://platform.twitter.com https://accounts.google.com https://jsfiddle.net https://vimeo.com https://player.vimeo.com https://embed.verite.co https://www.youtube.com https://apis.google.com https://disqus.com https://paulirish.wufoo.com; upgrade-insecure-requests; report-uri https://paulirish.report-uri.com/r/d/csp/enforce;",
"cf-cache-status": "DYNAMIC",
"cf-request-id": "08a6598991000027f49e97f000000001",
"expect-ct": "max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"",
"report-to": "{\"max_age\":604800,\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report?s=7mkW3UYZt2GAmiBzKTYWID2%2BM3yVhEUlobwRWp4I8MMaGf4VwXeI49DeS7p7XHMeHcvrNQe%2BtEP0ywXveSL1i1sVnwKrnSZSJDY1Plg1EKnNuQ%3D%3D\"}],\"group\":\"cf-nel\"}",
"nel": "{\"report_to\":\"cf-nel\",\"max_age\":604800}",
"server": "cloudflare",
"cf-ray": "62b72b88e98d27f4-SLC",
"content-encoding": "br"
},
"mimeType": "text/html",
"requestHeaders": {
":method": "GET",
":authority": "www.paulirish.com",
":scheme": "https",
":path": "/",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Linux; Android 7.0; Moto G (4)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4420.0 Mobile Safari/537.36 Chrome-Lighthouse",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"sec-fetch-site": "none",
"sec-fetch-mode": "navigate",
"sec-fetch-user": "?1",
"sec-fetch-dest": "document",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US,en;q=0.9"
},
"connectionReused": true,
"connectionId": 28,
"remoteIPAddress": "172.67.130.17",
"remotePort": 443,
"fromDiskCache": false,
"fromServiceWorker": false,
"fromPrefetchCache": false,
"encodedDataLength": 1341,
"timing": {
"requestTime": 37482.745769,
"proxyStart": -1,
"proxyEnd": -1,
"dnsStart": -1,
"dnsEnd": -1,
"connectStart": -1,
"connectEnd": -1,
"sslStart": -1,
"sslEnd": -1,
"workerStart": -1,
"workerReady": -1,
"workerFetchStart": -1,
"workerRespondWithSettled": -1,
"sendStart": 74.553,
"sendEnd": 74.71,
"pushStart": 0,
"pushEnd": 0,
"receiveHeadersEnd": 779.721
},
"responseTime": 1614987424209.761,
"protocol": "h2",
"securityState": "secure",
"securityDetails": {
"protocol": "TLS 1.3",
"keyExchange": "",
"keyExchangeGroup": "X25519",
"cipher": "AES_128_GCM",
"certificateId": 0,
"subjectName": "sni.cloudflaressl.com",
"sanList": [
"paulirish.com",
"sni.cloudflaressl.com",
"*.paulirish.com"
],
"issuer": "Cloudflare Inc ECC CA-3",
"validFrom": 1595548800,
"validTo": 1627128000,
"signedCertificateTimestampList": [
{
"status": "Verified",
"origin": "Embedded in certificate",
"logDescription": "Google 'Argon2021' log",
"logId": "F65C942FD1773022145418083094568EE34D131933BFDF0C2F200BCC4EF164E3",
"timestamp": 1595567700006,
"hashAlgorithm": "SHA-256",
"signatureAlgorithm": "ECDSA",
"signatureData": "304502201E5CE83AA7BAE618403970F57D84CA4A9C511EE06062322FB70F6CE12AC8832002210094815E1767254B1EA7DDD9AAB3618BF4F293315E744F1449B0D716B3E7A92848"
},
{
"status": "Verified",
"origin": "Embedded in certificate",
"logDescription": "DigiCert Yeti2021 Log",
"logId": "5CDC4392FEE6AB4544B15E9AD456E61037FBD5FA47DCA17394B25EE6F6C70ECA",
"timestamp": 1595567700057,
"hashAlgorithm": "SHA-256",
"signatureAlgorithm": "ECDSA",
"signatureData": "3045022100FC2DCFCFB1EC2C64EC36A6E75938B8C49AD124BD0CC96F16B334E8FE7C9CB6400220609D434E61CD7A92413709FB2038950F368541DCD1BAD4118BB80B0528E85724"
}
],
"certificateTransparencyCompliance": "compliant"
}
},
"frameId": "F004E3FF02335E2B610F933D672EBECB"
}
},Here's what I noticed:
request...ExtraInfo events. PSI log has none.Network.responseReceivedExtraInfo response for the original request that redirects (but no Network.responseReceived like other requests 🤔 ). Devtools log doesn't have that.X-ProtocolIsH2 headers, as expected.redirectResponse on the Network.requestWillBeSent event for https://www.paulirish.com. In PSI, the X-ProtocolIsH2 header set, so the data is there! But we don't try to read this data from there.connorjclark
commented
3 years ago For your particular issue @SoftCreatR, it seems that the server for that URL is responding differently to PSI than to curl. Can you think of any reason that your server would respond with redirects like this:
https://www.softcreatr.com -> https://www.softcreatr.com/ -> https://www.softcreatr.com/ -> ... ?
SoftCreatR
commented
3 years ago @connorjclark Thanks for the info regarding the endless loop. This happened because your client did not accept cookies. However, I've just fixed that, because that was unintended and just a side-effect of something that has been implemented recently. This also fixed the PSI response for
https://www.softcreatr.com/login/?url=https%3A%2F%2Fwww.softcreatr.com%2F (Click)
which is the redirect target for
https://www.softcreatr.com/ (Click)
But as you can see, it still reports HTTP/1.1 wrong for the main URL.
connorjclark
commented
3 years ago Yup, can verify that here too. We'll track that bug in this issue.
As reported already (#12113), PSI reports a wrong HTTP version for several websites.
This seems to be a problem if the target page doesn't return a 200 response code.
Working: https://developers.google.com/speed/pagespeed/insights/?hl=de&url=https%3A%2F%2Fwww.softcreatr.com%2Fx.php Not working: https://developers.google.com/speed/pagespeed/insights/?hl=de&url=https%3A%2F%2Fwww.softcreatr.com
Doing
shows, that there are 1-2 redirects, before returning 200, but every response is sent via HTTP/2, so PSI's result is a false positive.