Categories
Tools

Down For Everyone Or Just Me (#29)

Ever try a website only to have it not load and wonder to yourself, “I wonder if this is down for everyone or if it is a problem with my network?”

http://downforeveryoneorjustme.com

Because sometimes connections drop, or your DNS is somehow holding onto a change, or you have some kind of cookie or session issue with a website, to the rescue is DownForEveryoneOrJustMe.com

The beauty of Down For Everyone Or Just Me is that it form a triangle: You are accessing DFEOJM, then DFEOJM pings the real website, and then DFEOJM responds to your request.

Most of the time, if you can actually access DFEOJM, your internet connection is working OK so, in theory, you should also be able to access the website you are trying to get to. But every now and then you run into a DNS resolution related bump (that means a problem getting your domain name or subdomain to be found on the internet DNS, which kind of like a global directory.)

This tool is like having “a friend on another network” who can test to see if the website down for them too.

Also, you might remember the attack on DynDNS on October 21, 2016, which had regional effects: people on providers in North America were unable to get DNS resolution on certain domains because of a DDOS (denial of service) attack on DynDNS, which in turn affected most websites across America. (In that example, it was an attack on the intermediary SSL certificates.) Nonetheless, if the domain is experiencing some kind of regional resolution failure as was seen on 10/21/2016, DFEOJM could be used to test DNS resolution remotely.

Categories
Tools

ViewDNS.info (#28)

http://www.viewdns.info

ViewDNS is the omnibus DNS tool for everything and everyone!

You can reverse IP (get the network name associated with the IP address)

Categories
Tools

MX Toolbox (#27)

Ahh, the art of correctly configuring you domain to send and receive email.

The MX records of your domain goven where incoming email gets delivered to — specifically, the actualy server addresses themselves. (Or possibly, fully-qualified domain names.)

MXToolbox is

http://mxtoolbox.com

Google’s MX and DMARC settings
Settings for a website with DMARC

You would use MX Toolbox to examine three things about a domain name: (1) the MX records, (2) outgoing SMTP servers configured as SPF records, (3) DKIM settings, and (4) DMARC settings.

Remember, #1 is essential for incoming mail, and #2 is where you configure your outgoing mail.

#3 is DKIM is an advanced authentication system designed for large companies and banks who would be the target of phishing attacks— like Chase, PayPal, Bank of America, etc. It prevents email spoofing. Although most domains aren’t the target of email spoofing, you should be concerned if your website or domain has some kind of login or access to financial gain (like a “send money to my bank account” feature). If it does, hackers will wan to spoof your customers into believing emails from them are actually from you. This is easy to do in the email “from” header of the message, and so it is up to the customer to recognize if an email looks fake. Using DKIM, you can proactively prevent email spoofing by configuring your DNS settings.

#4 is DMARC is a policy related to both DKIM and SPF and is also applicable to large institutions. The reason for this is that DMARC is a technology where the domain owner analysis who is trying to impersonate them and gain the trust of their customers with fake (spoof) content. This is because many of the larger corporations have multiple outgoing mail servers— like hundreds— and DMARC lets a large IT infrastructure migrate to only allowing trusted senders via a graduate process.

You would use this tool if you were a domain owner and you wanted to understand how you mail is working (or not working) at the DNS level.

Categories
Tools

What’s My Chain Cert (#26)

Ok and coming in for the home stretch we go into a Domain & DNS tools segment to close out the series

https://whatsmychaincert.com/

When you manually install an SSL certificate, you actually need to be concerned with probably 2 or 3 separate certificates: yours, the certificate of your issuing provider, and the certificate of their provider. It’s kind of like a pyramid scheme, but it ensures that only the trusted certificate providers are in control of what valid TLS/SSL certs are being used.

Note that if you correctly install your certificate but not the parent certs (also known as the “chain cert”), your visitors will see SSL warnings in their browsers. This happens also if one of the intermediary certificates (that is, the two above yours) has a problem (like they become expired).

As well, as this website handily explains:

To complicate matters, browsers cache chain certificates, meaning that an improperly-configured chain could work in some browsers but not others, making this an annoying problem to debug.

This site tests if your server is serving the correct certificate chain, tells you what chain you should be serving, and helps you configure your server to serve it.

Use the tool WhatsMyChainCert.com to debug and examine these.

Categories
Tools

BuiltWith (#25)

BuiltWith is a quick and dirty tool that does one thing and it does it very well: It tells you what specific technologies any given website was created with: down to the Analytics/Tracking they are using, Widgets they have installed, their back-end technologies (also known as “the stack”), the technology they are using for mobile, payment processing, and JavaScript Libraries. You also see information about Advertising, email sending providers, SSL certificates, CDNs, the document encoding, and more.

It’s kind of like peaking behind the curtain.

Categories
Tools

Ahrefs Backlink Checker (#17)

Ahrefs refer to the html tag known as the anchor tag (also known as a link), a very common tag developers and non-developers alike recognize:

<a href="www.google.com">Google</a>

This is how to make a normal link on a website. A backlink is a link from someone else’s website to your website. Thus, the Ahrefs Backlink Checker is a tool you use to see all the other links on the internet back to your website.

This page has a wealth of information, including multiple rating & scoring metrics for the domain.

Let’s explore some of the column heading here, which describe both what you are looking at and provide and provide some education into how the tool works.

The DR is the Domain Rating

UR rating is URL Rating

The Referring Domains is a count of how many unique referring domains link back to your domain. The traffic column is an estimate of your organic traffic (search results) came from that backlink. (That is, how much organic search traffic the referring page has.

Finally, the Anchor & Backlink column shows the anchor text of the backlink (That’s what people actually click on.)

Ahrefs Backlink Checker has even more tools too: competitive analysis (find out what keywords your competitors rank for that you don’t), email alerts, batch analysis, and broken links too.

Categories
Tools

Google Page Speed Insights (GPSI) (#2)

GPSI — Google Page Speed Insights is also a page speed optimizer, but it has fewer frills than WebPageTest and gives less information.

It does not show you all your endpoints individually, but instead gives you an aggregate score for your mobile and web speeds.

Let’s do a quick run through on the popular shoe website Zappos.

First load up https://developers.google.com/speed/pagespeed/insights/ and enter your URL:

Wait for Google to buid your report…

Now you will see the report:

A few things to note:

  1. GPSI uses several factors and shows you a composite score. You have separate scores for mobile & desktop, so be sure to switch to the “Desktop” tab to see your desktop score.
  2. Most websites score very low. Rarely do I see a site whose score is above 30, so if yours is low don’t feel bad. Google has very high standards for this tool.

You will see several important metrics. Here is a brief introduction.

Field data is a historical report of how a site has performed and represents “anonymized performance data from users in the real-world on a variety of devices and network conditions.” Lab data, on the other hand, is completely simulated and happens inside of Lighthouse, which is a tool Google is using to analyze your website. (A third metric is Origin Summary which aggregates all pages for the domain.)

First Contentful Paint (FCP) is the average time that it takes the browser to start painting (or rendering) the page. Largest Contentful Paint (LCP) is a measure of loading performance. First Input Delay (FID) is when your web page becomes interactive (known in other tools as “DOM Interactive”).

Read all about the details of GPSI here and be sure to read the details of the web vitals (which explains the meaning of the metrics).

Categories
Tools

WebPageTest.org (#1)

July is marketing & optimization month. Every day this month I will introduce a new tool for marketing or web optimization. To kick things off I’m starting with the most valuable of them all: The ultimate benchmarking tool for site speed optimization.

You simply enter your URL into the bar and then wait. (Because it’s free, you are sharing the resources with everyone else. Sometimes it can take up to a minute or two to profile your site. The number of other people using the tool at the same time will determine how long it will take — like waiting in a queue while on hold on the phone.)

The first thing you’re going to see is a screen like this:

WebPageTest.org — This is one of the secret tools for web page optimizers (like me!) who make your website really fast. This will break down your page’s load time (into a “waterfall” chart) showing you which external endpoints are taking longest, which ones are blocking the page, and how to speed up your site.

An excellent remote benchmarking tool with breakdowns of each of your external web requests, showing times for DNS, SSL Negotiation, TTFB (Time-To-First-Byte), Content Download. It includes critical five page-wide metrics that you need to pay attention to:

• First Byte

• DOM Interactive

• First Paint

• the all-important DOM Content Loaded (also known as $(document).ready in jQuery*)

• the also-important Content Download time (also known as $(window).load in jQuery*)  

You’ll often want to run it a few times (in fact by default it runs twice anyway). 

[*Note that jQuery is not required to be running on these websites. These are the corresponding jQuery hooks for the page rendering lifecycle associated with these events.]

This view shows you an aggregate summary. It actually runs the test three times, but usually, you get close results. In the area where you see the Network chart next to “First View,” click once.

Now you’ll come to the detail view for the measurements.

This screen is where the magic happens. There’s a lot of information on this page, and I could teach a whole course on this subject. The two most important measurements to learn about first are: First content paint (look for a light green line, not the dark green line) and the Document Complete (look for a blue line). Both are expressed as a number (and fraction) of seconds.

In a very simplistic summary: The First content paint is when the user will first see content, and the Document Complete is when they can interact with the page.

The First Byte time is largely dependent on your server architecture and your app and is beyond the scope of this article. If you have long First Byte times try New Relic as performance tool to find the bottlenecks in your app and figure out how to eliminate.

For the most part, DOM Interactive and First paint you don’t have control over, assuming your assets are correctly cached and delivered via a CDN. 

The DOM Content Loaded is what we believe to be the most significant factor in the GPSI score, but keep in mind that Google will punish you if above-the-fold content is not loaded by the DOM content loaded point, or shortly thereafter. Consider there are many seconds between the 4th and 5th measurements, your images and some Javascripts are downloading. What you want to do is prioritize the above-the-fold images first, so they appear for the user as quickly as possible.

If you do this, GPSI will favor you. If you don’t do this and your Content Download times ($(window).load) extend out several seconds, your GPSI score (and we believe Google PageRank) will drop. 

Next, you’ll need to understand how to load your Javascript, internal & external, using async and defer. Unfortunately, that’s beyond the scope of this post today.

Webpagetest is the gold standard for a reason: It gives you nice scores for: First Byte Time, Keep-alive Enabled, Compressed transfers, Compressed images, cached static content, and using a CDN. 

Caveats: I’ve noticed that WPT tends to list many ad pixels — which inherently cannot be cached– in the “Leverage browser caching of static assets” section and thus may give a lower score here if you have too many ad pixels. I’m not exactly sure why WPT isn’t smart enough to know that these are ad pixels, maybe it would be better if the ad industry moved over to AJAX requests via JSON endpoints instead (cough, cough, antiquated technology, cough, cough). Perhaps if more did then a tool like this wouldn’t see ‘pixels’ (non-visible image files that serve only to communicate with foreign servers but aren’t actually images the user sees) as cacheable resources. 

Although this optimization tool is a little complex for non-technical users, laymen marketers and site builders can easily run their site through WPT to get a sense of how fast their site is performing. Remember, it can publicly profile any website so you can run tests on your competitors’ websites too.