Loading report data…
Grouped by simplified agent, JS/CSS capability, and Web Bot Auth. combination(s).
| User agent | JS | CSS | JS exec | Accept MD | WBA host | WBA valid | CSS ms | JS ms | Done ms | Exec ms | Last seen | Count |
|---|
All times are server-side log timestamps relative to the start beacon (fired by the edge worker as it returns the HTML). Exec ms is self-reported by the client script (time from script start to dispatching the done beacon). All columns show averages across sessions in the group; — means none were recorded.
Worker returns HTML ──── start beacon logged
│
├─── CSS fetched ──────────────── CSS ms
│
├─── JS fetched ───────────────── JS ms
│ │
│ └─ script executes ──── Exec ms
│ │
└─── done beacon ───┘ ─────────── Done ms
Done ms > JS ms + Exec ms (plus done beacon network time). CSS ms < JS ms in most sessions since the CSS link appears first in the HTML.
'Accept MD' shows whether the requestor explicitly mentioned markdown documents in the accept http header.
'WBA' is web-bot-auth; it lists the hostname specified by the request, and 'WBA valid' shows whether the signature could be validated (requiring access to the directory file, and being able to validate the cryptographic signature). Note that some requestors block bots from accessing the directory file, so the signature can't always be validated.
If you want to test Web Bot Auth on static sites, check out the JavaScript WBA-detection snippet from VoightKampff.dev