Hi,
I was using Hotjar to track my website performance and found below issues which needs to fixed immediately. Can anyone assist in this?
Things to be Fixed:
- Defer parsing of JavaScript (t.contentsquare.ne[...]2.js (447.7KiB) of JavaScript is parsed during initial page load. Defer parsing JavaScript to reduce blocking of page rendering.)
- 11 resources has a non-consistent extension with its actual content (This page contains 11 resources that use extensions that aren't consistent with their
Content-TypeHTTP headers: (detected: image/avif | recommended: image/png)) - The Content Security Policy is missing (Protect your website from cross-site scripting (XSS) attacks by setting up a restrictive Content-Security-Policy.)
- Specify a character set in the response HTTP Header (Specify the character set used in the Content-Type HTTP header allows the browser to parse immediately the page. For example:
content-type: text/html;charset=UTF-8) - This page is exposed to "clickjacking" type attacks (Keep malicious people from integrating your pages into their websites. Configure a "X-Frame-Options" HTTP header or Define an explicit
frame-ancestorsdirective into a Content-Security-Policy HTTP Header. )
Things to be Improved:
- robots.txt file should be defined
- Disable the auto detection of resource type (Protect yourself from malicious exploitation via MIME sniffing.)