WebPagetest Forums
Additional request in Firefox - Printable Version

+- WebPagetest Forums (https://www.webpagetest.org/forums)
+-- Forum: Web Performance (/forumdisplay.php?fid=3)
+--- Forum: Discuss Test Results (/forumdisplay.php?fid=4)
+--- Thread: Additional request in Firefox (/showthread.php?tid=14136)



Additional request in Firefox - sharma.divyank - 12-29-2015 10:02 PM

I was testing one of the websites and found some extra requests in Firefox,
Like -
https://search.servi...S/SG/default/default
http://ocsp.entrust.net/
http://ocsp.digicert.com/

These requests aren't included in page, also they do not appear when I tested same web page from different browsers (IE and Chrome) on same machine.

Also will blocking these requests for the run would help?
Please take a look -
http://www.webpagetest.org/result/151227_1K_f38b82b45e35c8b4f1dc48e4804da710/1/details/


RE: Additional request in Firefox - akshayranganath - 12-29-2015 10:18 PM

Firefox (and all browsers) implement what's called as OCSP stampling. This article explains the behavior: https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/. It looks like the Firefox has been hardened to verify the TLS cert validity.

tl;dr; - The income tax site is not sending the certificate validity information and FF is defaulting to the OCSP check. This can be disabled through the browser's "about:config" setting. This will not be possible on WPT public instance.

For your use case, you could just block the domain and re-test. However, I'd suggest you to not do this. My suggestion would be to run 2 tests with the OCSP domains blocked and not blocked. You should consider both the response since some browsers (esp those behind corporate proxies) would be hardened to check for OCSP signatures.