cross-site warning in chrome

A cookie associated with a cross-site resource at was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and provides some browser load-time analytics. These tools allow webmasters to diagnose website speed issues and see what browsers are spending the most time loading. The warning is generated because Chrome will be disabling this cookie in future releases for security purposes.

Nothing needs to be done to resolve this warning. Cloudflare will likely make code changes in the future before chrome loses support for this cookie.

Here’s an example of some of the data webmasters can get with the CloudFlare Browser Insights tool.

CloudFlare Insights Snapshot
Country-level loading data

Get set up with a Progressive Web App Service Worker on your site in 5 min

If your site isn’t already set up with a Service Worker, Chrome’s debugging tools throw a few errors under the “Progressive Web App” section of webpage auditing.

Current page does not respond with a 200 when offline

start_url does not respond with a 200 when offlineNo usable web app manifest found on page.

Does not register a service worker that controls page and start_url

Web app manifest does not meet the installability requirements Failures: No manifest was fetched.

A service worker enables your web app to be reliable in unpredictable network conditions. Learn more.

You’ll need 2 basic elements for a service worker, a sw.js file and a small snippet of code to be included on all pages you want the service worker active on.

Step 1: sw.js

This is the sw.js code. You’ll likely want to upload this code to your website

const cacheName = `serviceworker-0.6.18`;
self.addEventListener('install', e => {
  e.waitUntil( => {
      return cache.addAll([
          .then(() => self.skipWaiting());

self.addEventListener('activate', event => {

self.addEventListener('fetch', event => {
      .then(cache => cache.match(event.request, {ignoreSearch: true}))
      .then(response => {
      return response || fetch(event.request);

Before uploading the code, you’ll need to modify the cache.addAll file list to include the required javascript/css files for your site, logos and required images, as well as any pages you would like accessible while your user is offline. Delete index.html and the styles/scripts files included unless your files are located in the same location. I suggest including your top 3 pages (homepage, contact page, etc). Be aware, these pages will be loaded in the background by every browser visiting your site. You may also want to change “serviceworker-0.6.18” to the name of your site/service-worker.

Step 2. <script>

The second required element is the service worker script:

      if('serviceWorker' in navigator) {
        navigator.serviceWorker.register('/sw.js', { scope: '/' })
          .then(function(registration) {
                console.log('Service Worker Registered');

        navigator.serviceWorker.ready.then(function(registration) {
           console.log('Service Worker Ready');

Place this code within a <script> </script> element somewhere on your page.  You can use the console.log messages to ensure your service worker is getting registered properly.

Step 3. manifest.json

Although not required, you can add a manifest.json file to the root of your website to enable it to be installed as an app.

  "name": "Website Full Name",
  "short_name": "WebsiteShortName",
  "icons": [
      "src": "/images/icons-192.png",
      "type": "image/png",
      "sizes": "192x192"
      "src": "/images/icons-512.png",
      "type": "image/png",
      "sizes": "512x512"
  "lang": "en-US",
  "start_url": "/",
  "display": "standalone",
  "background_color": "white",
  "theme_color": "white"

You’ll need a png image at least 192×192 to pass all the Chrome audits.

Apple Card — Credit Check?

Does the getting the Apple Card check your credit? Yes. According to the Apple Card Terms and Conditions [pdf] an authorization is approved at the time of application. This is likely a “hard” credit check.

You authorize us to obtain one or more credit bureau reports (also known as consumer reports) and other information about you from credit bureaus and/or other third party sources for use in (1) evaluating your application for credit; (2) administering and servicing your Account; (3) collecting any amounts owed on your Account; (4) offering other products and services; and (5) other purposes permitted by law. You understand that, after evaluating your complete application and checking your report(s), we may decide not to offer credit or products to you.

Optimize Google Analytics / Google Tag Manager via Preconnect Headers

Add the following before the tag in your html to give google analytics loading a little boost and make the pagespeed and chrome auditing tool happy with your site

<link rel="dns-prefetch" href="">
<link rel="dns-prefetch" href="">
<link href="" rel="preconnect" crossorigin>
<link href="" rel="preconnect" crossorigin>

These optimizations can speed up your page load.
Opportunity: Preconnect to required origins
Consider adding preconnect or dns-prefetch resource hints to establish early connections to important third-party origins. Learn more.

CloudFlare Mirage Causing Google Pagespeed Hang Ups

After encountering some Sea-Themed Google Pagespeed Warnings for porpoiseant , jellyfish.webp, and banger.js, I’ve tracked down the offending code to be from CloudFlare’s Mirage tool (found under the Speed tab) 

From the CloudFlare Website, this is the summary of Mirage:

What does Mirage do?

Mirage tailors image loading based on network connection and device type. Devices with small screens receive smaller images, and slower connections receive lower resolution images. This speeds up page rendering so users can begin interacting with your website without waiting for images to download first.

Mirage improves page load time by:

  • Image Virtualizing: Replaces images with low-resolution placeholder images that have the same dimensions as the original (including third-party images). Once the page renders completely, full resolution images are then lazy-loaded (prioritizing images in the browser viewport). This process allows pages to render quickly and minimizes browser reflow.
  • Request Streamlining: Combines multiple individual network requests for images into a single request.

Note: Mirage does not transcode or otherwise alter the original full-resolution images.

Mirage is considered Beta because it’s an experimental feature that may cause issues displaying images in association with certain Javascript libraries, such as image carousels or photo viewers. Issues with Mirage affect only a small percentage of customers.


In a real-world setting, I imagine Mirage can provide some good speed advantages. This is even more true for image-lite sites where users are interested in reading the text first before the full-resolution images have loaded. Unfortunately, in Google’s Pagespeed-Lab context, the Googlebot sees Mirage as a drain to websites. Googlebot seems to prefer manually implemented image optimizations and lazy-loading techniques. Because Pagespeed is now a ranking factor and Mirage is still a beta feature, I am now avoiding the tool in order to avoid possible Google penalties for having an apparently slow site.

edmonton.webp jellyfish.webp banger.js 404 errors

I’ve been getting an increase in 404 errors hit by Googlebot recently: - - [01/Jul/2019:20:29:17 +0000] "GET /porpoiseant/banger.js?cb=169-1&bv=2&v=15&PageSpeed=off HTTP/1.1" 404 3277 "" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://ww - - [01/Jul/2019:10:37:53 +0000] "GET /detroitchicago/edmonton.webp?a=a&cb=170-1&shcb=27 HTTP/1.1" 404 "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +" - - [01/Jul/2019:10:37:53 +0000] "GET /porpoiseant/jellyfish.webp?a=a&cb=170-1&shcb=27 HTTP/1.1" 404  "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +"

I’m assuming this is either from a CloudFlare 3rd party app or perhaps one of the primary functions of CloudFlare. CF should really be handling these requests and not allow them to hit the back-end server.
The only third-party app I am using on CF is Google Analytics. Given the nature of the request, I’m assuming this could be an artifact from Rocket Loader or the WebP image loading function of CloudFlare Polish.

Have you seen these requests recently? Please share below so I can continue tracking this down.

Update: I’ve narrowed down the source of these requests: CloudFlare Mirage. Mirage is a CF addon intending to improve page load time by Image Virtualizing and Request Streamlining. CloudFlare uses some smart algorithms to serve mobile devices intelligently-optimized (lossy) images as well as lazy-loading the full resolution image. On top of this, Mirage manages to send all the page images over fewer network requests. Despite these supposed speed advantages, I’ve removed the Mirage tool from my websites. Here’s Why.

ZoomBot (Linkbot 1.0

I've posted the archive of below as it seems the link is now dead. I've blocked the ZoomBot from my web properties due to little added value.


Version: 1.0
Bot Type: Good (Identifies itself, has an official moniker)
Category: Marketing
Obeys Robots.txt: Yes
User-agent string: ZoomBot (Linkbot 1.0

What is ZoomBot

What is ZoomBot? ZoomBot is a Web Crawler that powers the 2 billions link database for SEOZoom tool. It constantly crawls web to fill our database with new links and check the status of the previously found ones to provide the most comprehensive and up-to-the-minute data to our users. Link data collected by ZoomBot from the web is used by marketers in Italy to plan, execute, and monitor their online marketing campaigns.

What is ZoomBot doing on your website?

ZoomBot is crawling your website making notes of outbound links and adding them to our database. It will periodically re-crawl your website to check the current status of previously found links. Our crawler does not collect or store any other information about your website. It does not trigger ads on your website (if any) and won’t add numbers to your Google Analytics traffic.

It does respect Robots.txt?

Yes, We respect robots.txt, only with disallow rule.
You can block our bot using this simple rule:

User-Agent: ZoomBot
Disallow: *

Please note that ZoomBot may need some time to pick the changes in your robots.txt file. This will be made prior to each next scheduled crawl.

Please also note that if your robots.txt contains errors and ZoomBot won’t be able to recognize your commands it will continue crawling your website the way it did before.

If you think that ZoomBot is someway misbehaving on your website or if you have any questions about it, please don’t hesitate to contact our support team [email protected]

GoogleInitIc – Google Adsense Experiencing a loading issue

Google Adsense / Double click seems to be experiencing some occasional loading issues across domains. Users are seeing the text “GoogleInitIc(document.body,’10,10,10,10′)” followed by a blank space in place of an advertisement. These issues appear widespread and could be impacting ad revenue.

GoogleInitIc loading error with blank ad space