Early Hints feedback

Now that this is available to some it’s time to give feedback. The welcome email doesn’t provide a way to give feedback it so I will post it here.

Using webpagetest with the proper command-line argument I can see the requests to some resources are initiated by the client when parsing the HTML instead of preloading from an early hint.

Our pages have preload statements at the start of head as well as the new Link response header. The tracing shows that all resources are being preloaded by the HTML statements instead of being initiated by the client preloader.

This is easy to see by looking at the waterfall - it shows the preload happens after onload instead of after the connection. I was expecting to see early hints loaded at the blue line below but it is happening at the red line:

Capture792×372 61.4 KB

Anyone else seeing this?

As I’m still waiting…waiting…

Shouldn’t there be a 103 response first? And then your browser preloads those assets? And when it comes time for page load, won’t those assets come from browser cache?

Early-hints-diagram-11740×860 59.8 KB

There should be a 103 response but it doesn’t look like it will appear in the Dev Tools (although you can look at Initiator to see if a resource request was initiated from HTML or Early Hint).

As it is, I am not seeing this happening - at least not yet.

image1048×298 11.5 KB

Most resources should come from the browser cache, even if the browser initiate it from a 103. In these cases the 103 will ensure the resource is in memory instead of disk cache.

I didn’t see that in your boxed section of dev tools. It looks like it went through the whole DNS/TLS/Wait/Receive process.

Exactly my point. The boxed section started at the red dotted line during onload (after receiving the full HTML from the server) when in fact it should’ve started at the blue dotted line just after the connection was established (when the 103 response should’ve been received).

Also the screenshot for one of the resources shows the loading started when the client parsed the HTML (line 8 is where the resource is declared for the first time).

Those two things make me think the early hint was not received by the client despite the switch being passed:

Just got admitted into the beta test and currently using rel=preconnect on my sites.

Testing Early Hints with Web Page Test (–enable-features=EarlyHintsPreloadForNavigation)

Early Hints with Web Page Test1440×916 187 KB

Screenshot 2021-10-15 at 10-03-131045×1739 72.5 KB

Without Flag Test

withoutflagtest1416×856 164 KB

Screenshot 2021-10-15 at 10-11-33-NOFLAG1052×1635 73.1 KB

I still can’t see any difference in how Early Hints change the way resources are downloaded - either via my own browser or webpagetest.

Since I activated Early Hints, I get massive 504 Gateway Timeouts in the analytics tab:

image922×641 25.6 KB

Same here…

Screenshot (712)1024×796 56.2 KB

Screenshot (713)1020×768 38.5 KB

Same here - from zero to thousands. Will post screenshot later.

I don’t think this is a Cloudflare problem as my preload links include resources in other domains and they load only after the HTML.

If this was only happening with Cloudflare resources, we would see resources from other sources loading earlier.

Perhaps this indicates something happening on the client side, perhaps a malformed request?

I have opened a support request asking how to provide feedback for this beta, since there was no contact details in the welcome email.

Yeah got the same 504 for nginx-ssl early hints user agent. Dug into my CF edge server logs via CF Enterprise logpush an have 1000s of entries.

example excerpt for one entry is

time pzcat /home/cfcmm-logs/20211013/*.log.gz /home/cfcmm-logs/20211014/*.log.gz /home/cfcmm-logs/20211015/*.log.gz | jq -r 'select(.BotScore <=100 and .ClientRequestHost == "blog.centminmod.com" and (.ClientRequestUserAgent| index("ssl")) and .ClientRequestPath == "/wp-content/themes/generatepress/assets/js/main.min.js" ) | "\(.ClientIP) \(.RayID)-\(.ParentRayID) \(.ClientRequestURI) \(.ClientRequestMethod) \(.ClientRequestReferer) \(.EdgeResponseStatus)-\(.EdgeResponseContentType) \(.OriginResponseStatus) \(.OriginResponseDurationMs)-\(.OriginResponseTime) \(.EdgeRequestHost) ctf-\(.CacheTieredFill) cs-\(.CacheCacheStatus) crs-\(.CacheResponseStatus)-\(.CacheResponseBytes) \(.EdgeColoCode) \(.ClientCountry) \(.ClientIPClass) \(.WorkerStatus)-\(.WorkerSubrequest)-\(.WorkerSubrequestCount) \(.BotScore) x \(.BotScoreSrc) \(.ClientRequestUserAgent) d-\(.ClientDeviceType) edgeip-\(.EdgeServerIP)"' 

3.219.212.117 69e4f7ea52f0578b-00 /wp-content/themes/generatepress/assets/js/main.min.js?ver=3.0.4 GET  504-text/html 0 0-0 blog.centminmod.com ctf-false cs-miss crs-504-1376 IAD us noRecord unknown-false-0 5 x Machine Learning nginx-ssl early hints d-desktop edgeip-

cs-miss crs-504-1376 IAD means cache status = miss with cache response status = 504 and response was 1376 bytes in size from IAD datacenter

504-text/html 0 means 504 edge response status with text/html content type and origin status code = 0

If I filter CF Firewall log on that log entry’s rayid get 2 firewall log entries for the same rayid! and they have identical timestamps!

image1002×161 9.82 KB

Pluck IP 3.219.212.117 into filtering my CF Firewall and it seems it’s caught and logged in my simulate/log (don’t block/challenge) only firewall rule I setup

image1009×688 31.2 KB

Though that useragent also gets caught and logged in my CF Firewall allow rules for verified bots

image1009×668 36.8 KB

Some Amazon AWS IP trying a PUT request and probably not getting a response back?

image962×615 27.9 KB

also GET requests

image1020×623 27.4 KB

Allow CF Firewall rule requests for verified bots with nginx-ssl early hints useragent are logged for Google, Yandex and Apple Engineering ASNs

image1030×510 17.7 KB

edit: oh I have Cloudflare Signed Exchanges beta enabled https://blog.centminmod.com/2021/10/13/2511/testing-page-speed-with-cloudflare-automatic-signed-exchanges-google-search-cache/ and also Crawler Hints beta enabled so not sure if that is related? @firat @akrivit

Some additional insights.

1. As mentioned above, I can also see 504 errors that started happening when Early Hints was enabled on my domain:

Screenshot 2021-10-17 081258937×651 65.8 KB

2. To demonstrate relation, I have disabled Early Hints earlier today and 504 errors instantly disappeared:

Screenshot 2021-10-17 081325932×651 54.8 KB

3. The errors would not be caused by malformed client requests. I believe these errors are the Early Hints module not correctly caching/responding the headers. This means the headers are never sent out, hence no difference in behaviour on the client side as reported in the first post in this thread.

4. The volume of 504 errors wouldn’t be influenced by client requests (as I previously wondered) because it’s an opt-in feature. For this volume of errors it would have to be a mainstream feature since very few people are using the command line args to launch the browser (in my case).

5. Question: what is the “nginx-ssl early hints” user agent mentioned before? It hits the domain as soon as Early Hints is enabled and stopped when disabled:

image984×671 37.3 KB

5. We don’t have a direct feedback to the team implementing this feature so it’s harder to get to the root cause here.

I have raised a support ticket and pointed to this thread. The reply today is that this was sent to engineering.

Same here we started to observe 504 from Cloudflare proxies.

We use Cloudflare and Akamai in a multi CDN model with Cedexis so it switched automatically to Akamai. Their preconnect/preload just works.

I also noticed various issues with Early Hints.

504 starting immediately after enabling it on various kind of resources at random.

5042146×1232 142 KB

Google Search Console inspection URL giving strange results even after disabling SGX.

gsc-early-hint3200×1058 332 KB

And then also some strange behaviour with Link headers mixed with what I think is an SGX stuff

mm21240×1118 155 KB

Do y’all know what the expected behavior is for requests already in cache? Would Early Hints not be sent in that case?

First seeing that for GSC inspection! FYI, Early hints 103 also breaks Google PageSpeed Insights and GTMetrix with non-HTML content type errors so could be similar to what GSC picked up?

That’s normal for SXG cached version AFAIK. Edit: actually re-checking might not be? Are you setting link headers via origin end or via something like CF Workers ? I am using CF Workers and not seeing it in SXG cached version.