WQI.webqualityindex

Knowledge Base

Learn

15 articles · 4 categories · formal methodology →

Plain-English explainers for the technical signals Web Quality Index measures. Each article covers what something is, why it matters, what good looks like, and how to fix it — written for site owners and developers, not just security engineers.

Foundational concepts

Certificate chain of trust Beginner 5 min 3 factors Browsers don't trust your server's certificate directly. They trust a small handful of root certificates baked into the OS, and trust flows down through intermediate certs to the leaf cert your server sends. This article explains how the chain works, why it exists, and what breaks when it doesn't.
What is TLS? Beginner 6 min 3 factors TLS is the protocol that makes HTTPS work — it lets a browser confirm a server's identity and exchange a fresh secret key, then encrypts everything that follows. This article walks through the handshake, the threat model, and the SSL-vs-TLS naming history without burying you in RFCs.

Security

Privacy

Encrypted Client Hello Intermediate 6 min WEBQ-93 In standard TLS, the very first message a browser sends carries the hostname in plain text — visible to anyone watching the network. Encrypted Client Hello hides it. Cloudflare went GA on ECH in September 2023; Firefox enabled it by default in 2024. For users on hostile networks (corporate proxies, censoring countries, public Wi-Fi) this is a real privacy upgrade.

Performance

Handshake latency Beginner 4 min 2 factors Wall-clock time from TCP open to TLS handshake complete, in milliseconds. Slow handshakes hurt page-load LCP for first-time visitors and signal poor server tuning — usually a fixable problem rather than a fundamental constraint. Common culprits: no OCSP stapling, RSA cert on a CPU-bound box, geographically distant origin.