Title: Ninja adding 3 Seconds to Page Load time on HTTPS: Last modified: August 30, 2016 --- # Ninja adding 3 Seconds to Page Load time on HTTPS: * Resolved [TheSeoGuy](https://wordpress.org/support/users/theseoguy/) * (@theseoguy) * [10 years, 6 months ago](https://wordpress.org/support/topic/ninja-adding-3-seconds-to-page-load-time-on-https/) * Hi there * I have just switched my site to HTTPS and also enabled Cloudflare CDN. I did expect a slight slowdown in page load performance but was really surprised to find load times were more than doubled. * Looking at Pingdom/GTMetrix/Webpagetest results, all had a 2.5 to 3 second delay on the first line of the load ‘waterfall’. This was not due to the SSL impact. * I eventually discovered that if I disabled the Ninja WAF, Pingdom loaded the 545kb Home page in approx 1.3 seconds and the lengthy initial wait dropped to a few milliseconds. * With the WAF enabled, it took 5 seconds… Similar results on the other two test platforms. * Does anyone have any suggestions as to why this would occur? Or if there are settings that should be enabled to eliminate that initial lag time? * Kind regards Ben * [https://wordpress.org/plugins/ninjafirewall/](https://wordpress.org/plugins/ninjafirewall/) Viewing 8 replies - 1 through 8 (of 8 total) * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 6 months ago](https://wordpress.org/support/topic/ninja-adding-3-seconds-to-page-load-time-on-https/#post-6791733) * Hi, * Regarding NinjaFirewall, there isn’t any difference between HTTP and HTTPS because incoming traffic is decrypted by your HTTP server before being forwarded to PHP and NF. You may have an issue/conflict somewhere. You can export your configuration and send it to me at: contact-at-nintechnet-dot-com if you want. Do not use the firewall built-in export function, but the following script instead because, unlike the export option, it will anonymize your data: * [http://nintechnet.com/share/wp-export.txt](http://nintechnet.com/share/wp-export.txt) 1. Rename this file to “wp-export.php”. 2. Upload it into your WordPress root folder. 3. Goto [http://YOUR](http://YOUR) WEBSITE/wp-export.php 4. Delete it afterwards. * It would help to know your server settings too: 1. Your HTTP server + its version. 2. You PHP SAPI (CGI, FPM etc) and its version. * Also, did you try to disable Cloudflare and to use only NinjaFirewall + HTTPS? * Thread Starter [TheSeoGuy](https://wordpress.org/support/users/theseoguy/) * (@theseoguy) * [10 years, 6 months ago](https://wordpress.org/support/topic/ninja-adding-3-seconds-to-page-load-time-on-https/#post-6791752) * Thanks for the prompt response. * I have just emailed the wp-export file to you. * HTTP Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/ 1.4 * PHP: 5.4.38 SERVER API: CGI/FastCGI * Re disabling Cloudflare – no, not yet. Did you mean “Pause it – will temporarily deactivate CloudFlare for your domain” or reset the DNS Records back to the original settings? * Kind regards Ben * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 6 months ago](https://wordpress.org/support/topic/ninja-adding-3-seconds-to-page-load-time-on-https/#post-6791756) * I received it, and will check it this weekend. * Regarding Cloudflare, I think the “Pause it” option is the right one. * You can also try to disable HTTPS filtering from “NinjaFirewall > Firewall Policies > Enable NinjaFirewall for” and select “HTTP traffic only”, just to see if that makes a difference or not. * Did you check in the firewall log if there was anything wrong (e.g., Pingdom or other bot could be blocked although it would be unusual)? * Thread Starter [TheSeoGuy](https://wordpress.org/support/users/theseoguy/) * (@theseoguy) * [10 years, 6 months ago](https://wordpress.org/support/topic/ninja-adding-3-seconds-to-page-load-time-on-https/#post-6791794) * Setting the HTTPS filtering to off made no discernible difference at all. * Cloudflare – I paused it, but I am not sure how long it takes for the impact of that change to come into effect. In any event, that should make things slower, given that the caching and global content distribution is supposed to be the big benefit of Cloudflare…. * Log files – nothing stands out there… * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 6 months ago](https://wordpress.org/support/topic/ninja-adding-3-seconds-to-page-load-time-on-https/#post-6791798) * I tried NinjaFirewall using your configuration, but did not see any differences between HTTP and HTTPS with both Nginx and Apache. As I mentioned in a previous message, the HTTPS en/decryption is handled by the HTTP server, hence it should not affect PHP or NinjaFirewall. * If there isn’t any problem with Cloudflare, you may try to temporarily disable each plugin one by one to see whether there is a conflict with them. Maybe it could come from a plugin dealing with caching, or any kind of website optimization? * Thread Starter [TheSeoGuy](https://wordpress.org/support/users/theseoguy/) * (@theseoguy) * [10 years, 6 months ago](https://wordpress.org/support/topic/ninja-adding-3-seconds-to-page-load-time-on-https/#post-6791801) * I have W3 Total Cache running, and there is a setting as follows: Cache SSL ( https) requests: Cache SSL requests (uniquely) for improved performance * *DISABLING that actually improved performance by 2 seconds!!! 🙂 * Unfortunately, that made no difference to the 3 second lag that Ninja WAF is adding since implementing HTTPS. * The [http://www.theseoguy.co.nz](http://www.theseoguy.co.nz) site is in NZ, testing as follows; Gtmetrix.com – Sydney – 5.4 seconds with WAF, 1.8 seconds if disabled Pingdom.com – Melbourne – 3.4 seconds with WAF, 991ms seconds if disabled * I’ve little previous experience of adding SSL on a WordPress site but the test at [http://www.ssllabs.com/ssltest/](http://www.ssllabs.com/ssltest/) gives the site an “A” rating… * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 6 months ago](https://wordpress.org/support/topic/ninja-adding-3-seconds-to-page-load-time-on-https/#post-6791806) * It is odd if that did not make any difference after disabling HTTPS traffic filtering. Is the connection to your server fully encrypted, i.e., from the user to your server, or partially only, i.e., encrypted from the user to Cloudflare and in clear text from Cloudflare to your server? You can see that if you connect to your site over HTTPS and then go to “NinjaFirewall > Firewall Policies > HTTP response headers” (it does not matter if NF is disabled or not): if the “Strict- Transport-Security (HSTS)” is disabled and shows a “_HSTS headers can only be set when you are accessing your site over HTTPS_” message, it is a partial HTTPS encryption only. * Could you try to disable the 3 “HTTP response headers” options that you enabled: X-Content-Type-Options, X-Frame-Options and X-XSS-Protection. Does it make a difference? * Three seconds is huge. Do you feel that difference when you connect to your site with the firewall on, or it is only reported by Pingdom/Gtmetrix ? Did you try to benchmark it yourself using your browser (e.g., Chrome DevTools etc)? * [OviLiz](https://wordpress.org/support/users/ovib/) * (@ovib) * [10 years, 6 months ago](https://wordpress.org/support/topic/ninja-adding-3-seconds-to-page-load-time-on-https/#post-6791946) * When using Pingdom/Gtmetrix (with the last one you have to create a free account) please make sure to choose the closest server to you and then proceed with the test. Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘Ninja adding 3 Seconds to Page Load time on HTTPS:’ is closed to new replies. * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137) * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/) * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/) ## Tags * [SSL](https://wordpress.org/support/topic-tag/ssl/) * 8 replies * 3 participants * Last reply from: [OviLiz](https://wordpress.org/support/users/ovib/) * Last activity: [10 years, 6 months ago](https://wordpress.org/support/topic/ninja-adding-3-seconds-to-page-load-time-on-https/#post-6791946) * Status: resolved