Website Performance Report

lighthousecu.org

Audited March 31, 2026

This report presents five months of performance data for lighthousecu.org, measured against Google’s published standards and comparable peer sites.

Pre-Oct 2025

Original site

Oct 2025

New site launches

Jan 2026

Follow-up audit

Mar 2026

This report

Every metric in this report comes from Google’s own measurement tools and independent third-party monitoring. No proprietary scoring, no subjective ratings.

Sources: Chrome User Experience Report · Google Lighthouse · Oh Dear Uptime Monitoring · WP Bullet · WP Rocket

Downtime incidents

122 days. Peer sites on Pantheon: 0.

9.5s

Mobile page load (LCP)

Google threshold: ≤ 2.5s

Mobile PageSpeed

Out of 100. Original site: 69.

4 of 4

Lighthouse categories declined

Performance · Accessibility · Best Practices · SEO

Uptime & Reliability

122 days of continuous uptime monitoring via Oh Dear third-party monitoring, Dec 1 2025 through Mar 31 2026. Two hosting environments, same monitoring tool, same time period.We tracked whether the website was online or offline every minute for 122 days, from December through March. We monitored multiple comparable credit union sites ($2B+ in assets) at the same time for comparison.

Source: Oh Dear Performance Monitoring · Dec 1, 2025 – Mar 31, 2026

lighthousecu.org — Current Host

Downtime incidents (122 days)Times the site went offline (122 days)

Total downtimeTotal time offline

2h 21m

Days below 100% uptimeDays with any downtime at all

of 122 monitored days

Business-hour incidents (9am–5pm)Outages during banking hours (9am–5pm)

Pantheon-Hosted Peer SitesComparable Credit Union Sites

Downtime incidents (122 days)Times the site went offline (122 days)

Total downtimeTotal time offline

0 min

Days below 100% uptimeDays with any downtime at all

of 122 monitored days

Business-hour incidents (9am–5pm)Outages during banking hours (9am–5pm)

Incidents Per MonthOutages Per Month

Volume of detected downtime events by month. Comparable Pantheon-hosted peer sites recorded zero incidents across all four months.How many times the site went down each month. The comparison sites had zero outages across all four months.

Days Affected Per MonthDays With Downtime Each Month

Percentage of days in each month where uptime dropped below 100%. Trend is accelerating.What percentage of days had at least some downtime. The trend is getting worse, not better.

lighthousecu.org

98 incidents over 122 days98 outages over 122 days

Pantheon-Hosted Peers

0 incidents over 122 days

Incidents by Hour of DayWhat Time of Day Outages Happen

67% of all incidents occurred during business hours (9am–5pm). The 12pm spike aligns with peak member activity.Two-thirds of all outages happened while members were trying to bank (9am–5pm). The biggest spike is at noon.

Why the difference?

Pantheon's infrastructure includes a Global CDN edge layer that serves cached pages independently of the application server. During application-layer downtime, the edge continues serving content — even past normal cache expiration — so visitors never encounter error pages. Hosting-level issues don't become member-facing outages.Pantheon uses a system that keeps serving your website from a backup copy even when the main server has problems. Visitors never see an error page because the backup kicks in automatically. Server issues stay behind the scenes and don't affect members.

Avg. Response Time

2,174ms

Pantheon-hosted peers (avg.): 194ms
lighthousecu.org is 11× slower

Source: Oh Dear third-party monitoring

CDN (Content Delivery Network)

Not detected

Standard: CDN for static assets

Source: HTTP response headers

Browser Caching

Disabled

no-store, no-cache, must-revalidate, max-age=0

Every page load is a full server round trip. Zero assets cached in the browser.

Source: Cache-Control response header

WordPress Server-Timing

510ms

wp-before-template;dur=510.82 — 510ms just to reach the template phase, before any content is rendered.

Source: Server-Timing response header

Speed & Loading

Two data sources. A controlled Lighthouse audit comparing both sites under identical conditions, and real-user field data from Google Chrome showing how performance changed after the October 2025 launch.Two ways of measuring speed. First, a side-by-side test of the original site vs. the current site under identical conditions. Second, real data from actual visitors using Chrome on their phones.

Original Site

Performance

100

Accessibility

Best Practices

100

SEO

Current Site (Elementor)Current Site

Performance

Accessibility

Best Practices

SEO

Largest Contentful PaintTime to see the page

4.1s → 9.5s

+5.4s (+132%)+5.4 seconds slower

Benchmark: ≤ 2.5sGoogle says: under 2.5 seconds

Total Blocking TimeTime the page is frozen

380ms → 2,450ms

+2,070ms (+545%)+2 seconds more freezing

Benchmark: ≤ 200msGoogle says: under 0.2 seconds

First Contentful PaintTime to first sign of life

2.3s → 2.3s

No change

Benchmark: ≤ 1.8sGoogle says: under 1.8 seconds

Cumulative Layout ShiftHow much the page jumps around

0.018 → 0.097

+439%5x more shifting

Benchmark: ≤ 0.1Google says: under 0.1

LCP (Largest Contentful Paint)
How long until the main content is visible. Google says under 2.5 seconds.How long a visitor waits before they can actually see your page. Google wants this under 2.5 seconds.
TBT (Total Blocking Time)
How long the page is frozen and unresponsive to taps. Google says under 200ms.How long the page ignores taps and clicks after it starts loading. Google wants this under 0.2 seconds.
FCP (First Contentful Paint)
How long until anything appears on screen. Google says under 1.8 seconds.How long the screen stays completely blank. Google wants this under 1.8 seconds.
CLS (Cumulative Layout Shift)
How much the page content jumps around during loading. Google says under 0.1.How much things shift and move around on screen while the page loads. Google wants this under 0.1.

Real-User Field Data

LCP Degradation Over Time

The Lighthouse audit above is a controlled snapshot. The Chrome User Experience Report (CrUX) shows the trajectory — real Chrome users on real phones, aggregated by Google. LCP has climbed steadily since the Elementor launch and is now hovering around 3.5 seconds with no sign of recovery.

Original Website (Q3)

LCP (mobile, p75)

vs. Google’s threshold

1,600ms under

Current Website (Last 3 Weeks)

LCP (mobile, p75)

vs. Google’s threshold

+1,043ms over

Change: +2,643ms slower (3.9x)

LCP Over Time — Mobile, 75th PercentilePage Load Speed Over Time — Mobile Visitors

CrUX field data from real Chrome sessions, 75th percentile. The vertical marker indicates when the Elementor site launched. Green zone = Google’s “Good” threshold (≤ 2,500ms). 1 in 4 visitors experiences something even worse than the numbers shown.Real data from actual Chrome users visiting the site on their phones. The dotted line marks when the new site launched. The green zone is where Google considers speed “good.” 1 in 4 visitors has an even slower experience than what’s shown here.

Parameter	Lighthouse Audit	CrUX Field Data
Source	Google Lighthouse 13.0.1	Chrome User Experience Report (CrUX)
What it measures	Lab test — controlled, repeatable simulation	Field data — real Chrome users on real devices
Device	Emulated Moto G Power	Actual mobile phones (aggregated)
Network	Slow 4G throttling	Real network conditions
Browser	HeadlessChromium 146.0.7680.153	Chrome (all versions)
Test type	Initial page load, single page session	28-day rolling aggregation, 75th percentile
Date captured	March 31, 2026, 4:26 PM EDT	Rolling 28-day windows, weekly snapshots
Apples to apples	Both sites tested same day, same tool, same device emulation, same throttling. Only variable is the site.	Same URL, continuous measurement by Google. Shows trajectory over time.

LCP (Largest Contentful Paint)
How long until the main content is visible. Google says under 2.5 seconds. Directly affects search rankings.How long visitors wait to see the page. Google uses this to decide search rankings. They want it under 2.5 seconds.
TBT (Total Blocking Time)
How long the page is frozen and unresponsive to taps. Google says under 200ms. At 2,450ms, buttons don't work for the first 2.5 seconds.How long the page ignores your taps. At the current 2,450ms, a member tapping “Apply for a Loan” gets no response for 2.5 seconds.
FCP (First Contentful Paint)
How long until anything appears on screen. Google says under 1.8 seconds.How long the screen stays completely blank. Google wants this under 1.8 seconds.
CLS (Cumulative Layout Shift)
How much the page content jumps around during loading. Google says under 0.1.How much things shift and move around on screen while the page loads. Google wants this under 0.1.

Platform Comparison

Independent benchmarks comparing native WordPress (Gutenberg) and Elementor. Same content, same server, controlled conditions.Independent tests comparing two ways to build WordPress sites. Same content, same server, controlled conditions.

Page SizePage Weight

331 KB

Gutenberg

512 KB

Elementor

+55% heavier for the same content.55% more data to download for the same page.

HTTP RequestsFiles Loaded Per Page

Gutenberg

Elementor

+59% more network requests per page load.59% more files the browser has to fetch.

Mobile PageSpeed Score (higher is better)Google Speed Score (Mobile) (higher is better)

Gutenberg

Elementor

Same content. Same server. 10-run averages.Same content. Same server. Averaged over 10 tests.

Time to First ByteServer Response Time

79ms

Gutenberg

600ms

Elementor

7.6x slower server response.7.6x slower to start loading.

First PaintTime to First Sign of Life

499ms

Gutenberg

1,400ms

Elementor

2.8x longer before anything appears on screen.2.8x longer staring at a blank screen.

Front-End JavaScriptCode Loaded on Every Page

~0 KB

Gutenberg

300–600 KB

Elementor

Elementor’s JS framework loads globally, regardless of page content.Elementor loads this code on every single page, even pages that don’t need it.

Largest Contentful Paint (WP Rocket test)Page Load Time (Independent Test)

≤2.5s

Google “Good”

5.4s

Elementor (out of box)

Required aggressive caching + JS deferral + CSS optimization to reach baseline.Elementor needed heavy optimization work just to reach a speed that Gutenberg hits out of the box.

Sources: WP Bullet (controlled benchmark, 10-run averages) · WP Rocket (independent LCP test)

Gutenberg

Content stored as standard HTMLYour content is saved as normal web code

If deactivated → content still rendersTurn it off → your pages still work

Switch themes, switch agencies → content comes with youSwitch providers → your content moves with you

Elementor

Content stored as proprietary serialized dataYour content is saved in Elementor’s own format

If deactivated → pages are brokenTurn it off → your pages break

Migrating away → every page rebuilt from scratchSwitch providers → every page has to be rebuilt

Elementor is a legitimate product with valid use cases, including portfolio sites, small business pages, and rapid prototyping. But a multi-billion dollar financial institution with compliance requirements, uptime expectations, and hundreds of thousands of member interactions has outgrown it.

Security & Trust

HTTPS enforcement, security headers, mixed content, and trust signals. Each header's presence is binary — it's either set or it isn't.Security settings that protect your members’ data and your site from attacks. Each one is either turned on or it isn’t.

4 of 7 recommended security headers are not set. HTTPS is enforced and no mixed content was detected.

HTTPS enforced
HTTP requests redirect to HTTPS (301). All resources loaded securely.All traffic is encrypted. Visitors see the padlock icon.
Strict-Transport-Security (HSTS)Force-Encrypt Connection
Not set. Without HSTS, browsers can be tricked into downgrading to HTTP via man-in-the-middle attacks.Not set. Without this, attackers can intercept the connection between your members and your site.
Content-Security-PolicyBlock Malicious Code
Not set. CSP prevents cross-site scripting (XSS) and data injection attacks by controlling which resources the browser can load.Not set. This setting prevents attackers from injecting malicious code into your pages.
X-Frame-OptionsPrevent Fake Embedding
Not set. Without this header, the site can be embedded in iframes on malicious domains (clickjacking).Not set. Without this, scammers can display your site inside a fake page to trick members into clicking the wrong thing.
X-Content-Type-OptionsBlock Disguised Downloads
Not set. Prevents browsers from MIME-sniffing responses, reducing drive-by download attacks.Not set. This prevents browsers from being tricked into downloading harmful files.
Mixed content
No mixed content detected. All resources loaded over HTTPS.All good. Everything loads securely.
Cookie consent mechanism
Basic cookie banner detected. Does not appear to block cookies until consent is given (GDPR/CCPA).Cookie banner exists but may not actually block tracking until a visitor agrees. This is a compliance concern.
Privacy policy page
Present and linked from footer navigation.Present and linked from the footer.
JavaScript libraries with known CVEs
2 libraries detected with published vulnerabilities: jQuery 3.5.1, jQuery Migrate 3.3.0.2 outdated code libraries with known security issues are still being used on the site.

Questions about this data?

[email protected]