Your 301 and your SSL certificate do not match either. Your certificate does not contain www while your 301 redirects to
www.
Code:
# Redirect HTTP with www to HTTPS without wwwRewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
# Redirect HTTP without www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect HTTPS with www to HTTPS without www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
Would be the correct .htaccess 301 code for your site and the certificate to match.
BUT, that has little to do with the 2.4 seconds to interactive and intial server response of 10.2 seconds.
As lat9 mentioned, the DOM is greatly effected by the 33k+ instances that the site it trying to deal with.
Your canonical includes www when it should not and many links are hardcoded to www with some not. Removing any mention of www in the configs and fixing the .htaccess 301 whould help with that.
No matter how long the site sits idle to the casual observer, it is constantly looking for the missing portercablelogo.gif from the images/manufacturers folder. Maybe the result of something added to the bootstrap template.
The slideshow is creating a 3M payload for the server with some 75 requests needing to be fulfilled before becoming interactive.
design-top.js in the jscript folder of marcus is not working correctly.
You have some high level vulnerabilities with jQueries and the version of bootstrap.
Your slideshow has to modify the image sizes (964 x 325) before displaying them at 1494 x 509.
It would be interesting to see what the load time would be if you switched to responsive_classic. Especially if you could view the Lighthouse results for both in Chrome. Your current score is 68, 83, 73, 83 where a new install of 1.5.7c with no demo products or mods is 99, 100, 100, 100.
BTW The SSL certificate matching the URL to a site is becoming more and more important with browsers deciding to declare sites secure or insecure. Browsers are looking not only at the main certificate but also what your site is supporting. After fixing the match between the configs and the 301, test the site at
https://ssllabs.com/ssltest to see if you still have a server error when testing for DROWN. Could be a bad sign if you continue to get 500 errors after the fix.
In looking at the site, I am reminded of my youth and the attempts to see who could get the most teens in a VW Beetle. The winners got a Guinness record but, they couldn't drive to the pizza parlor to celebrate. I think the desire to "stuff" has done the same to your site.
Bookmarks