In the spirit of learning and transparency, we decided to explore the public PageSpeed Insights data and Security Headers audit for Canva.com — one of the world's most popular design platforms. This analysis is based purely on public technical reports available freely online.
Mobile Performance Overview
According to the PageSpeed Insights report on April 28, 2025, here’s what we found for Canva's mobile visitors:
Core Web Vitals Assessment: Failed
Largest Contentful Paint (LCP): 7.9 seconds
Interaction to Next Paint (INP): 875 ms
Cumulative Layout Shift (CLS): 0.41
First Contentful Paint (FCP): 4.8 seconds
Time to First Byte (TTFB): 1 second
Performance Score: 45/100
Accessibility Score: 96/100
Best Practices Score: 79/100
SEO Score: 100/100
Desktop Performance Overview
For desktop users, Canva.com performed better, but there are still areas for optimization:
Core Web Vitals Assessment: Failed (mainly due to LCP)
Largest Contentful Paint (LCP): 5.2 seconds
Interaction to Next Paint (INP): 433 ms
Cumulative Layout Shift (CLS): 0.33
Performance Score: 75/100
Accessibility Score: 96/100
Best Practices Score: 96/100
SEO Score: 100/100
Security Headers Analysis
Beyond speed and SEO, strong web security practices are essential for protecting users and building long-term trust. We reviewed the security headers of several major platforms using public tools. Here's how they compared:
| Website | Security Grade | Issues Found |
|---|---|---|
| Microsoft.com | C | Missing Referrer-Policy, Permissions-Policy |
| Adobe.com | D | Missing CSP, X-Frame-Options, Referrer-Policy |
| Zoho.com | D | Missing CSP, Permissions-Policy |
| Visme.co | B | Missing Content-Security-Policy, Permissions-Policy |
| Picsart.com | F | Missing almost all security headers |
| Canva.com | A | Missing Permissions-Policy |
| FreeDocumentMaker.com | A+ | Full modern Security Headers implemented |
Key Lessons Learned
Even the world's largest tech companies are constantly improving their speed, SEO, and security. Mobile performance remains challenging, while desktop experiences are generally smoother. Security headers, often overlooked, are critical to protecting users and ensuring trust with browsers and search engines.
Our journey with Free Document Maker shows that even small, passionate teams can achieve — and sometimes exceed — global technical standards with focus, transparency, and dedication.
Final Disclaimer
This blog post is based purely on publicly available performance and security scans using tools like Google PageSpeed Insights and SecurityHeaders.com. We deeply respect the incredible work of Canva, Microsoft, Adobe, Zoho, and others. Our goal is to promote best practices and encourage continuous web improvement for everyone.
Comments
100%true