CMS Page Speed Benchmark: EmDash vs Popular Platforms

CMS Page Speed Benchmark: EmDash vs Popular Platforms

Worth being upfront about what this actually is: WordPress, Webflow, Wix, and Squarespace have real, independently published Core Web Vitals benchmark data from third-party research. EmDash — newer, and not yet the subject of an independent large-sample study — doesn't. Rather than inventing a specific number for EmDash to complete a tidy comparison table, this compares the documented data for the established platforms against EmDash's actual architecture, honestly labeled as architectural reasoning, not a lab result.

Table of Contents
  1. The Real, Published Numbers
  2. Where EmDash Fits Architecturally
  3. An Honest Comparison Table
  4. What Actually Determines EmDash's Real-World Numbers
  5. How to Actually Get Real Numbers for Your Own Site
  6. Frequently Asked Questions
  7. Why doesn't EmDash have published benchmark data yet?
  8. Is it fair to compare an SSR platform like EmDash against a fully static one like Webflow at all?
  9. Should I trust a CMS vendor's own performance claims?
  10. What's the single biggest lever for EmDash's real-world speed?
  11. The Bottom Line
  12. Sources

The Real, Published Numbers

Webflow sites average 2.3 times faster LCP scores than WordPress, due to not having a server-side rendering step for each request — Webflow sites are essentially static HTML served from CDN. Without a CDN, a standard WordPress site on shared hosting will have TTFB of 500-2000ms, while Webflow consistently achieves 250-400ms. Wix and Squarespace ship the highest Core Web Vitals pass rates on mobile because they aggressively control theme, image delivery, and hosting.

That's genuine, sourced benchmark data, and it tells a clear story: platforms that skip per-request server rendering (Webflow's static-HTML-from-CDN model, and to a large extent Wix/Squarespace's tightly controlled hosting) post meaningfully better default numbers than a platform that renders fresh on every request across wildly inconsistent hosting tiers, like WordPress does at the low end.

Where EmDash Fits Architecturally

EmDash's rendering model shares the same core property that gives Webflow its advantage — it doesn't ship a heavy client-side framework by default. It's built on Astro's islands architecture, which hydrates only the specific interactive components a page actually needs rather than shipping a full JavaScript bundle for a mostly-static page. That's a real, mechanistic reason to expect a low JavaScript payload and a correspondingly strong INP baseline — not a benchmark claim, a description of what the architecture does.

Where EmDash differs from Webflow's model specifically: EmDash runs server-side rendering (SSR) by design, so content updates appear instantly without a rebuild — the direct trade-off against Webflow's fully static, pre-built-and-cached approach. That means EmDash's LCP and TTFB numbers will depend more on your hosting choice (a well-configured Cloudflare Workers/D1 deployment versus a cheap shared Node.js host) than Webflow's more uniform, CDN-first delivery model does.

Read also:

An Honest Comparison Table

  • WordPress (unoptimized, shared hosting) — TTFB 500-2000ms; documented, real, low floor.
  • WordPress (well-optimized, managed hosting + CDN) — competitive with static-first platforms; documented, real, high ceiling.
  • Webflow — TTFB 250-400ms typical, no per-request server rendering; documented, real.
  • Wix / Squarespace — highest mobile CWV pass rates from tightly controlled hosting and image delivery; documented, real.
  • EmDash — minimal-JS islands architecture (mechanistic advantage for INP); SSR by design (LCP/TTFB depends on your hosting choice); no independent third-party benchmark published as of this writing.

What Actually Determines EmDash's Real-World Numbers

  • Hosting choice — Cloudflare Workers with D1 (edge-distributed) versus a single-region Node.js VPS will produce meaningfully different TTFB, the same way any SSR platform's numbers vary by hosting.
  • Database round-trip time — since EmDash queries a real database per request rather than serving pre-built static files, database latency is part of your TTFB in a way it isn't for Webflow's static model.
  • Image handling — whether you're using EmDash's responsive image generation (via Astro's image service) consistently across your templates.
  • How much interactive JS you add — Astro's islands model keeps the baseline low, but adding heavy React/Vue components still adds real weight; the architecture sets a low floor, not a hard ceiling you can't exceed with your own choices.

How to Actually Get Real Numbers for Your Own Site

  • Run PageSpeed Insights (or the CrUX API directly) against your live EmDash deployment once it has real traffic — lab data alone won't capture your actual visitor conditions.
  • Compare your own site's LCP/INP/CLS against the documented thresholds (LCP under 2.5s, INP under 200ms, CLS under 0.1) rather than against an unverified platform-wide claim.
  • If evaluating EmDash against a specific alternative for a specific project, build a comparable minimal page on both and measure directly — the only benchmark that actually predicts your outcome is one built on your real content and hosting choice.

Frequently Asked Questions

Why doesn't EmDash have published benchmark data yet?

It's a newer platform than WordPress, Webflow, Wix, or Squarespace, none of which had independent third-party studies in their first years either — this kind of large-sample, real-user benchmark research typically follows meaningful market adoption, not the other way around.

Is it fair to compare an SSR platform like EmDash against a fully static one like Webflow at all?

It's a genuine trade-off worth naming directly rather than avoiding: Webflow's static model has a performance advantage by default; EmDash's SSR model trades some of that default advantage for instant content updates with no rebuild step. Neither is strictly better — it depends whether your priority is the lowest possible default latency or live content without a build pipeline.

Should I trust a CMS vendor's own performance claims?

Be skeptical of any platform's self-reported benchmark, EmDash included in any future claims it might make — prioritize independently published, sourced data (the kind cited in this piece for Webflow, WordPress, Wix, and Squarespace) or your own direct measurement over vendor marketing.

What's the single biggest lever for EmDash's real-world speed?

Hosting choice, specifically whether you deploy to Cloudflare Workers with D1 (edge-distributed, low regional latency) versus a single-region traditional host — that decision affects TTFB more than almost anything else in the stack, the same way it does for any SSR-based platform.

The Bottom Line

WordPress, Webflow, Wix, and Squarespace have real, sourced Core Web Vitals data worth comparing directly — EmDash doesn't yet, and claiming otherwise would just be marketing dressed as a benchmark. What EmDash does have is a real architectural reason (Astro's islands model) to expect a strong JavaScript-driven INP baseline, with LCP and TTFB depending more on your own hosting and database choices than a static-first platform's numbers do. See our broader explainer on Core Web Vitals and CMS architecture for the mechanisms behind all of this.

Sources

Share

Comments

Write a comment

Related Articles

Login Works in Production but Fails on localhost: The secure Cookie Flag Gotcha

July 16, 2026

Login Works in Production but Fails on localhost: The secure Cookie Flag Gotcha

Google Analytics (GA4) Not Tracking Anything and No Console Errors: Check Your CSP First

July 16, 2026

Google Analytics (GA4) Not Tracking Anything and No Console Errors: Check Your CSP First

Native Module Build Fails on Shared Hosting (node-gyp, Old glibc/Python): The .npmrc Fix

July 16, 2026

Native Module Build Fails on Shared Hosting (node-gyp, Old glibc/Python): The .npmrc Fix

Login Works in Production but Fails on localhost: The secure Cookie Flag Gotcha

Login Works in Production but Fails on localhost: The secure Cookie Flag Gotcha

TL;DR — A custom session-cookie login flow appeared to succeed on localhost (the OTP verified, the response looked fine) but every subsequent request to a login-gated page treated the visitor as logged out. Identical code worked fine on the live HTTPS site. The cookie's Secure attribute was hardcoded to true — and per the cookie spec, browsers never store or send a Secure cookie over a plain, non-HTTPS connection.

Table of Contents
  1. Diagnostic
  2. Root cause
  3. Fix
  4. Lessons learned

Diagnostic

Check the actual Set-Cookie response header and the browser's own cookie storage panel — on localhost over http://, the cookie is sent by the server but never actually stored by the browser.

Root cause

// before -- assumes the app is always served over HTTPS
setCookie("session", token, { secure: true, httpOnly: true });
emdashkits.com

A cookie config that quietly assumes "we're always on HTTPS" breaks the instant you test over plain HTTP, which local dev servers commonly are.

Read also:

Fix

// after -- derive secure from the actual request protocol
const isHttps = request.url.startsWith("https://");
setCookie("session", token, { secure: isHttps, httpOnly: true });
emdashkits.com

Lessons learned

  • Any Secure-flagged cookie needs to key off the real request scheme, not an assumption baked in once at cookie-creation time.
  • "Works in production, silently fails in local dev" is a strong signal to check cookie flags before anything else in an auth flow.
  • Check other cookies in the same codebase for the same hardcoded assumption — if one cookie has this bug, sibling cookies set the same way are worth auditing too.
Share
Previous Article

Google Analytics (GA4) Not Tracking Anything and No Console Errors: Check Your CSP First

Comments

Write a comment

Related Articles

Google Analytics (GA4) Not Tracking Anything and No Console Errors: Check Your CSP First

July 16, 2026

Google Analytics (GA4) Not Tracking Anything and No Console Errors: Check Your CSP First

Native Module Build Fails on Shared Hosting (node-gyp, Old glibc/Python): The .npmrc Fix

July 16, 2026

Native Module Build Fails on Shared Hosting (node-gyp, Old glibc/Python): The .npmrc Fix

Uploaded Images Disappear After Every Deploy on Shared Hosting (and Other Reverse-Proxy Gotchas)

July 16, 2026

Uploaded Images Disappear After Every Deploy on Shared Hosting (and Other Reverse-Proxy Gotchas)

Google Analytics (GA4) Not Tracking Anything and No Console Errors: Check Your CSP First

Google Analytics (GA4) Not Tracking Anything and No Console Errors: Check Your CSP First

TL;DR — GA4's gtag.js snippet was installed correctly, the page loaded with no visible JavaScript error, and GA4's real-time report still showed zero activity. The CMS's default Content-Security-Policy had no allowance for analytics domains and no config option to add one — so every request to Google's tracking endpoints was blocked at the browser level before it could fail loudly.

Table of Contents
  1. Diagnostic
  2. Root cause
  3. Lessons learned

Diagnostic

Check the browser's dedicated CSP violation reporting, not the regular console error list — CSP blocks are reported through their own channel, not thrown as normal script errors, so "no console errors" doesn't mean nothing was blocked.

Root cause

The CSP's script-src and connect-src directives had no entry for googletagmanager.com or google-analytics.com, and the CMS exposed no configuration surface to add one — the only way in was patching the CSP directives directly.

// patch-package: add analytics domains to the existing CSP directives
scriptSrc.push("https://www.googletagmanager.com");
connectSrc.push("https://www.google-analytics.com", "https://www.googletagmanager.com");
emdashkits.com
Read also:

Lessons learned

  • "No console errors" is not proof nothing was blocked — CSP violations live in their own reporting surface and are easy to miss if you're only scanning for red error text.
  • Before adding any third-party script tag to a site with a CSP already in place, check the CSP's directives first rather than assuming a silently-empty analytics dashboard means a snippet-installation mistake.
Share
Previous Article

Native Module Build Fails on Shared Hosting (node-gyp, Old glibc/Python): The .npmrc Fix

Next Article

Login Works in Production but Fails on localhost: The secure Cookie Flag Gotcha

Comments

Write a comment

Related Articles

Login Works in Production but Fails on localhost: The secure Cookie Flag Gotcha

July 16, 2026

Login Works in Production but Fails on localhost: The secure Cookie Flag Gotcha

Native Module Build Fails on Shared Hosting (node-gyp, Old glibc/Python): The .npmrc Fix

July 16, 2026

Native Module Build Fails on Shared Hosting (node-gyp, Old glibc/Python): The .npmrc Fix

Uploaded Images Disappear After Every Deploy on Shared Hosting (and Other Reverse-Proxy Gotchas)

July 16, 2026

Uploaded Images Disappear After Every Deploy on Shared Hosting (and Other Reverse-Proxy Gotchas)