UPDATE: Best practices described in this article are now automated on dareboost.com!
Mark your calendars! We’ll add new checkpoints on dareboost.com during the second half of August.
Many of you have asked us to communicate in advance on this kind of updates, so you can correct your web projects before any score decrease on our tool
Let’s discover together these new checkpoints that will soon be automated on dareboost.com.
The page’s weight: still one of our main concerns
The most impacting checkpoints are relative to the efficient use of fonts.
We already have checkpoints dedicated to Google Fonts usage, but the new best practices concern general usage of custom fonts.
We recently wrote an article about the use of fonts on the web to help you understanding these issues. With this update, we ensure that your pages use the most efficient font formats, checking the files downloaded by the browsers, but also by inspecting your CSS!
We also check whether the resources in error (404, 500, etc.) or redirects (3XX) of your pages are of a reasonable weight (less than 10kB for errors and less than 1kB for redirects). Indeed, the body of these responses do not bring anything to your visitors, and need to be as light as it can be.
In the same matter, your favicon also need to be the lightest possible. We added a checkpoint in order to ensure that it don’t weigh more than 10kB.
Security and interoperability are not forgotten
Over the last few weeks you may have noticed that Flash has been in a bad shape, since Firefox decided to block all versions of the Flash player due to security issues. So, many people want to anticipate its end of life:
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
— Alex Stamos (@alexstamos) 12 Juillet 2015
Alex Stamos, Chief Security Officer at Facebook
HTML5 and JavaScript offer countless features today. In contrast, the use of third party plugins raises significant compatibility issues and is regularly subjected to security issues. Moreover, risk of sending negative signals to your users is real (eg the browser indicating that content was blocked because that can be dangerous).
In this context we decided to penalize pages using Flash, Java applets or requiring the Silverlight plugin.
A new tip also expand our “Security” category: the use of the sandbox attribute on iframes. It allows to restrict the capabilities of an iframe content: blocking form submission, avoiding to run scripts, or… avoiding the use of plugins such as Flash! So you’ll have a better control over the external content integrated into your site. We dedicated an article about this tip, to help you to configure the sandbox attribute on your iframes.
Finally, we detect duplicate identifiers (id attributes), that may cause undesirable behavior, especially during the DOM manipulation via JavaScript.
In the end, it’s about a dozen new checkpoints that emerge during this month, and that guarantee a better quality for your web projects!
Have a question about one of these tips? Have an idea to suggest? As always, do not hesitate, we will be glad to answer!