About one year ago, we were announcing an update of the quality checkpoints of our website analysis service. This update was including a new best practice related to hypertext links opening in a new window or tab by using target="_blank"
attribute.
Joining Google Chrome, the latest Firefox version now supports the rel="noopener"
attribute, which was one of our advised solutions. The right time for us to have a look back on this recommendation we have brought not only for better security but also for web performance. Continue reading Performance and security of target=_blank links with rel=noopener
Category Archives: Web best Practices
Web Performance & Security: how to master Third Party Content impacts
Third-party content are parasites. Friendly ones, with – most of the time – good intentions. But parasites anyway. Let’s discover some useful tips and techniques to deal with Third Party Content and their impacts regarding your website performance and security.
Continue reading Web Performance & Security: how to master Third Party Content impacts
Website Speed: test it like your users browse it
Your website seems fast enough to you? Are sure that your visitors share the same opinion? Through that question, we intend to talk about the huge differences of web connections among your users… and about the effects about how they will experience your website performance. Continue reading Website Speed: test it like your users browse it
On the way to HTTP/2: what to expect for front-end development?
We have announced it a couple months ago: our web performance testing tool now fully supports HTTP/2 and our best practices repository has been updated to handle the particularities of this new protocol. Now, let’s go back to the reasons of HTTP/2 emergence and talk about the major changes this protocol brings, and these old HTTP/1 best practices that we will have to give up! Continue reading On the way to HTTP/2: what to expect for front-end development?
Why you should avoid using document.write, specifically for scripts injection
Web performance testing tools such as Google Page Speed or Dareboost have been advising this for a while: injecting a script with document.write
has a significant impact on website loading time. Let’s talk about this topic one more time, as the next Chrome update (version 54) won’t allow such scripts injections any longer. What kind of issues may you experience? What are the alternatives?
Continue reading Why you should avoid using document.write, specifically for scripts injection
How to implement Content Security Policy?
Now that we have seen how CSP can be useful in preventing injections of content within your web pages, let’s have a look on some technical elements about CSP implementation, and a few ideas about the methodology to adopt. Continue reading How to implement Content Security Policy?
Content Security Policy to secure your website (and more)
Thanks to Content Security Policy, you can protect your website from numerous vulnerabilities concerning content injection. Let’s see why and how to use that simple but powerful HTTP header, now widely supported by web browsers.
Continue reading Content Security Policy to secure your website (and more)
SPOF: what if your website gets down because of third-party content?
You may have already heard about Single Points Of Failure (SPOF), generally dealing with network matters. Did you know that SPOF is also an issue at front-end dev stage? Could you imagine your website to be reliant on Twitter or Facebook’s servers?
Continue reading SPOF: what if your website gets down because of third-party content?
HTTPs is a requirement for your website
About a year ago, I have published an article about HTTPs usage growth: Chrome, Firefox and Google Search: HTTPS forcing its way. In this article I detailed some major announcements, that would probably result in pushing HTTPs forward.
Ever since, requests using HTTPs reach 25% according to HttpArchive data (compared to 15% in April 2015).
In this post, we’re going to focus on today’s results of the previous announcements, on the last changes, and especially on why you should consider HTTPs as a requirement for your website (not only for security or SEO considerations!)
Content Performance Policy: an alternative to Google AMP?
It’s not usual on this blog, but today I’m going to write about a proposal that might become real, but that is still at its very early stage.
It is now more than a year since we added a recommendation about Content Security Policy with our website analysis on dareboost.com. It’s a great feature to add more security to your website, particularly to prevent your visitors from the effects of an XSS attack.
The idea behind CSP is to allow website owners to offer a security policy that will next be applied by the web browser. For instance, it allows to whitelist explicitly some JavaScript files, or to ensure the use of HTTPs to request each resource within the page.
Tim Kaldec and Yoav Weiss borrowed the CSP general concept to apply it to web performance topic, proposing a new HTTP header (Content Performance Policy), allowing to declare precisely the compliance level of a given page with some web performance best practices. Then, the user agent would be responsible to ensure the effectiveness of the announced best practices. Continue reading Content Performance Policy: an alternative to Google AMP?
Why You Should Use a Performance Budget
I’d like to suggest a fundamental concept that will allow you to implement a true performance culture for your web projects: the performance budget.
It’s a kind of budget that isn’t expressed in dollars, but in seconds, megabytes or even the number of files served!
Continue reading Why You Should Use a Performance Budget
How to use web fonts efficiently?
The web fonts allow you to customize your web pages. However, they can lead to some user experience troubles due to performance stakes. We are going to detail the challenges of their use in this post.
Securing an iframe thanks to the sandbox attribute
Over time, we have gotten used to integrate more and more content on our web pages. Sometimes these content come from third parties (social networks widgets, advertising, etc). It implies two consequences: the webpages size continues to rise, and we display to the users some content that we can’t fully control.
Some of these external content are integrated via the <iframe> tag, and you should pay special attention to these elements for your website’s security. To limit the risks, the W3C added the sandbox attribute in the HTML5 specifications, allowing to restrict the actions available from an iframe (supported by major recent browsers).
Continue reading Securing an iframe thanks to the sandbox attribute
Hosting: a first step towards performance
The hosting is one of the key elements to a successful website. It is not only a parameter that can highly affect your website’s loading time (meaning your business success), but a host is also a partner upon who you should be able to rely on in time of crisis. Continue reading Hosting: a first step towards performance
Measure a web page speed: Start Render, Visually Complete and Speed Index
Some days ago, we mentionned on this blog the various measures which the Performance Timing API provides access.
Today, I offer to you to discover other data required to assess the web performance, more focused on the user’s feeling than on the technical side. Continue reading Measure a web page speed: Start Render, Visually Complete and Speed Index
Measure a web page speed with Performance Timings
A few weeks ago, we learned that the support of the Navigation Timing API by Safari was back. This API, available in JavaScript and now on the main web browsers, implements a W3C recommendation. It gives you access to metrics that are essential to understand the many important milestones in your page loading, including performance times.
Continue reading Measure a web page speed with Performance Timings
Chrome, Firefox and Google Search: HTTPS forcing its way
As a reminder, the HTTPS (HTTP Secure) is, as its name indicates, the secure version of the HTTP protocol. The HTTPS aims at assuring confidentiality and security of exchanges: the communication being encoded, the protocol protects from eavesdropping, but also from data alteration.
For several years, its use has been more and more present (April 2015, 7 times more requests than in 2011 are made by HTTPS). Though by the end of the year, we should observe a massive intensification of this trend.
Continue reading Chrome, Firefox and Google Search: HTTPS forcing its way
Single Page Apps: bulimia risk (AngularJS)
The initial loading of big apps comes at a price
The Single Page Application concept, that AngularJS is a classical way to use for, comes fast to a major issue. Indeed, as soon as we are working on a consequent application, the amount of Javascript (and eventually of CSS) required by the application on first loading can become a pain.
Vulnerability on more than 11% of secure websites
More than 11% of the websites using the secure version of HTTP (HTTPs) appear to have a vulnerability.
Continue reading Vulnerability on more than 11% of secure websites
CSS minification
One web optimization that you can easily set-up, lies in your CSS files. Indeed, in most of the cases it is possible to reduce the weight of your website by minifying your “Cascading Style Sheets”.
This article aims at presenting you the principles of minification, and gives an overview of some popular tools to set this technique up on your website.
Useful tips to start with WordPress
Nowadays, one of the first steps when you create a website is to adopt a CMS. It allows to save time, so you can deploy a website quickly. According to wappalyzer, more than 60% of the websites using a CMS are powered by WordPress (source: https://www.wappalyzer.com/categories/cms). We ourselves have decided to use WordPress for its simplicity (exceptionally, web performance was not our major criterion!)
How to improve jQuery performance
You have probably ever heard of best practices to improve your website’s quality and performance (configure a cache policy, enable gzip compression…).
However, web performance doesn’t stop to follow general best practices: each technology has its own specific recommendations. Some mistakes are quite trivial, but some others can be painful for your website. The addition of several minor errors can really slow down your final product. That’s why you should always think about performance upstream and during the development step.
Optimize your website: what should you challenge?
In this blog, the “Best Practices” category will contain discussions about tips and rules for a faster and better website. But first, what does website optimization mean? That’s a very huge topic. Here are some key figures on the websites performance optimization:
A load time increased of 400 milliseconds resulted in a loss of 9% of Yahoo’s traffic.
source: http://fr.slideshare.net/stoyan/yslow-20-presentation
Continue reading Optimize your website: what should you challenge?