Website Optimization Measures, Part IX
Published on November 14, 2019 (↻ February 5, 2024), filed under Development (RSS feed for all categories).
Welcome to another post in a long-standing series of random acts of website optimization, acts that are inspired by the work I’m performing on my own sites. Given the various activities needed to operate websites I often forget documenting improvements for this series, however this is what stood out over the last few months.
-
Improving server-side compression and caching. I’ve just cussed that I didn’t take notes about the exact optimizations. As far as I recall it was mostly about adding to what’s going to be compressed, and what’s going to be cached for how long, likely resulting in the following lines for my Apache setups:
AddOutputFilterByType DEFLATE application/javascript application/pdf font/eot font/otf font/ttf image/svg+xml image/vnd.microsoft.icon image/x-icon text/css text/html text/javascript text/plain # … ExpiresActive On ExpiresByType application/javascript A129600 ExpiresByType font/eot A604800 ExpiresByType font/otf A604800 ExpiresByType font/ttf A604800 ExpiresByType font/woff A604800 ExpiresByType font/woff2 A604800 ExpiresByType image/gif A604800 ExpiresByType image/jpeg A604800 ExpiresByType image/png A604800 ExpiresByType image/svg+xml A604800 ExpiresByType image/vnd.microsoft.icon A604800 ExpiresByType image/x-icon A604800 ExpiresByType text/css A129600 ExpiresByType text/html A10 ExpiresByType text/javascript A129600The very short story for the relatively short caching periods: For smaller projects I’m still passionately skeptical about “versioning.”
-
Setting up content security policies (CSPs). The most advanced project to do this for was certainly this very site, leading to the following .htaccess line:
Header always set Content-Security-Policy "default-src 'self'; img-src 'self' *.amazon.com *.buysellads.net *.creativecommons.org *.doubleclick.net *.eyeem.com *.met.vgwort.de *.tumblr.com *.w3.org; script-src 'self' cdn.carbonads.com srv.carbonads.net; style-src 'self' 'unsafe-inline' *.w3.org" -
Managing security-related incidents. With the setup of CSPs I had also set up Sentry, at least intermittently as the privacy policy explains. Working with Sentry helped me both sculpt the policies and fix issues.
-
Removing Web Sign-In markup. I like the ideas for and people behind the IndieWeb but playing with some of the markup, I found it didn’t add enough value. I removed it.
-
Updating http links to https. I connected routine link checks with this little performance (skipping a http–https redirect) and security improvement (ensuring a more secure connection in absence of HSTS and redirects). This one has greatly benefited the users of UITest.com.
-
Replacing
&entity references. Escaping&is rarely necessary anymore, and I replaced most&with&. Upgrade Your HTML has a short chapter about the topic. -
Implementing feature policies. I played with feature policies and found I could just block some more invasive features for my websites, features I wouldn’t want to make use of anyway:
Header always set Feature-Policy "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'"Do you have a nicer standard setup?
-
Converting GIFs to PNGs. You get better compression results with PNGs than with GIFs and for some reason I still had a few GIFs hanging around in live projects. I converted and compressed that remainder in a swift manual operation using Preview/GIMP and ImageOptim.
-
Dropping ISBNs from paths (and obeying proper ISBN formatting). 14 years ago I had this idea that I should include (alas falsely formatted) ISBNs in the paths of my German book pages. That tradition held until a few weeks ago, when I learned about the correct formatting for ISBNs but decided that book names were far better (SEO, independence of identifiers) for the respective pages’ URL slugs than these numbers.
This is a part of an open article series. Check out some of the other posts!
About Me
I’m Jens (long: Jens Oliver Meiert), and I’m a web developer, manager, and author. I’ve worked as a technical lead and engineering manager for small and large enterprises, I’m an occasional contributor to web standards (like HTML, CSS, WCAG), and I write and review books for O’Reilly and Frontend Dogma.
I love trying things, not only in web development and engineering management, but also in other areas like philosophy. Here on meiert.com I share some of my experiences and views. (I value you being critical, interpreting charitably, and giving feedback.)
Read More
Maybe of interest to you, too:
- Next: CSS: When to Use Logical Properties
- Previous: Upgrade Your HTML (the Booklet)
- More under Development
- More from 2019
- Most popular posts
Looking for a way to comment? Comments have been disabled, unfortunately.
Get a good look at web development? Try WebGlossary.info—and The Web Development Glossary 3K. With explanations and definitions for thousands of terms of web development, web design, and related fields, building on Wikipedia as well as MDN Web Docs. Available at Apple Books, Kobo, Google Play Books, and Leanpub.