A Quest for Speed and Security

April 9, 2017

Over the past few months I have been spending a little time here and there to improve the security and speed of this site. This site is one of the easier to do this with as it serves simple, static content to people who are probably running modern browsers but many of the techniques and tools are broadly useful.

Speed

I agree with others that the web has become too big and bloated. The ever increasing role of JavaScript in modern websites and the creepy use of more and more tracking techniques to undermine user privacy has led to pages which are multiple megabytes in size. These sites often only contain a few kilobytes of pure information. The problem only gets worse each year as connection speeds increase to mask the damage.

Web Bloat Score

My favourite way to see the ridiculousness of our current situation is to use the Web Bloat Score Calculator which calculates the visual efficiency of your page. It does this by comparing the time number of requests it takes to fetch your site with a single static image of your your website. Try it with your own site or some other popular websites to get an impression of just how bloated some pages are.

Shrinking your Site

There is no one size fits all fix for this. However, Google PageSpeed Tools can give you a list of easily applied fixes. I’d also recommend cutting down on your tracking scripts and external fonts. The best way to make a site fast to load is to reduce the amount of site that you need to download.

Security

Security and privacy are important to me (as my day job would suggest). It was therefore important to me that my site was following all of the current best security practices.

Mozilla Observatory

I use Mozilla Observatory extensively to check that websites adhere to modern security and privacy standards. It’s great because it’s easy to use and gives you easy to follow guidelines on how to fix any issues it finds. I regularly scan my sites with this to make sure that they pass any new guidelines.

Let’s Encrypt

A considerable number of the metrics that Observatory analyses are to do with the TLS parameters for your site. I use Let’s Encrypt with Certbot to get the TLS certificates for all of my websites. I think that Let’s Encrypt is fantastic. It’s great that getting TLS certificates is now within reach for nearly everyone. There is now no excuse not to have TLS on your sites.

Future

I’m still not done with the improvements and there is always more work to do in order to reach perfection.

CSS

The CSS for this site is just OK. It could definitely better.

I want to find a good way to find unused CSS rules across my site. I’m hoping that this will be made easier by the fact that this site has no JavaScript. Some page speed tooling complains that having blocking CSS or CSS loaded from a different file to the HTML of the page is a problem. I’m not a fan of requiring JavaScript to load CSS asynchronously or from shoving content and style together. I’m hoping that I can make do just by making sure that the CSS rules are as compact as possible.

Mobile Reading

Relatedly, the viewing experience for this site on small screens is poor at the moment. I’d like to make that better without including a whole new site design.