Could you be barring millions of shoppers from your website?

Most retailers wouldn’t open a store in a location so inaccessible that it could be reached only by people with top-of-the-range 4×4 vehicles.

But this is effectively what some retailers are doing to potential customers online.

The reason?

A lot of websites are a lot slower on certain mobile devices. What works on one smartphone could be all but unusable on another.

And we’re not just talking about 10-year old smartphones.

Even up-to-date devices – particularly lower-end Android devices – aren’t really able to cope with many of today’s ecommerce websites.
Continue reading

Content Security Policy as a tool for web performance governance

What is Content Security Policy?

Until the advent of Content Security Policy (CSP), it was extremely difficult to protect your website’s visitors from the injection of malicious code that could place unwanted links on your web pages, hijack complete sessions or even cause corruption of your website itself.

What makes matters worse is that in the absence of any reporting mechanism, it is very difficult to know when these types of attack are occurring.

To address these threats, in late 2015, the W3C issued Content Security Policy 1.0 as a first response and followed up with 2.0 in December 2016.

At the core of CSP is a simple concept: using standard headers, a website is able to instruct the browser what it is authorised to execute and what it must block. With these simple instructions, the issues outlined above are severely negated.
Continue reading