Imagine you’re using real user monitoring to understand your website’s performance over time.
You’re looking at the performance trends report, which shows actual load times compared to expected ranges. Times that fall outside those ranges are highlighted automatically. This makes it easy to spot anomalies.
Most retailers wouldn’t open a store in a location so inaccessible that it could be reached only by people with top-of-the-range 4×4 vehicles.
But this is effectively what some retailers are doing to potential customers online.
A lot of websites are a lot slower on certain mobile devices. What works on one smartphone could be all but unusable on another.
And we’re not just talking about 10-year old smartphones.
Even up-to-date devices – particularly lower-end Android devices – aren’t really able to cope with many of today’s ecommerce websites.
What is Content Security Policy?
Until the advent of Content Security Policy (CSP), it was extremely difficult to protect your website’s visitors from the injection of malicious code that could place unwanted links on your web pages, hijack complete sessions or even cause corruption of your website itself.
What makes matters worse is that in the absence of any reporting mechanism, it is very difficult to know when these types of attack are occurring.
To address these threats, in late 2015, the W3C issued Content Security Policy 1.0 as a first response and followed up with 2.0 in December 2016.
At the core of CSP is a simple concept: using standard headers, a website is able to instruct the browser what it is authorised to execute and what it must block. With these simple instructions, the issues outlined above are severely negated.