Content Security Policy as a tool for web performance governance

What is Content Security Policy?

Until the advent of Content Security Policy (CSP), it was extremely difficult to protect your website’s visitors from the injection of malicious code that could place unwanted links on your web pages, hijack complete sessions or even cause corruption of your website itself.

What makes matters worse is that in the absence of any reporting mechanism, it is very difficult to know when these types of attack are occurring.

To address these threats, in late 2015, the W3C issued Content Security Policy 1.0 as a first response and followed up with 2.0 in December 2016.

At the core of CSP is a simple concept: using standard headers, a website is able to instruct the browser what it is authorised to execute and what it must block. With these simple instructions, the issues outlined above are severely negated.
Continue reading

What’s so special about Performance Analyser?

If you want detailed, accurate insight into how your website’s performing, Performance Analyser, our real-browser testing and analysis tool, is an excellent way to get the answers you need. You can run single page tests or crawls in a number of real browsers, as well as schedule regular tests.

I’ve been working on Performance Analyser for some time now, and I thought I’d run through a few of the things that I think make it a bit special.
Continue reading