Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Performance Cheat Sheet

0
0

This is an overview of all of the performance related topics I've covered and things that you should look at it if you want to make your site go faster.

PageSpeed

PageSpeed is an open-source webserver module that is designed specifically to improve the performance of your site without having to make any changes to your content or workflow. By implementing a whole host of best practises, I saw a notable improvement in page load time by simply running the default config.

Article: PageSpeed - Performance optimisation made easy

Brotli Compression

Brotli is a new type of compression that can compress better than gzip in a lot of circumstances. You can also support static compression to reduce the burden of compressing assets on the fly. Smaller payloads mean faster transfers!

Article:Brotli Compression

HTTP/2

The new version of the HTTP protocol allows us to remove a lot of the old performance 'hacks' we used in the past to go faster. We can now get considerably better performance without all of the overhead by upgrading to support HTTP/2.

Article:HTTP/2 is here!

Caching

My blog is running Ghost as my blogging platform and as fast as Node is, it was dynamically generating every page when a visitor requested it. This is a bit of a waste of resources and was an unnecessary overhead. I setup caching in Nginx to serve my pages faster.

Article: Caching Ghost with Nginx

HSTS

When serving over HTTPS, most sites will use a 301 to redirect HTTP to HTTPS. This adds a redirect on the initial page load which can be avoided using HTTP Strict Transport Security. This increases the speed of the initial page load and has some nice security benefits too. You should also check outpreloading and mycheat sheet.

Article: HSTS - The missing link in Transport Layer Security

ECDSA

The majority of sites on the web use RSA keys because they've been around the longest and are the current default. ECDSA keys offer much faster performance and most clients can support them. I did sometesting on ECDSA certificates and you can support both at the same time for the best of backwards compatibility and performance.

Article: Hybrid RSA and ECDSA certificates with NginX

OCSP Stapling

The Online Certificate Status Protocol is used to check the revocation status of a certificate. The browser makes a request to the CA to check the status of the certificate, an OCSP request, and the CA responds with an OCSP response saying the certificate is valid or revoked. This puts a burden on the client to do a DNS lookup for the CA and then the overhead of the OCSP request and also leaks the site that the client is visiting to the CA, which is a huge privacy issue. To solve this problem, OCSP Stapling was created. When OCSP Stapling is setup, the server will do the OCSP request and then cache the OCSP response on the server. It will then 'staple' this to the certificate and send it to the client, removing the performance burden and privacy issues.

Article: OCSP Stapling; SSL with added speed and privacy

Misc

I wrote an article about a few micro-optimisations I made to my site that just goes to show there are often things you can optimise that get overlooked. It probably didn't result in a huge increase in performance but several small changes like this can soon mount up.

Article: Micro-optimisation for fun!


Viewing all articles
Browse latest Browse all 12749