Does the web still need HTTP Deflate?
The compression format war of the last decade was won by Gzip. Why do web browsers still support the legacy HTTP Deflate (Zlib) format? It’s time to deprecate it.
Hypertext
The HyperText Transfer Protocol (HTTP.)
Why Firefox for Android logs you out of everything all the time
Firefox for Android “forgets” to send SameSite=Strict cookies to websites, causing them to log you out and forgot you ever visited them in the past.
Chrome to remove HTTP/2 Push
Chrome intends to remove support for server push; an underutilized performance feature introduced in HTTP/2. It cites low usage and implementation complexity.
Promote your Onion site with the Onion-Location HTTP header
A new HTTP header enables websites to redirect their visitors using the Tor Browser to their more secure Onion site.
Compressed favicons are 70% smaller but 75% are served uncompressed
The majority of websites don’t compress their favicon files despite an impressive average file size reduction of over 70 %.
Don’t rely on mod_negotiation to serve pre-compressed resources
Apache’s module for server-driven HTTP content negotiation isn’t suited to make decisions about which pre-compressed resource to serve.
Safari’s default media controls get blocked when CSP is applied
Any HTTP Content-Security-Policy blocks the default <audio>/<video> controls in Safari unless you deliberately make it less secure.
Avoid Nginx’s merge_slashes option
Don’t use Nginx’s merge_slashes option in your HTTP reverse caching proxy setup. Here’s an example of an unintended problem caused by blindly rewriting URLs.
Problems to expect when using the Apache mod_cache module
Five implementation problems and gotchas when using Apache’s HTTP caching module. Learn how to keep your HTTPD caching proxy server from messing up.
Permanent redirects are supposed to be permanent
HTTP 301 redirects are supposed to be permanent. Clients are expected to update links and not request the old address in the future.
Recover from HTTP clients that include URL #fragments in requests
Bots and older clients sometimes request /page#fragment URLs over HTTP without stripping away the URL #fragment. Here’s how to recover using redirects.
Which CDN providers support stale-while-revalidate?
A quick review of which content delivery networks support RFC 5861’s Stale-While-Revalidate and Stale-If-Error caching directives.
How to test for HTTP stale-while-revalidate support?
Verify that your CDN or caching proxy supports RFC 5861 asynchronous cache revalidation through the stale-while-revalidate HTTP response directive.
Save-Data aware HTTP/2 server push
Learn how to set up HTTP Save-Data request-hint aware HTTP/2 server push with Apache HTTPD and Nginx web servers.
Accelerate redirects with HTTP/2 server push
Set up faster HTTP redirects by using HTTP/2 server push to send the new location in the same response informing the client about the redirect.
How caching affects internet connectivity tests
An intermediary HTTP proxy-cache can interfere with how different devices detect whether they’ve got working internet access or not.
Embed a JavaScript CDN in your web browser with Decentraleyes
Browser extension mirrors popular JavaScript library content delivery networks locally to improve load-performance and your privacy.
Private bug trackers leak data on security and other known issues
Many bug tracking software leak information about your organization’s security problems through HTTP referrer headers.
New Save-Data HTTP header tells websites to reduce their data usage
The new HTTP Save-Data request header can help websites determine the bandwidth constraints of their visitors. Plus, a browser extension for users to adopt it.