Mastodawn

Fixing the URL Params Performance Penalty, by @tunetheweb (@perfplanet.bsky.social):

https://calendar.perfplanet.com/2025/fixing-the-url-params-performance-penalty/

#performance #urls #caching #httpheaders #examples

Fixing the URL params performance penalty

Tales of two pages… What's the difference between these two pages?: https://www.example.com/ https://www.example.com/?utm_source=email I mean they've got different URLs, but many of us would probably guess that that utm_source URL query parameters (or "URL params" or "search params" as it's

Web Performance Calendar

Frontend Dogma Oct 3

CORS Explained: Stop Struggling With Cross-Origin Errors, by (not on Mastodon or Bluesky):

https://archive.fo/5rWqj

#security #cors #httpheaders #http

Hacker News Aug 28

RFC 8594: The Sunset HTTP Header Field

https://datatracker.ietf.org/doc/html/rfc8594

#HackerNews #RFC8594 #SunsetHTTPHeader #HTTPHeaders #IETF #Standards #WebDevelopment

RFC 8594: The Sunset HTTP Header Field

This specification defines the Sunset HTTP response header field, which indicates that a URI is likely to become unresponsive at a specified point in the future. It also defines a sunset link relation type that allows linking to resources providing information about an upcoming resource or service sunset.

IETF Datatracker

PPC Land Aug 10

Chrome 140 introduces HTTP cookie prefix to combat client-side security threats: Chrome 140 beta introduces __Http and __HostHttp cookie prefixes on August 6, 2025, enabling servers to distinguish server-set from client-set cookies. https://ppc.land/chrome-140-introduces-http-cookie-prefix-to-combat-client-side-security-threats/ #Chrome140 #HTTPHeaders #WebSecurity #Cookies #ClientSideSecurity

Chrome 140 introduces HTTP cookie prefix to combat client-side security threats

Chrome 140 beta introduces __Http and __HostHttp cookie prefixes on August 6, 2025, enabling servers to distinguish server-set from client-set cookies.

PPC Land

N-gated Hacker News Jul 5

🧙‍♂️ Ah, yes, because nothing screams cutting-edge tech quite like slapping a fictional telegraph homage from a fantasy series onto modern HTTP headers. 🤦‍♂️ Let's all pause to admire the nerdy zealotry that ensures the name of a character floats eternally through the internet... because nothing could be more crucial. 🙄
https://xclacksoverhead.org/home/about #cuttingEdgeTech #nerdyHumor #HTTPHeaders #fantasyTech #telegraphTribute #HackerNews #ngated

XClacksOverhead.org

Information on the X-Clacks-Overhead transmission header.

X-Clacks-Overhead

Inautilo May 2

#Development #Approaches
Progressive dehancement · A new tactic to detect spam in a contact form https://ilo.im/163mws

_____
#Spam #Bots #ContactForm #Form #ProgressiveEnhancement #ProgressiveDehancement #HttpHeaders #WebDev #Frontend #Backend

Progressive Dehancement

The one where I try my best to fight spam and not surrender

dbushell.com

Inautilo Apr 3

#Development #Explorations
Forbidden request headers · Some request headers are more trustworthy than others https://ilo.im/16333j

_____
#Specification #HttpHeaders #Browser #JavaScript #FetchAPI #XMLHttpRequest #CloudflareWorker #WebDev #Frontend #Backend

I guess some request headers are more trustworthy than others.

There's a subset of request headers that can't be modified by a spec-compliant user agent. Let's explore why they're useful for determining how and for what purpose a request was triggered.

Alex MacArthur

Frontend Dogma Mar 20

Why Do We Have a “Cache-Control” Request Header?, by @csswizardry:

https://csswizardry.com/2025/03/why-do-we-have-a-cache-control-request-header/

#caching #httpheaders #http

Why Do We Have a Cache-Control Request Header? – CSS Wizardry

Learn how the Cache-Control request header works, how browsers handle refresh and hard refresh caching, and when developers should use it for realtime data and offline-first applications.

Pen Test Partners Mar 12

Although frequently misunderstood, the HTTP Cache-Control header is crucial because it specifies caching mechanisms within requests and responses. In its typical format, it reveals details as to how resources are stored, the location of the resource and the maximum age before expiring…

In our latest blog post, Kieran Larking highlights that the No-cache directive does not prevent caching and looks at typical caching behaviour directives and how to correctly use these directives to balance performance and security: https://www.pentestpartners.com/security-blog/take-control-of-cache-control-and-local-caching/

#Caching #CacheControl #WebPerformance #WebSecurity #HTTPHeaders #Cybersecurity #DeveloperGuide #HTTP

Take control of Cache-Control and local caching | Pen Test Partners

TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directive prevents caching Introduction The HTTP Cache-Control header is sometimes misunderstood. It's important because it is used to specify caching mechanisms within requests and responses. In its typical format, it

Inautilo Nov 29, 2024

#Development #Techniques
Avoid hotlinking images with CORP · How to stop other websites from serving your images https://ilo.im/1613tb

_____
#Images #Security #HTTP #HttpHeaders #CORP #Browser #Hosting #WebDev #Frontend #Backend

Avoid hotlinking images with Cross-Origin-Resource-Policy

An image on your site can be directly included in other sites. You end up with the costs of hosting and serving the image, while the other sites gain the benefits of showing your nice image on their page. With the response header Cross-Origin-Resource-Policy it is possible to inform the browser that images should only be usable by the same site or origin as the image, thus making hotlinking impossible.

Sjoerd Langkemper