While the focus has generally been on protecting users by blocking requests going to the origin, there is now a shift in trying to protect users at the browser while providing an optimal experience. There are other areas such as HTTP2 with the new concept of server push, where the focus is queuing up resources at the origin without being requested by the browser. This poses the question: “Where does security fit in?”, as we are still attempting to reduce the number of requests and focusing on the end user experience.
The goal of security is to ensure we protect the origin servers by blocking malicious requests going forward. The goal of front-end performance (not backbone) is to improve browser rendering for the end user by using several optimizations, one being reducing the number of HTTP requests, which increase load time.
With both goals defined, we can see that the implications of front-end optimization being applied to a website inherently reduces the need for security at the origin, as much of the rendering work is focused on the front end without needing to go back to the origin server. Additionally, through the use of certain front-end optimization techniques mentioned below, users can avoid some security risks that are involved in navigating between various pages in a site, clicking on third-party content, and filling out forms.
1. Code obfuscation
3. Iframe sandboxing to avoid phishing and injecting third party scripts
4. Cacheable Ajax (with non personalized data)
6. Image lazy loading (the pros and cons)
Security benefits are observed at the browser level through the use of the above optimizations that enhance the end-user experience.
Sonia Burney is a solutions architect at Akamai Technologies with a background in frontend web development. Sonia’s main area of expertise is web performance with a strong focus on frontend optimizations that help enhance the user experience.
Sabrina Burney is a solutions architect at Akamai Technologies. With a background in programming, her current focus of work and study involves security and protecting web infrastructures.
©2015, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org