While security techniques have generally focused on protecting users by blocking requests going to the origin, there is now a shift in trying to protect users at the browser while providing an optimal experience—in areas such as HTTP/2, with its new concept of server push, where the focus is queuing up resources at the origin without being requested by the browser, and the more recent concept of the single-page application, which also aims to reduce the number of requests during a session while loading all necessary resources the first time a site is loaded. This poses the question: where does security fit as we attempt to reduce the number of requests and focus on the end-user experience?
The goal of security is to ensure we protect the origin servers by blocking malicious requests going forward. The goal of frontend performance techniques is to improve page rendering for the end user by using several optimizations, including reducing the number of HTTP requests, to increase load time.
Sonia Burney and Sabrina Burney explore how security can be enforced at the browser level through a combination of optimization techniques and security enhancements, which overall provide an optimal end-user experience. Optimization techniques inherently reduce the need for security at the origin, as much of the rendering work is focused on the frontend without needing to go back to the origin server. Additionally, the use of certain techniques—obfuscation and HTTP/2, service worker and web worker applications, content security policy (with HTTP/2) and strict transport security, iFrame sandboxing (and more) to avoid third-party phishing or malicious code injections, and subresource integrity—can improve the end-user experience and avoid some security risks involved in navigating between various pages in a site, clicking on third-party content, and filling out forms.
As we’ve seen before, a security issue can result in a performance issue and vice versa, so why not utilize techniques that achieve benefits in both areas, which are equally important from an end-user perspective?
Sonia Burney is a solutions architect at Akamai Technologies with a background in frontend web development. Sonia’s main area of expertise is web performance with a strong focus on frontend optimizations that help enhance the user experience.
Sabrina Burney is currently a solutions architect at Akamai Technologies with a background in programming. Sabrina’s current focus involves security and protecting web infrastructures. More recently, she has gotten involved with improving the frontend end-user experience.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org