Front-End Optimization: Yahoo's 35 Rules

no_mkd

Foreword

English Original Link. If you find any issues with this article, please point them out so I can modify them promptly.

Table of Contents (7 categories, 35 rules in total):

1. [Content] Minimize HTTP Requests
2. [Server] Use a Content Delivery Network (CDN)
3. [Server] Add an Expires or a Cache-Control Header
4. [Server] Gzip Components
5. [CSS] Put Stylesheets at the Top
6. [JS] Put Scripts at the Bottom
7. [CSS] Avoid CSS Expressions
8. [JS, CSS] Make JavaScript and CSS External
9. [Content] Reduce DNS Lookups
10. [JS, CSS] Minify JavaScript and CSS
11. [Content] Avoid Redirects
12. [JS] Remove Duplicate Scripts
13. [Server] Configure ETags
14. [Content] Make Ajax Cacheable
15. [Server] Flush the Buffer Early
16. [Server] Use GET for Ajax Requests
17. [Content] Post-load Components
18. [Content] Preload Components
19. [Content] Reduce the Number of DOM Elements
20. [Content] Split Components Across Domains
21. [Content] Minimize the Number of iframes
22. [Content] No 404s
23. [Cookie] Reduce Cookie Size
24. [Cookie] Use Cookie-free Domains for Components
25. [JS] Minimize DOM Access
26. [JS] Develop Smart Event Handlers
27. [CSS] Choose over @import
28. [CSS] Avoid Filters
29. [Image] Optimize Images
30. [Image] Optimize CSS Sprites
31. [Image] Don't Scale Images in HTML
32. [Image] Make favicon.ico Small and Cacheable (P.S. Favorites icon)
33. [Mobile] Keep Components under 25K
34. [Mobile] Pack Components into a Multipart Document
35. [Server] Avoid Empty Image src

Translation: Best Practices for Speeding Up Your Web Site

We have identified a number of best practices for speeding up your site, divided into 7 categories with a total of 35 rules.

1. Minimize HTTP Requests

Category: Content

80% of the end-user response time is spent on the front-end. Most of this time is tied up in downloading all the components in the page: images, stylesheets, scripts, Flash, etc. Reducing the number of components in turn reduces the number of HTTP requests required to render the page. This is the key to faster pages.

One way to reduce the number of components in the page is to simplify the page's design. But is there a way to build pages with richer content while also achieving fast response times? Well, yes, there is a way to have your cake and eat it too.

Combined files are a way to reduce the number of HTTP requests by combining all scripts into a single script, and similarly combining all CSS into a single stylesheet. Combining files is more challenging when the scripts and stylesheets vary from page to page, but making this part of your release process improves response times.

CSS Sprites are the preferred method for reducing the number of image requests. Combine your background images into a single image and use the CSS background-image and background-position properties to display the desired image segment.

Image maps combine multiple images into a single image. The overall size is about the same, but reducing the number of HTTP requests speeds up the page load. Image maps only work if the images are contiguous in the page, such as a navigation bar. Defining the coordinates of image maps can be tedious and error-prone. Using image maps for navigation is also difficult, so it is not recommended.

Inline images (Base64 encoding) use the data: URL scheme to embed the image data in the actual page. This increases the size of your HTML document. Combining inline images into your (cached) stylesheets is a way to reduce HTTP requests and avoid increasing the weight of your pages. However, major browsers do not yet support inline images perfectly.

Reducing the number of HTTP requests in your page is the place to start. This is the most important guideline for improving performance for first-time visitors. As described in Tenni Theurer's blog Browser Cache Usage - Exposed!, 40% to 60% of daily visitors to your site come in with an empty cache. Therefore, making your page fast for these first-time visitors is extremely important for a better user experience.

2. Use a Content Delivery Network (CDN)

Category: Server

The user's proximity to your web server has an impact on response times. Deploying your content across multiple, geographically dispersed servers will make your pages load faster. But how do you actually do this?

As a first step to implementing geographical content dispersion, don't attempt to redesign your web application to work in a distributed architecture. Depending on the application, changing the architecture could include daunting tasks such as synchronizing session state and replicating database transactions across server locations. Proposals to reduce the distance between users and content could be delayed, or never pass, because of this architectural hurdle.

Remember that 80-90% of the end-user response time is spent downloading all the components in the page: images, stylesheets, scripts, Flash, etc. This is the Golden Rule of Performance. Rather than starting with the difficult task of redesigning your application architecture, it's better to first disperse your static content. This not only achieves a bigger reduction in response times, but it's easier to demonstrate the benefits of a CDN.

A Content Delivery Network (CDN) is a collection of web servers distributed across multiple locations to deliver content more efficiently to users. Typically, the server selected for delivering content to a specific user is based on a measure of network proximity. For example, the server with the fewest network hops or the server with the quickest response time is chosen.

Some large Internet companies own their own CDN, but it's cost-effective to use a CDN service provider, such as Akamai Technologies, EdgeCast, or level3. For start-up companies and private web sites, the cost of a CDN service can be high, but if your target audience grows larger and becomes more global, using a CDN is necessary to achieve fast response times. At Yahoo!, moving static content from application web servers to a CDN (including both the 3rd party ones mentioned above and Yahoo!'s own CDN) improved end-user response times by 20% or more. Switching to a CDN is a relatively simple code change that will dramatically improve the speed of your web site.

3. Add an Expires or a Cache-Control Header

Category: Server

This rule has two aspects:

• For static components: implement "Never expire" by setting a far future Expires header
• For dynamic components: use an appropriate Cache-Control HTTP header to help the browser with conditional requests

Web page designs are getting richer and richer, which means more scripts, images, and Flash in the page. A first-time visitor to your site may still have to make several HTTP requests, but by using the Expires header you make those components cacheable. This avoids unnecessary HTTP requests on subsequent page views. Expires headers are most often used with images, but they should be used on all components including scripts, stylesheets, and Flash components.

Browsers (and proxies) use a cache to reduce the number and size of HTTP requests, making web pages load faster. A web server uses the Expires HTTP response header to tell the web client how long a component can be cached. Here is a far future Expires header, telling the browser that this response won't be stale until April 15, 2010.

Expires: Thu, 15 Apr 2010 20:00:00 GMT

If you are using an Apache server, use the ExpiresDefault directive to set an expiration date relative to the current date. This example sets the Expires date 10 years out from the time of the request:

ExpiresDefault "access plus 10 years"

Keep in mind, if you use a far future Expires header you have to change the component's filename whenever the component changes. At Yahoo!, we often make this step part of the build process: a version number is embedded in the component's filename, for example, yahoo_2.0.6.js

Using a far future Expires header affects page views only after a user has already visited your site. It has no effect on the number of HTTP requests when a user visits your site for the first time and the browser's cache is empty. Therefore the impact of this performance improvement depends on how often users hit your pages with a primed cache. We measured this at Yahoo! and found the number of page views with a primed cache is 75-85%. By using a far future Expires header, you increase the number of components that are cached by the browser and re-used on subsequent page views without sending a single byte over the user's Internet connection.

4. Gzip Components

Category: Server

Front-end engineers can look for ways to significantly reduce the time it takes to transfer HTTP requests and responses across the network. To be sure, the end-user's bandwidth speed, Internet service provider, proximity to peering exchange points, etc. are beyond the control of the development team. But there are other variables that affect response times. Compression reduces response times by reducing the size of the HTTP response.

Starting with HTTP/1.1, web clients indicate support for compression with the Accept-Encoding HTTP request header.

Accept-Encoding: gzip, deflate

If the web server sees this header in the request, it may compress the response using one of the methods listed by the client. The web server notifies the web client of this via the Content-Encoding response header.

Content-Encoding: gzip

Gzip is currently the most popular and effective compression method. It was developed by the GNU project and standardized by RFC 1952. The only other compression format you're likely to see is deflate, but it's less effective and less popular.

Gzipping generally reduces the response size by about 70%. Approximately 90% of today's Internet traffic travels through browsers that claim to support gzip. If you use Apache, the module configuring gzip depends on your version: Apache 1.3 uses mod_gzip while Apache 2.x uses the mod_deflate module.

There are known issues with browsers and proxies that may cause a mismatch in what the browser expects and what it receives with regard to compressed content. Fortunately, these edge cases are dwindling as older browsers drop off. The Apache modules help out by adding appropriate Vary response headers automatically.

Servers choose what to gzip based on file type, but this is typically too limited. Most web sites gzip their HTML documents. It's also worthwhile to gzip your scripts and stylesheets, but many web sites miss this opportunity. In fact, it's worthwhile to compress any text response including XML and JSON. Image and PDF files should not be gzipped because they are already compressed. Trying to gzip them not only wastes CPU but can potentially increase file sizes.

Gzipping as many file types as possible is an easy way to reduce page weight and accelerate the user experience.

5. Put Stylesheets at the Top

Category: CSS

While researching performance at Yahoo!, we discovered that moving stylesheets to the document HEAD makes pages appear to be loading faster. This is because putting stylesheets in the HEAD allows the page to render progressively.

Front-end engineers who care about performance want a page to load progressively. That is, we want the browser to display whatever content it has as soon as possible. This is especially important for pages with a lot of content and for users on slower Internet connections. The importance of giving users visual feedback, such as progress indicators, has been well researched and documented. In our case the HTML page is the progress indicator! When the browser loads the page header, the navigation bar, the top logo, etc. progressively, all of this serves as visual feedback for the user waiting for the page. This improves the overall user experience.

The problem with putting stylesheets near the bottom of the document is that it prohibits progressive rendering in many browsers, including IE. These browsers block rendering to avoid having to redraw elements of the page if their styles change. The user is stuck viewing a blank white page.

The HTML specification clearly states that stylesheets are to be included in the HEAD of the page: "Unlike A, [LINK] may only appear in the HEAD section of a document, although it may appear any number of times." Neither of the alternatives, a blank white screen or a flash of unstyled content, are worth the risk. The optimal solution is to follow the HTML specification and load your stylesheets in the document HEAD.

6. Put Scripts at the Bottom

Category: JavaScript

Scripts cause a problem with parallel downloads. The HTTP/1.1 specification suggests that browsers download no more than two components in parallel per hostname. If you serve your images from multiple hostnames, you can get more than two downloads to occur in parallel. While a script is downloading, however, the browser won't start any other downloads, even on different hostnames.

In some situations it's not easy to move scripts to the bottom. If, for example, the script uses document.write to insert part of the page's content, it can't be moved lower in the page. There might also be scoping issues. In many cases, there are ways to work around these situations.

An alternative suggestion that often comes up is to use deferred scripts. The DEFER attribute indicates that the script does not contain document.write, and is a clue to browsers that they can continue rendering. Unfortunately, Firefox doesn't support the DEFER attribute. In Internet Explorer, the script may be deferred, but not as much as desired. If a script can be deferred, it can also be moved to the bottom of the page. That will make your web pages load faster.

7. Avoid CSS Expressions

Category: CSS

CSS expressions are a powerful (and dangerous) way to set CSS properties dynamically. They were supported in Internet Explorer 5, but were deprecated starting with IE8. As an example, the background color could be set to alternate every hour using CSS expressions:

background-color: expression( (new Date()).getHours()%2 ? "#B8D4FF" : "#F08A00" );

As shown above, the expression method accepts a JavaScript expression. The CSS property is set to the result of evaluating the JavaScript expression. The expression method is ignored by other browsers, so it is only useful if you are trying to implement a consistent cross-browser experience with IE.

The problem with expressions is that they are evaluated more frequently than most people expect. Not only are they evaluated when the page is rendered and resized, but also when the page is scrolled and even when the user moves the mouse over the page. Adding a counter to the CSS expression allows us to track when and how often a CSS expression is evaluated. Moving the mouse around the page can easily generate more than 10,000 evaluations.

One way to reduce the number of evaluations of your CSS expression is to use one-time expressions, where the first time the expression is evaluated it sets the style property to an explicit value, replacing the CSS expression. If the style property must be set dynamically throughout the life of the page, using event handlers instead of CSS expressions is an alternative approach. If you must use CSS expressions, remember that they may be evaluated thousands of times and could affect the performance of your entire page.

8. Make JavaScript and CSS External

Category: JavaScript, CSS

Many performance rules deal with how external components are managed. However, before these considerations arise you should ask a more basic question: Should JavaScript and CSS be contained in external files, or inlined in the page itself?

Using external files in the real world generally produces faster pages because the JavaScript and CSS files are cached by the browser. JavaScript and CSS that are inlined in HTML documents get downloaded every time the HTML document is requested. This reduces the number of HTTP requests that are needed, but increases the size of the HTML document. On the other hand, if the JavaScript and CSS are in external files cached by the browser, the size of the HTML document is reduced without increasing the number of HTTP requests.

The key factor, then, is the frequency with which external JavaScript and CSS components are cached relative to the number of HTML documents requested. This factor, although difficult to quantify, can be gauged using various metrics. If users on your site have multiple page views per session and your pages re-use the same scripts and stylesheets, there is a great benefit from cached external files.

Many sites fall in the middle of these metrics. For these sites, the best solution generally is to deploy the JavaScript and CSS as external files. The only exception where inlining is preferable is with home pages, such as Yahoo!'s front page and My Yahoo!. Home pages that have few (perhaps only one) page view per session may find that inlining JavaScript and CSS results in faster end-user response times.

For typical sites where the home page is the first of many page views, there are techniques that leverage the reduction of HTTP requests that inlining provides, as well as the caching benefits achieved through using external files. One such technique is to inline JavaScript and CSS in the home page, but dynamically download the external files after the page has finished loading. Subsequent pages would reference the external files that are already in the browser's cache.

9. Reduce DNS Lookups

Category: Content

The Domain Name System (DNS) maps hostnames to IP addresses, just like phonebooks map people's names to their phone numbers. When you type www.yahoo.com into your browser, a DNS resolver contacted by the browser returns that server's IP address. DNS has a cost. It typically takes 20-120 milliseconds for DNS to lookup the IP address for a given hostname. The browser can't download anything from this hostname until the DNS lookup is completed.

DNS lookups are cached for better performance. This caching can occur on a special caching server, maintained by the user's ISP or local area network, but there is also caching that occurs on the individual user's computer. The DNS information remains in the operating system's DNS cache (the "DNS Client service" on Microsoft Windows). Most browsers have their own caches, separate from the operating system's cache. As long as the browser keeps a DNS record in its own cache, it doesn't bother the operating system with a record request.

Internet Explorer caches DNS lookups for 30 minutes by default, as specified by the DnsCacheTimeout registry setting. Firefox caches DNS lookups for 1 minute, controlled by the network.dnsCacheExpiration configuration setting. (Fasterfox changes this to 1 hour. P.S. Fasterfox is a speed-up plugin for FF.)

When the client's DNS cache is empty (for both the browser and the operating system), the number of DNS lookups is equal to the number of unique hostnames in the web page. This includes the hostnames used in the page's URL, images, script files, stylesheets, Flash objects, etc. Reducing the number of unique hostnames reduces the number of DNS lookups.

Reducing the number of unique hostnames has the potential to reduce the amount of parallel downloading that takes place in the page. Avoiding DNS lookups cuts response times, but reducing parallel downloads may increase response times. My guideline is to split these components across at least two but no more than four hostnames. This results in a good compromise between reducing DNS lookups and allowing a high degree of parallel downloads.

10. Minify JavaScript and CSS

Category: JavaScript, CSS

Minification is the practice of removing unnecessary characters from code to reduce its size thereby improving load times. When code is minified all comments are removed, as well as unneeded white space characters (space, newline, and tab). In the case of JavaScript, this improves response time performance because the size of the downloaded file is reduced. Two popular tools for minifying JavaScript code are JSMin and YUI Compressor. The YUI compressor can also minify CSS.

Obfuscation is an alternative source code optimization that is more complex than minification and thus more prone to generating bugs as a result of the obfuscation step itself. In a survey of ten top U.S. web sites, minification achieved a 21% size reduction versus 25% for obfuscation. Although obfuscation has a higher size reduction, minifying is safer.

In addition to minifying external scripts and styles, inlined <script> and <style> blocks can and should also be minified. Even if you gzip your scripts and styles, minifying them will still reduce the size by 5% or more. As the use and size of JavaScript and CSS increases, so will the savings gained by minifying your code.

11. Avoid Redirects

Category: Content

Redirects are accomplished using the 301 and 302 status codes. Here's an example of an HTTP header in a 301 response:

HTTP/1.1 301 Moved Permanently
      Location: http://example.com/newuri
      Content-Type: text/html

The browser automatically takes the user to the URL specified in the Location field. All the information necessary for a redirect is in the HTTP headers. The body of the response is typically empty. Despite their names, neither a 301 nor a 302 response is cached in practice unless indicated by additional headers, such as Expires or Cache-Control. The meta refresh tag and JavaScript are other ways to direct users to a different URL, but if you must do a redirect, the preferred technique is to use the standard 3xx HTTP status codes, primarily to ensure the back button works correctly.

The main thing to remember is that redirects slow down the user experience. Inserting a redirect between the user and the HTML document delays everything in the page since nothing in the page can be rendered and no components can be downloaded until the HTML document has arrived.

One of the most wasteful redirects happens frequently and web developers are generally not aware of it. It occurs when a trailing slash is missing from a URL that should otherwise have one. For example, going to http://astrology.yahoo.com/astrology results in a 301 response containing a redirect to http://astrology.yahoo.com/astrology/ (notice the added trailing slash). This is fixed in Apache by using Alias or mod_rewrite, or the DirectorySlash directive if you're using Apache handlers.

Connecting an old web site to a new one is a common use for redirects. Others include connecting different parts of a web site and directing the user based on certain conditions (type of browser, type of user account, etc.). Using a redirect to connect two web sites is simple and requires little additional coding. Although using redirects in these situations reduces the complexity for developers, it degrades the user experience. Alternatives to this use of redirects include Alias and mod_rewrite if the two code paths are hosted on the same server. If a domain name change is the cause of the use of redirects, one alternative is to create a CNAME (a DNS record that creates an alias pointing from one domain name to another) in combination with an Alias or mod_rewrite directive.

12. Remove Duplicate Scripts

Category: JavaScript

It hurts performance to include the same JavaScript file twice in one page. This isn't as unusual as you might think. A review of the ten top U.S. web sites shows that two of them contain a duplicated script. Two main factors increase the odds of a script being duplicated in a single web page: team size and number of scripts. When it does happen, duplicated scripts hurt performance by creating unnecessary HTTP requests and wasted JavaScript execution.

Unnecessary HTTP requests happen in Internet Explorer, but not in Firefox. In Internet Explorer, if an external script is included twice and is not cacheable, it generates two HTTP requests during page loading. Even if the script is cacheable, extra HTTP requests occur when the user reloads the page.

In addition to generating wasteful HTTP requests, time is wasted evaluating the script multiple times. This redundant JavaScript execution happens in both Firefox and Internet Explorer, regardless of whether the script is cacheable.

One way to avoid accidentally including the same script twice is to implement a script management module in your templating system. The typical way to include a script is to use the SCRIPT tag in your HTML page:

<script type="text/javascript" src="menu_1.0.17.js"></script>

An alternative in PHP would be to create a function called insertScript:

<?php insertScript("menu.js") ?>

In addition to preventing the same script from being inserted multiple times, this function could handle other issues with scripts, such as dependency checking and adding version numbers to script filenames to support "permanent" Expires headers.

13. Configure ETags

Category: Server

Entity tags (ETags) are a mechanism that web servers and browsers use to determine whether the component in the browser's cache matches the one on the origin server. ("Entity" is another word for a "component": images, scripts, stylesheets, etc.) ETags were added to provide a mechanism for validating entities that is more flexible than the last-modified date. An ETag is a string that uniquely identifies a specific version of a component. The only format constraint is that the string must be quoted. The origin server specifies the component's ETag using the ETag response header:

HTTP/1.1 200 OK
      Last-Modified: Tue, 12 Dec 2006 03:03:59 GMT
      ETag: "10c24bc-4ab-457e1c1f"
      Content-Length: 12195

Later, if the browser has to validate a component, it uses the If-None-Match header to pass the ETag back to the origin server. If the ETags match, a 304 status code is returned, reducing the response by 12,195 bytes for this example.

GET /i/yahoo.gif HTTP/1.1
      Host: us.yimg.com
      If-Modified-Since: Tue, 12 Dec 2006 03:03:59 GMT
      If-None-Match: "10c24bc-4ab-457e1c1f"
      HTTP/1.1 304 Not Modified

The problem with ETags is that they typically are constructed using attributes that make them unique to a specific server hosting a site. ETags won't match when a browser gets the original component from one server and later tries to validate that component on a different server, a situation that is all too common on web sites that use a cluster of servers to handle requests. By default, both Apache and IIS embed data in the ETag that dramatically reduces the odds of the validity test succeeding on web sites with multiple servers.

The ETag format for Apache 1.3 and 2.x is inode-size-timestamp. Even if a given file resides in the same directory across multiple servers, and has the same file size, permissions, and timestamp, its inode (P.S. inode, index file in UNIX) is different from one server to the next.

IIS 5.0 and 6.0 suffer from a similar issue. The format for ETags on IIS is Filetimestamp:ChangeNumber. The ChangeNumber is a counter used to track configuration changes to IIS. It's unlikely that the ChangeNumber is the same across all IIS servers hosting a web site.

The end result is ETags generated by Apache and IIS for the exact same component won't match from one server to another. If the ETags don't match, the user doesn't receive the small, fast 304 response that ETags were designed for; instead, they'll get a normal 200 response along with all the data for the component. If you host your web site on just one server, this isn't a problem. But if you have multiple servers hosting your web site, and you're using the default ETag configuration for Apache or IIS, your users are getting slower pages, your servers have a higher load, you're consuming greater bandwidth, and proxies aren't caching your content efficiently. Even if your components have a "permanent" Expires header, a conditional GET request is still made whenever the user hits Reload or Refresh.

If you're not taking advantage of the flexible validation model that ETags provide, it's better to just remove the ETag altogether. The Last-Modified header validates based on the component's timestamp. And removing the ETag reduces the size of the HTTP response headers and subsequent requests. This Microsoft Support article describes how to remove ETags. In Apache, this is done by simply adding the following line to your Apache configuration file:

FileETag none

14. Make Ajax Cacheable

Category: Content

One of the cited benefits of Ajax is that it provides instantaneous feedback to the user because it requests information asynchronously from the backend web server. However, using Ajax is no guarantee that the user won't be twiddling his thumbs waiting for those asynchronous JavaScript and XML responses to return. In many applications, whether or not the user is kept waiting depends on how Ajax is used. For example, in a web-based email client the user will be kept waiting for the results of an Ajax request to find all the email messages that match their search criteria. It's important to remember that "asynchronous" does not imply "instantaneous".

To improve performance, it's important to optimize these Ajax responses. The most important way to improve the performance of Ajax is to make the responses cacheable, as discussed in Add an Expires or a Cache-Control Header. Some of the other rules also apply to Ajax:

• Gzip Components
  
• Reduce DNS Lookups
  
• Minify JavaScript
  
• Avoid Redirects
  
• Configure ETags
  

Let's look at an example. A Web 2.0 email client might use Ajax to download the user's address book for autocompletion. If the user hasn't modified her address book since the last time she used the web application, the previous address book response could be read from cache if that Ajax response was made cacheable with a future Expires or Cache-Control header. The browser must be informed when to use a previously cached address book response versus requesting a new one. This could be done by adding a timestamp to the address book Ajax URL indicating the last time the user modified her address book, for example, &t=1190241612. If the address book hasn't been modified since the last download, the timestamp will be the same and the address book will be read from the browser's cache, eliminating an extra HTTP roundtrip. If the user has modified her address book, the timestamp ensures the new URL doesn't match the cached response, and the browser will request the updated address book entries.

Even if your Ajax responses are created dynamically, and might only be applicable to a single user, they can still be cached. Doing so will make your Web 2.0 apps faster.

15. Flush the Buffer Early

Category: Server

When users request a page, it can take anywhere from 200 to 500ms for the backend server to stitch together the HTML page. During this time, the browser is idle as it waits for the data to arrive. In PHP you have the function flush(). It allows you to send your partially ready HTML response to the browser so that the browser can start fetching components while your backend is busy with the rest of the HTML page. The benefit is mainly seen on busy backends or light front-ends (P.S. That is, the advantage is most apparent when the response latency is primarily on the backend).

A good place to consider flushing is right after the HEAD because the HTML for the head is usually easier to produce and it allows you to include any CSS and JavaScript files for the browser to start fetching in parallel while the backend is still processing.

Example:

      ... <!-- css, js -->
    </head>
    <?php flush(); ?>
    <body>
      ... <!-- content -->

Yahoo! Search pioneered this research, and real user testing proved the many benefits of using this technique.

16. Use GET for Ajax Requests

Category: Server

The Yahoo! Mail team found that when using XMLHttpRequest, POST is implemented in the browsers as a two-step process: sending the headers first, then sending data. So it's best to use GET, which only takes one TCP packet to send (unless you have a lot of cookies). The maximum URL length in IE is 2K, so if you send more than 2K of data you might not be able to use GET.

An interesting side effect is that a POST without posting any data behaves like a GET. Based on the HTTP specs, GET is meant for retrieving information. So it makes sense (semantically) to use GET when you're only requesting data, as opposed to sending data to be stored on the server.

17. Post-load Components

Category: Content

You can take a closer look at your page and ask yourself: "What's absolutely required in order to render the page initially?" The rest of the content and components can wait.

JavaScript is an ideal candidate for splitting before and after the onload event. For example, if you have JavaScript code and libraries that do drag and drop and animation, those can wait, because dragging elements on the page comes after the initial rendering. Other candidates for post-loading include hidden content (content that appears after a user action) and images below the fold.

Tools can help you in your effort: YUI Image Loader allows you to delay loading images below the fold, and YUI Get utility is an easy way to include JS and CSS on the fly. Give Yahoo! Home Page a look with Firebug's Net Panel turned on to see how it's done.

It's good when performance goals align with other web development best practices, such as "progressive enhancement". If the client supports JavaScript, you can improve the user experience, but you have to make sure the page works even without JavaScript. So, after you've made sure the page works fine, you can enhance it with some post-loaded scripts that give you more bells and whistles, such as drag and drop and animations.

18. Preload Components

Category: Content

Preload may seem like the opposite of post-load, but it actually has a different goal. By preloading components you can take advantage of the time the browser is idle and request components (like images, styles, and scripts) you'll need in the future. This way, when the user visits the next page, you could have most of the components already in the cache, and your page will load much faster for the user.

There are actually several types of preloading:

• Unconditional preload - as soon as onload fires, you go ahead and fetch some extra components. Check out google.com for an example of how a sprite image is requested on onload. This sprite image is not needed on the google.com home page, but it is needed on the subsequent search result page.
• Conditional preload - based on a user action, you make an educated guess where the user is headed next and preload accordingly. On search.yahoo.com, you can see how after you start typing in the input box, some extra components are requested.
• Anticipated preload - preload in advance before launching a redesign. It often happens after a redesign that you hear: "The new site is cool, but it's slower than before". Part of the problem could be that the users were visiting your old site with a full cache, but the new one is always an empty cache experience. You can mitigate this side effect by preloading some components before you even launch the redesign. Your old site can use the time the browser is idle and request images and scripts that will be used by the new site.

19. Reduce the Number of DOM Elements

Category: Content

A complex page means more bytes to download, and it also means slower DOM access in JavaScript. It makes a difference if you loop through 500 or 5,000 DOM elements on the page when you want to add an event handler, for example.

A high number of DOM elements can be a symptom that there's something with the markup of the page that needs cleaning up. Are you using nested tables for layout purposes? Are you throwing in more <div>s only to fix layout issues? Maybe there's a better and more semantically correct way to do your markup.

YUI CSS utilities can help greatly with your layout: grids.css for overall layout, and fonts.css and reset.css to strip away the browser's default formatting. This is a chance to start fresh and think about your markup, for example, using <div>s only when it makes sense semantically, and not just because it renders a new line.

The number of DOM elements is easy to test; just type in Firebug's console:
document.getElementsByTagName('*').length

And how many DOM elements are too many? Check other similar pages that have good markup. For example, the Yahoo! Home Page is a pretty busy page, and yet it's under 700 elements (HTML tags).

20. Split Components Across Domains

Category: Content

Splitting components allows you to maximize parallel downloads. Make sure you're using no more than 2-4 domains because of the DNS lookup penalty. For example, you can host your HTML and dynamic content on www.example.org and split static components between static1.example.org and static2.example.org.

For more information, check Tenni Theurer and Patty Chi's article: Maximizing Parallel Downloads in the Carpool Lane

21. Minimize the Number of iframes

Category: Content

iframes allow an HTML document to be inserted in the parent document. It's important to understand how iframes work so they can be used effectively.

<iframe> pros:

• Help resolve slow third-party content like badges and ads
• Security sandbox
• Download scripts in parallel

<iframe> cons:

• Costly even if blank
• Blocks page onload
• Non-semantic

22. No 404s

Category: Content

HTTP requests are expensive, so making an HTTP request and getting a useless response (i.e., 404 Not Found) is totally unnecessary and will slow down the user experience without any benefit.

Some sites have helpful 404s—"Did you mean X?"—which is great for the user experience but also wastes server resources (like database, etc.). Particularly bad is when the link to an external JavaScript is wrong and the result is a 404. First, this download will block parallel downloads. Next, the browser may try to parse the 404 response body as if it were JavaScript code, trying to find something usable in it.

23. Reduce Cookie Size

Category: Cookie

HTTP cookies are used for a variety of reasons such as authentication and personalization. Information about cookies is exchanged in the HTTP headers between web servers and browsers. It's important to keep the size of cookies as low as possible to minimize the impact on the user's response time.

For more information, check Tenni Theurer and Patty Chi's article: When the Cookie Crumbles. The rules of thumb from this research are:

• Eliminate unnecessary cookies
• Keep cookie sizes as low as possible to minimize the impact on the user response time
• Be mindful of setting cookies at the appropriate domain level so other sub-domains are not affected
• Set an Expiration date appropriately. An earlier Expiration date or none removes the cookie sooner, improving the user response time

24. Use Cookie-free Domains for Components

Category: Cookie

When the browser makes a request for a static image and sends cookies together with the request, the server doesn't have any use for those cookies. So they only create network traffic for no good reason. You should make sure static components are requested with cookie-free requests. Create a subdomain and host all your static components there.

If your domain is www.example.org, you can host your static components on static.example.org. However, if you've already set cookies on the top-level domain example.org as opposed to www.example.org, then all the requests to static.example.org will include those cookies. In this case, you can buy a whole new domain, host your static components there, and keep this domain cookie-free. Yahoo! uses yimg.com, YouTube uses ytimg.com, Amazon uses images-amazon.com, and so on.

Another benefit of hosting static components on a cookie-free domain is that some proxies might refuse to cache the components that are requested with cookies. On a related note, if you wonder if you should use example.org or www.example.org for your home page, consider the cookie impact. If you omit the www, you are forced to write cookies to *.example.org, so for performance reasons it's best to use the www subdomain and write the cookies to that subdomain.

25. Minimize DOM Access

Category: JavaScript

Accessing DOM elements with JavaScript is slow, so in order to have a more responsive page, you should:

• Cache references to accessed elements
• Update nodes "offline" and then add them to the tree
• Avoid fixing layout with JavaScript

For more information, check Julien Lecomte's article in YUI Theater: High Performance Ajax Applications

26. Develop Smart Event Handlers

Category: JavaScript

Sometimes pages feel less responsive because of too many event handlers attached to different elements of the DOM tree which are then executed too often. That's why using event delegation is a good approach. If you have 10 buttons inside a div, attach only one event handler to the div wrapper instead of one handler for each button. Events bubble up, so you'll be able to catch the event and figure out which button it originated from.

You also don't need to wait for the onload event in order to start doing something with the DOM tree. Often all you need is the element you want to access to be available in the tree, without waiting for all images to be downloaded. DOMContentLoaded is the event you might consider using instead of onload, but until it's available in all browsers, you can use the YUI Event utility, which has an onAvailable method.

For more information, check Julien Lecomte's article in YUI Theater: High Performance Ajax Applications

27. Choose <link> over @import

Category: CSS

One of the previous best practices states that CSS should be at the top in order to allow for progressive rendering.

In IE, @import behaves the same as using <link> at the bottom of the page, so it's best not to use it.

28. Avoid Filters

Category: CSS

The IE-proprietary AlphaImageLoader filter aims to fix a problem with semi-transparent PNG images in IE versions prior to 7. The problem with this filter is that it blocks rendering and freezes the browser while the image is being downloaded. It also increases memory consumption and is applied per element, not per image, so there are a lot of issues.

The best approach is to avoid AlphaImageLoader completely and gracefully degrade to using PNG8 images, which have good support in IE. If you absolutely must use AlphaImageLoader, you should use the underscore hack: _filter to avoid penalizing IE7 and higher users.

29. Optimize Images

Category: Image

After a designer is done creating the images, there are still a few things you can do before uploading those images via FTP to your web server.

• Check the GIF images to see if they are using a palette size corresponding to the number of colors in the image. Using imagemagick makes it easy to check:
  identify -verbose image.gif
  If a 4-color image uses all 256 "slots" in the palette, there is room for improvement.
• Try converting GIFs to PNGs to see if there is a reduction in size; often there is. Developers are usually hesitant to use PNG images due to limited browser support, but that is now a thing of the past. The real problem is that PNG images fully support alpha transparency, while GIFs do not support transparency gradients. So anything a GIF can do, a PNG can too (except for animations). This simple command makes PNG images safe to use:
  convert image.gif image.png
  "All we are saying is: give PNG a chance."
• Run pngcrush (or any other PNG optimization tool) on all your PNG images, for example:
  pngcrush image.png -rem alla -reduce -brute result.png
• Run jpegtran on all your JPEG images. This tool supports lossless operations on JPEGs, such as rotation, and can also be used to remove comments and other useless information (such as EXIF information. P.S. Digital photo information, like focal length and aperture):
  jpegtran -copy none -optimize -perfect src.jpg dest.jpg

30. Optimize CSS Sprites

Category: Image

• Arranging images horizontally in a sprite usually results in a smaller file size than arranging them vertically.
• Combining similar colors in a sprite helps you keep the color count low, ideally under 256 colors for a PNG8 format.
• "Be mobile-friendly" and don't leave big gaps between images in a sprite. Although this doesn't significantly affect the file size, it saves memory when the user agent decompresses the image into a pixel map. A 100x100 image is 10,000 pixels, while a 1000x1000 image is 1 million pixels.

31. Don't Scale Images in HTML

Category: Image

Don't use a larger image than you need just because you can set the width and height in HTML. If you need
<img width="100" height="100" src="mycat.jpg" alt="My Cat" />
then your image itself (mycat.jpg) should be 100x100px, rather than scaling down a 500x500px image.

32. Make favicon.ico Small and Cacheable (P.S. Favorites icon)

Category: Image

The favicon.ico is an image that stays in the root of your server. It's a necessary evil because even if you don't care about it, the browser will still request it, so it's better not to respond with a 404 Not Found. Also, since it's on the same server, cookies are sent every time it's requested. This image also interferes with the download sequence. For example, in IE, when you request extra components in the onload, the favicon will be downloaded before those extra components.

So to mitigate the downsides of favicon.ico, make sure:

• It's small, preferably under 1K.
• Set an appropriate Expires HTTP header (since you cannot rename it later if you decide to change it). Setting the expiration to several months out is generally safe. You can check the last modified date of the current favicon.ico to ensure that any changes are brought to the browser's attention.

Imagemagick can be used to create small favicon icons.

33. Keep Components under 25K

Category: Mobile

This restriction is because the iPhone won't cache components larger than 25K. Note that this is the uncompressed size. This is where minifying content is important, because gzip alone may not be sufficient.

For more information, check Wayne Shea and Tenni Theurer's article: Performance Research, Part 5: iPhone Cacheability - Making it Stick

34. Pack Components into a Multipart Document

Category: Mobile

Packing components into a multipart document is like an email with attachments. It helps you fetch several components with one HTTP request (remember: HTTP requests are expensive). When using this technique, first check if the user agent supports it (iPhone does not).

35. Avoid Empty Image src

Category: Server

Images with an empty string src attribute are very common and appear in two forms:

1. straight HTML
   

   <img src="">

2. JavaScript
   

   var img = new Image();
   img.src = "";

Both forms cause the same issue: the browser sends another request to the server.

• IE makes a request to the directory where the page is located.
• Safari and Chrome send a request to the current page itself.
• Firefox 3 and earlier versions handle it the same way as Safari and Chrome, but 3.5 resolved this problem [bug 444931] and no longer sends the request.
• Opera does nothing when it encounters an image with an empty src attribute.

Why is an empty image src bad?

1. Accidentally sending a large amount of traffic can be very damaging to a server, especially for pages that receive millions of views per day.
2. Wasting server resources to generate a page that can never be seen.
3. Potentially corrupting user data. If you track request status via cookies or other means, you may destroy user data. Even though the image request does not return an image, the entire HTTP header is accepted and read by the browser, including all cookies. Although the rest is discarded, damage may have already been done.

The root cause is browser disagreement in handling URIs, which is clearly defined in the RFC 3986 - Uniform Resource Identifiers specification. If the URI is an empty string, it is treated as a relative URI and processed according to the algorithm defined in section 5.2. In practice, Firefox, Safari, and Chrome all process empty strings according to the specifications in section 5.4, while IE does not. It is said that in the older specification RFC 2396 - Uniform Resource Identifiers (obsoleted by RFC 3986), the way browsers handle relative URIs is technically correct. The problem is that in this case, the empty string is clearly unintentional (P.S. rather than some relative URI).

Section 4.8.2 of HTML5 describes the src attribute of the <img> tag, specifying that browsers should no longer send additional requests:

The src attribute must be present, and must contain a valid URL referencing a non-interactive, optionally animated, image resource that is neither paged nor scripted. If the base URI of the element is the same as the document's address, then the src attribute's value must not be the empty string. (P.S. "The src attribute must be present, and must contain a valid URL referencing a non-interactive, optionally animated, image resource that is neither paged nor scripted. If the base URI of the element is the same as the document's address, then the src attribute's value must not be the empty string.")

Hopefully, browsers will not have this problem in the future. Unfortunately, there are no such clauses for <script src=""> and <link href="">. Perhaps there is still time to make adjustments to ensure browsers don't accidentally implement this behavior.

This principle was inspired by Yahoo!'s JavaScript master Nicolas C. Zakas. For more information, please check his article: Empty image src can destroy your site