Table of Contents for
Security and Frontend Performance

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Security and Frontend Performance by Sabrina Burney Published by O'Reilly Media, Inc., 2017
  1. nav
  2. Cover
  3. Free ebooks and reports
  4. Security and Frontend Performance
  5. Security and Frontend Performance
  6. 1. Understanding the Problem
  7. 2. HTTP Strict-Transport-Security
  8. 3. iFrame and Content‑Security‑Policy
  9. 4. Web Linking
  10. 5. Obfuscation
  11. 6. Service Workers: An Introduction
  12. 7. Service Workers: Analytics Monitoring
  13. 8. Service Workers: Control Third Party Content
  14. 9. Service Workers: Other Applications
  15. 10. Summary
  16. About the Authors

Chapter 10. Summary

Throughout this book, we have learned that a performance solution can be a security solution and a security solution can, in fact, be a performance solution. In the past and up until now, the majority of the focus has been on improving conditions at the origin, by looking at web infrastructure. Additionally, certain performance improvement techniques have been found to compromise security and vice versa, certain security techniques have been found to compromise performance. This is mainly due to business needs. End users demand an optimal browsing experience and they will continue to demand even faster and more secure browsing experiences. That being said, we need to develop solutions that help bridge the gap between security and performance, by bringing the focus to the browser.

We have discussed major trends and prominent issues, including the concept of single point of failure as well as the possibility of delivering compromised content to end users. As developers, it is important to recognize when these situations can occur so that we can better adapt our sites to handle unexpected behavior.

Much of the focus of this book has been on third party content due to the fact that third party providers are becoming increasingly popular as they are able to offload much of the work from companies’ origin web infrastructures. End users are exposed to the many different risks mentioned throughout this book due to this, so we can see how the concept of bridging the gap at the browser is becoming increasingly important.

What Did We Learn?

Over the course of this book, we have explored several existing techniques as well as newer technologies to help achieve an optimal frontend experience that is also secure. Keep these simple yet powerful points in mind:

  • Avoid the HTTP→HTTPS redirect on every page request!

    • Use the HTTP Strict-Transport-Security technique to cache these redirects and potentially configure browser preload lists to continue enforcing an initial secure connection.

  • Protect your sites from third party vulnerabilities

    • Sandbox, sandbox, sandbox….and srcdoc! Utilize the new <iframe> directives introduced in HTML5 and corresponding Content-Security-Policy directives to better address third party concerns.

    • Explore the latest on referrer policies. While still experimental, adopting these practices in your sites will better ensure privacy for your end users.

  • Improve content delivery in a secure way

    • Consider pairing preload and prefetch web linking techniques with Content-Security-Policy to gain a security enhancement in addition to a frontend optimization technique.

    • Deter attackers that target your vendor content by obfuscating the sources in an optimal way.

  • Explore service workers!

    • While still considered new, explore the latest with service workers as they can be powerful especially when bringing security and performance enhancements to the browser.

    • Service workers provide more control including geo content control and input validation methods, as well as monitoring third party content (analytics code, ad content, etc.).

Last Thoughts

Remember to enhance techniques that exist today using the methods described throughout this book. Additionally, stay up-to-date with the latest technologies and look for newer ways to bring a secure and optimal experience to the end user.

While security can be a vague term, there are many different areas that are often dismissed. Origin web security is usually the focus, but it is important to consider the different flavors of security including privacy for end users, as well as the ability to conceal information from potentially malicious end users.

Compromising security for a performance solution and vice versa is no longer an option given the latest trends. Let’s continue thinking about solutions that provide benefits in both areas as the need continues to increase.