the maximum acceptable response time to simulate instantaneous behavior • 0.5 to 1 seconds: maximum response time for immediate behavior • 2 to 5 seconds: flow or optimal experience as a state when people experience concentration, absolute absorption in an activity • 5 to 10 seconds: user would still be focused on their task but would become easily distracted 10 seconds as the absolute maximum time of a user’s attention span
law that defines “Just Noticeable Difference” (JND) as the minimum difference in stimulation that a person can detect most of the time. • Fechner applied the law to the measurement of sensations, setting the basis for the science of psychophysics.
known to us as the Weber-Fechner Law. • Practical experiments in psychophysics show that time intervals are prone to a JND of between 7% to 18% on average for shorter periods
• If you are developing a feature that slows down your web page, you could apply the 20% rule to determine whether the performance decrease will be noticed by users at all. • Allowing our code to be a bit slower without harming the user experience is called regression allowance.
seconds. • If 2 seconds is out of reach, the next best solution would be to use the 20% • Rule of regression allowance relative to the competitor’s time: 2 seconds + 20% = 2.4 seconds. But if we cannot achieve 2 seconds, then 2.4 seconds is probably also out of reach.
durations longer than this threshold will be perceived by the user as being closer to 5 seconds. • Time durations shorter than that threshold will be perceived as being closer to 2 seconds. This threshold proved to be predictable and is found at the geometric mean, instead of an arithmetical one. √(2 × 5) ≈ 3.2 seconds
names that are found lower down on the page. • preconnect: This hint is used not only to pre- resolve a domain name, but to initiate a full connection handshake. • prefetch: This hint has the lowest priority and is used to prefetch assets or resources required for future navigation. • prerender: This enables background pre- rendering of an entire page, with all of its assets.
Immediate (0.5–1s): spinners or very basic progress indicator • Optimal experience (1.0-5.0s): optimal indicator would be a class D or a simplified class A indicator – there is no need to draw a user’s attention to additional information. • Attention Span (5-10s): we should show a dynamic indicator of class A or B where the advance of the process is clear.
important metrics other than full-page loading time. • First meaningful paint - the time required for a page to display its primary content • Time to interactive - the time at which a page appears to be ready enough that a user can interact with it Useful Tools: •WebpageTest •Lighthouse by Google •Pagespeed Insights
best to provide feedback in less than 100 milliseconds after initial input. • Each frame of animation should be completed in less than 16 milliseconds, thereby achieving 60 frames per second • Because the browser needs time to paint the new frame to the screen your code should finish executing before hitting the 16.6 milliseconds mark.
should be a start rendering time under 1.0 second and a SpeedIndex value under 1000 (on a fast connection) • For the first meaningful paint, count on 1250 milliseconds at most. • For mobile, a start rendering time under 3 seconds for 3G on a mobile device is acceptable.
of your front-end architecture and deployment is a safe bet • Design and build the core experience first, and then enhance the experience with advanced features for capable browsers
of loading indicators. • Look for modules and techniques to speed up the initial rendering time • Use server-side rendering to get a quick first meaningful paint. • Also include some minimal JavaScript to keep the time-to- interactive close to the first meaningful paint.
cache-control, max-age and other HTTP cache headers have been set properly. • If resources are static, they should be cached indefinitely - you can just change their version in the URL when needed. • If possible, use Cache- control: immutable, designed for fingerprinted static resources, to avoid revalidation * * Support only in Firefox
we have to explicitly tell the browser not to wait and to start rendering the page. • The way to do this for scripts is with the defer and async attributes in HTML • In practice, it turns out we should prefer defer to async • limit the impact of third- party libraries and scripts, especially with social sharing buttons and <iframe> embeds
responsive images with srcset, sizesand the <picture> element • mozJPEG improves the start rendering time by manipulating scan levels • Pingo for PNG, Lossy GIF for GIF and SVGOMG for SVG. For background images, exporting photos from Photoshop with 0 to 10% quality can be absolutely acceptable as well.
fallback right away, and load fonts asynchronously • You might be able to get away with locally installed OS fonts as well. • If you can’t serve fonts from your server and are relying on third-party hosts, make sure to use Web Font Loader
rendering your page as quickly as possible, add critical CSS inline in the <head> of the page. • With HTTP/2, critical CSS could be stored in a separate CSS file and delivered via a server push without bloating the HTML.
Requests • Use a Content Delivery Network • Add an Expires Header • Gzip Components • Put Stylesheets at the Top • Put Scripts at the Bottom • Avoid CSS Expressions • Make JavaScript and CSS External • Reduce DNS Lookups • Minify JavaScript • Avoid Redirects • Remove Duplicate Scripts • Configure ETags • Make AJAX Cacheable
injection attack • Occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. • Most commonly using a script in JS. • Two Type : Reflected, Persistent
• Browsers inspect the contents while ignoring the content type header. • This might open XSS vulnerability. • X-Content-Type-Options overrides the default browser behaviour.
cookies that you should be aware of. • secure; will only be served over HTTPS only • HttpOnly; prevents js from accessing cookies • SameSite; helps defend against CSRF attacks.
gauravverma
maimyyym
cmusudakeisuke
atsushii
16bitidol
techiro
lycorp_recruit_jp
re_taro
ryder472
oracle4engineer
bbrbbq
salaboy
sadnessojisan
sferik
pauljervisheath
aki_iinuma
skipperchong
csswizardry
tammyeverts
sonatard
lara
nonsquared
eileencodes
addyosmani
productmarketing
