Slow websites lose customers and hurt conversions. Fortunately, you don’t have to sacrifice performance for security, says Tala CTO Swapnil Bhalode.
Whether you’re a webmaster or a marketer, you know how important website performance is. Your users want a fast experience and if there’s too much friction, they’ll move on:
- The BBC lost 10% of users for every additional second their site took to load.
- 47% of users expect a website to load in two seconds; 40% will abandon it altogether if it takes longer than three.
- 79% of users wouldn’t return to a site that had previously performed poorly for them.
To measure how your JS-based security impacts your web page loading performance, you can use Google Lighthouse Tool. The reasons behind the degraded performance you’ll notice include:
● JS protection code must load first in a synchronous manner. i.e. your webpage’s loading is blocked until the JS code has loaded first.
● Typically, JS-based solutions use Sync XHR to load policy configurations (and loading policy configuration after loading without adequate security controls, can itself be a security issue) Again, this blocks page rendering. Google is working on blocking sync XHRs, for all the good reasons, making this feature of your JS-based security solution problematic.
If you’re using a JS-based security solution, you’re likely to see the following error in Chrome’s console tab:
(Note: this warning will be pointed to the JS file either directly or within the call stack)
It doesn’t have to be this way
Who wouldn’t want to secure their websites with standards developed by the best minds in the business? Vetted and monitored by organizations like W3C and leading figures in the web security community.
Tala’s security policies are directly consumed by the browser - in other words, it becomes part of the native implementation itself, meaning there’s never any performance degradation to the page loading. Tala’s innovative solution ensures that all types of client-side attacks are prevented in real time, without impacting website performance. We do this by automating standards-based security, natively available in every modern browser. This means no overhead and no impact on website performance. Request your free demo today and see how you can make security work with your website performance goals.