Websites (Like Ours) Leveraging Cloudflare CDN Just Got A Boost From HTTP/2!

HTTP/2 Cloudflare SPDY

After more than 15 years, the Hypertext Transfer Protocol (HTTP) has received a long-overdue upgrade. In February 2015, the IETF HTTP Working Group approved HTTP/2 and its associated HPACK specifications. HTTP/2 is based on the SPDY protocol, which was first announced in November 2009 as an internal Góógle project to increase the speed of the web. And while still supporting SPDY, on 3 December 2015 Cloudflare introduced HTTP/2 support for all customers using SSL/TLS connections.

The main focus of both SPDY and HTTP/2 is performance, especially reducing latency as perceived by the end-user while using a browser, with a secondary focus on network and server resource usage. One major benefit of HTTP/2 is its ability to multiplex a single TCP connection from a browser to a website, or in the case of CloudFlare, a reverse proxy

HTTP/2 vs HTTP 1.1

Although HTTP/2 is based on SPDY, it has evolved and incorporated several improvements in the process. Nevertheless, it maintains many SPDY benefits:

  • Multiplexing and concurrency: Several requests can be sent over the same TCP connection, and responses can be received out of order, eliminating the need for multiple connections between the client and the server and reducing head-of-line blocking.
  • Stream dependencies: The client can indicate to the server which resources are more important than others.
  • Header compression: HTTP header size is reduced.
  • Server push: The server can send resources the client has not yet requested.

While the HTTP/2 specification does not require TLS, all major browser vendors have indicated that they will only support HTTP/2 over a TLS (“https://”) connection. And when HTTP/2 is active, you will see a blue lightning bolt icon near the right end of the web page address bar in Firefox or Chrome browsers.

So far, worldwide less than 3% of all website have been upgraded for HTTP/2. But that percentage is increasing daily. You can follow the development and rollout of HTTP/2 at the IETF HTTP Working Group HTTP/2 website or on Twitter @HTTP_2.

P.S. As a nose-thumb to the NSA, HTTP/2 opens every new connection it makes with the word “PRISM“.

Verizon PermaCookies Cannot Penetrate ssRwd™ HSTS Security

Verizon PermaCookies Cannot Penetrate ssRwd™ HSTS Security

Some say the deadly Ebola virus is unstoppable and the privacy-killing UID your ISP may be injecting into your web traffic is unblockable but a Miami web development firm just verified its antidote for one of them.

South Florida-based HTML5/CSS3 mobile web app, secure eCommerce/WordPress website design and jQuery/PHP web development firm WebFL.US recently validated and today announced that business website owners interested in protecting their site visitors from privacy invasion and their customer information exchanges and transactions from unauthorized snooping, personal/financial information collection and smartphone/online activity tracking can rely on their trademarked speedy secure responsive web design methodology ssRwd™ to permanently prevent the permacookies and undo the unoptoutability of the unique identifiers that might be injected into their HTTP headers by Verizon, ATT/AT&T and other Internet service providers large and small.

Earlier this week disclosed that “Verizon Wireless has been subtly altering the web traffic of its wireless customers for the past two years, inserting a string of about 50 letters, numbers, and characters into data flowing between these customers and the websites they visit.” Soon after revealed that ATT/AT&T and other ISPs are engaging in similar activities, quoting security consultant Kenn White as saying: “In AT&T’s case, the code has four parts; only one part changes… It’s like if you were identified by a birth month, a birth year, a birth day, and a zip code, and they remove one of those things… You’d still be able to reasonably track that person with the other three.”

Using those Unique Identifier Headers (UIDHs), ISPs are able to track and collect detailed information on the mobile, tablet, notebook and desktop online activities of their customers which they can sell to advertisers – or possibly serve up without warrant to government agencies. And with these UIDH “permacookies” Verizon, ATT/AT&T and others can accomplish that even if their Internet access subscribers set their web browsers to block all cookies, even if they opt for private browser sessions, even if they opt-in for “Do Not Track”, and even after they log into their accounts and opt-out of all so-called “relevant advertising” programs. To find out if your ISP is using universal identifiers (UIDs) to track you right now, for example, you can click or tap here:

Is your ISP tracking you?

Like most web pages – and websites pasted into native app wrappers so they can be called “mobile apps” – this test page is being served up unencrypted using standard Hypertext Transfer Protocol (HTTP|RFC 2616). And because the transmission is unencrypted, it is vulnerable to ISP UID(H) injections – as well as a host of other potential privacy invasions, malware insertions and hacker attacks. If instead it had been encrypted and transmitted via Hypertext Transfer Protocol Secure (HTTPS|RFC 2818), the ISP header injection scheme would be defeated because UID permacookies cannot pass through the HTTPS transport layer security envelope.

The ssRwd speedy secure responsive web design and web development methodology offered by WebFL.US delivers transfer protocol security in its most impregnable form which is HTTPS Strict Transport Security or HSTS. HSTS not only shields website visitors and mobile app users from unwanted ISP injections, unappreciated malware insertions, unwarranted government surveillance and unrelenting hacker attacks but also enables SPDY, an open network protocol built on HTTPS which can significantly speed up page content delivery and thereby measurably reduce session as well as shopping cart abandonment. Along with speed and security, ssRwd serves up web pages in a fluid, flexible, mobile-friendly responsive web design format that assures proper presentation and optimal user experience cross-browser and multi-platform from the smallest smartphone screen to the largest desktop monitor.

Every visitor to a website designed and developed with ssRwd by WebFL.US is vaccinated against UID permacookie injections for the length of their session. That’s because on delivery every web page on a WebFL.US ssRwd website passes 15 objective tests of speedy secure responsive web design. How does your website measure up? To find out, you can click or tap here:

Do you have a speedy secure responsive web design?

Secure Web Design Miami: Latino Motivational Speaker Opts for ssRwd

Secure Web Design Miami: Latino Motivational Speaker Opts for ssRwd

Secure Web Design Miami: Góógle just announced that websites with HTTPS Strict Transport Security (HSTS) will be receiving search rank preference – and Hispanic motivational speaker Joachim de Posada was quick to see that ssRwd is the place to be.

On 6 August 2014 Góógle forever changed the search engine optimization arena by announcing HTTPS (SSL/TLS) encryption security as a ranking signal, and Latino speaking sensation Joachim de Posada CSPGlobal was among the first to hear it []. His website already had a mobile friendly responsive web design, and now to that South Florida web development firm WebFL.US has added the competitive advantages of HSTS transport security and SPDY page speed optimization [].

Joachim de Posada was declared the Most Distinguished Hispanic Speaker by the Latino Speakers Bureau in 2007, recognized as one of America’s 25 Hot Speakers by the National Speakers Association in 2009, and is considered by many to be the world’s greatest Hispanic speaker. He is also the principal author of four best-selling books and currently co-authoring with his daughter Caroline what he hopes will be his fifth. Having arrived at the summit of both his callings, Dr. Posada continues to keep a keen eye out for new resources that can give him a leg up and keep him at the top of the pyramid:

“Having a mobile-friendly, fully-responsive, speedy and secure website to me is a must because when speaker bureaus contact me they also contact two other speakers, and the one that responds first usually wins the speech,” Dr. Posada explained. “With the ssRwd upgrade Bruce Arnold and WebFL.US just implemented, I expect my web pages to be found faster in the search engines and load faster on all devices. That’s a strategic advantage in any competitive and rapidly-changing environment.”

The acronym ssRwd is short for speedy secure responsive web design and refers to an exclusive WebFL.US methodology that melds SPDY page speed optimization and HSTS strict transport security with cross-platform, multi-browser web development to optimize content presentation for the screen size and capabilities of the requesting device – regardless of whether it be desktop PC or Mac, iPad or iPhone, Android smartphone or Windows touch screen tablet. Websites with ssRwd not only enjoy the the visibility, privacy and integrity benefits of validated HTTPS Strict Transport Security (HSTS) but also avoid the the “double penalty dilemma” faced by businesses employing the deprecated practice of mobile website (m-dot site) redirects []. Drawing on his decades of experience as a sales, marketing and management consultant for some of the world’s largest and most successful corporations, Dr. Posada sees ssRwd from WebFL.US as a must-have for businesses seeking more traffic, a better user experience and higher conversion rates from their websites:

“I strongly advise my colleagues in the speaking business – and all businesses, for that matter – to have a mobile friendly, fully responsive website or blog because if they don’t, they won’t be in business very long. The competition will eat them alive and won’t even spit them out. This has to be seen as an investment in your business not as an expense.”

About Joachim de Posada PsyD CSPGlobal | | 305-220-8398

Joachim de Posada is an internationally acclaimed motivational keynote speaker, consultant, writer and author of several inspirational self-help, self-improvement and success from delayed gratification books. Fluently bilingual in English and Spanish, Dr. Posada has engaged, entertained, educated and enthralled audiences in over 60 countries. His four best-selling books – Keep Your Eye on the Marshmallow, Don’t Gobble the Marshmallow Ever, Don’t Eat the Marshmallow Yet and How to Survive Among Piranhas – have been printed in 20 languages and sold over 4 million copies worldwide.

15 Tests of ssRWD

ssRwd is where you need to be. And if it doesn’t pass these 15 tests it’s not ssRwd!