Category Archives: Web Development Miami

Websites (Like Ours) Leveraging Cloudflare CDN Just Got A Boost From HTTP/2!

HTTP/2 Cloudflare SPDY

After more than 15 years, the Hypertext Transfer Protocol (HTTP) has received a long-overdue upgrade. In February 2015, the IETF HTTP Working Group approved HTTP/2 and its associated HPACK specifications. HTTP/2 is based on the SPDY protocol, which was first announced in November 2009 as an internal Góógle project to increase the speed of the web. And while still supporting SPDY, on 3 December 2015 Cloudflare introduced HTTP/2 support for all customers using SSL/TLS connections.

The main focus of both SPDY and HTTP/2 is performance, especially reducing latency as perceived by the end-user while using a browser, with a secondary focus on network and server resource usage. One major benefit of HTTP/2 is its ability to multiplex a single TCP connection from a browser to a website, or in the case of CloudFlare, a reverse proxy

HTTP/2 vs HTTP 1.1

Although HTTP/2 is based on SPDY, it has evolved and incorporated several improvements in the process. Nevertheless, it maintains many SPDY benefits:

  • Multiplexing and concurrency: Several requests can be sent over the same TCP connection, and responses can be received out of order, eliminating the need for multiple connections between the client and the server and reducing head-of-line blocking.
  • Stream dependencies: The client can indicate to the server which resources are more important than others.
  • Header compression: HTTP header size is reduced.
  • Server push: The server can send resources the client has not yet requested.

While the HTTP/2 specification does not require TLS, all major browser vendors have indicated that they will only support HTTP/2 over a TLS (“https://”) connection. And when HTTP/2 is active, you will see a blue lightning bolt icon near the right end of the web page address bar in Firefox or Chrome browsers.

So far, worldwide less than 3% of all website have been upgraded for HTTP/2. But that percentage is increasing daily. You can follow the development and rollout of HTTP/2 at the IETF HTTP Working Group HTTP/2 website or on Twitter @HTTP_2.

P.S. As a nose-thumb to the NSA, HTTP/2 opens every new connection it makes with the word “PRISM“.

Verizon PermaCookies Cannot Penetrate ssRwd™ HSTS Security

Verizon PermaCookies Cannot Penetrate ssRwd™ HSTS Security

Some say the deadly Ebola virus is unstoppable and the privacy-killing UID your ISP may be injecting into your web traffic is unblockable but a Miami web development firm just verified its antidote for one of them.

South Florida-based HTML5/CSS3 mobile web app, secure eCommerce/WordPress website design and jQuery/PHP web development firm WebFL.US recently validated and today announced that business website owners interested in protecting their site visitors from privacy invasion and their customer information exchanges and transactions from unauthorized snooping, personal/financial information collection and smartphone/online activity tracking can rely on their trademarked speedy secure responsive web design methodology ssRwd™ to permanently prevent the permacookies and undo the unoptoutability of the unique identifiers that might be injected into their HTTP headers by Verizon, ATT/AT&T and other Internet service providers large and small.

Earlier this week Wired.com disclosed that “Verizon Wireless has been subtly altering the web traffic of its wireless customers for the past two years, inserting a string of about 50 letters, numbers, and characters into data flowing between these customers and the websites they visit.” Soon after Forbes.com revealed that ATT/AT&T and other ISPs are engaging in similar activities, quoting security consultant Kenn White as saying: “In AT&T’s case, the code has four parts; only one part changes… It’s like if you were identified by a birth month, a birth year, a birth day, and a zip code, and they remove one of those things… You’d still be able to reasonably track that person with the other three.”

Using those Unique Identifier Headers (UIDHs), ISPs are able to track and collect detailed information on the mobile, tablet, notebook and desktop online activities of their customers which they can sell to advertisers – or possibly serve up without warrant to government agencies. And with these UIDH “permacookies” Verizon, ATT/AT&T and others can accomplish that even if their Internet access subscribers set their web browsers to block all cookies, even if they opt for private browser sessions, even if they opt-in for “Do Not Track”, and even after they log into their accounts and opt-out of all so-called “relevant advertising” programs. To find out if your ISP is using universal identifiers (UIDs) to track you right now, for example, you can click or tap here:

Is your ISP tracking you?

Like most web pages – and websites pasted into native app wrappers so they can be called “mobile apps” – this test page is being served up unencrypted using standard Hypertext Transfer Protocol (HTTP|RFC 2616). And because the transmission is unencrypted, it is vulnerable to ISP UID(H) injections – as well as a host of other potential privacy invasions, malware insertions and hacker attacks. If instead it had been encrypted and transmitted via Hypertext Transfer Protocol Secure (HTTPS|RFC 2818), the ISP header injection scheme would be defeated because UID permacookies cannot pass through the HTTPS transport layer security envelope.

The ssRwd speedy secure responsive web design and web development methodology offered by WebFL.US delivers transfer protocol security in its most impregnable form which is HTTPS Strict Transport Security or HSTS. HSTS not only shields website visitors and mobile app users from unwanted ISP injections, unappreciated malware insertions, unwarranted government surveillance and unrelenting hacker attacks but also enables SPDY, an open network protocol built on HTTPS which can significantly speed up page content delivery and thereby measurably reduce session as well as shopping cart abandonment. Along with speed and security, ssRwd serves up web pages in a fluid, flexible, mobile-friendly responsive web design format that assures proper presentation and optimal user experience cross-browser and multi-platform from the smallest smartphone screen to the largest desktop monitor.

Every visitor to a website designed and developed with ssRwd by WebFL.US is vaccinated against UID permacookie injections for the length of their session. That’s because on delivery every web page on a WebFL.US ssRwd website passes 15 objective tests of speedy secure responsive web design. How does your website measure up? To find out, you can click or tap here:

Do you have a speedy secure responsive web design?

SS rwd or #ssRwd, It’s All About Performance

SS rwd or #ssRwd, It's All About Performance

The 2014 Chevy SS with rear-wheel drive is all about performance. So is speedy secure responsive web design.

The “Web” and “Mobile Web” are now one and the same. Web pages that cannot accommodate smartphone/tablet as well as notebook/desktop browsers are obsolete. So are mobile website redirects and websites in app wrappers. Especially for small to medium sized businesses, mobile-friendly responsive web design (“RWD”) is now a strategic web development requirement and mandatory for minimizing web applications and maintenance costs, optimizing search visibility and user experience, and maximizing web marketing traffic and conversion ROI.

RWD leverages device-aware and device-agnostic web development technologies to eliminate the need for redundant “full” and “mobile” websites by using flexible grids and fluid formats to optimize content presentation for the screen size and capabilities of the requesting device – regardless of whether it be a desktop PC or Mac, iPad or iPhone, Android smartphone or Windows touch screen tablet. This results in a better user experience for which search engines like Góógle, Bíng, Yáhoo and tracking-free DuckDuckGo reward the web page with better placement.

Page speed (how long it takes a web page to download) is another user experience factor now heavily weighted in major search engine ranking algorithms – and for good reason: On the Web as elsewhere, time is money and knowing when to trade one for the other is how you win. According to GlobalDots research, Shopzilla reduced average page load time by 4.8 seconds and increased sales by 12%; Amazon pockets a 1% revenue increase for every 100ms of page load improvement; and Mozilla got 60 million more Firefox downloads per year after making their pages 2.2 seconds faster.

Today’s web surfers are busy people with short attention spans – and that goes double for our ever-growing base of on-the-go mobile users. Fast-loading pages and streamlined transactions complete favorable search experiences while staring at “Loading…” spinners often ends with the reverse. Consequently, slower sites suffer higher page visit and shopping cart abandonment rates while SPEEDY sites enjoy higher search rankings and more eCommerce/mCommerce sales conversions.

Faster page loads also mean faster searches … which means users have time to run more searches … which means Góógle can run more ads and make more money. This is perhaps the primary reason that Dont’t be Evil Góógle loves speedy websites – so much so that they came up with SPDY. SPDY (pronounced “speedy”) is an open networking protocol that can significantly accelerate website performance by reducing latency. It requires SSL/TLS encryption to avoid incompatibility when communicating across a proxy so to leverage SPDY a website must also be SECURE.

Websites with SSL/TLS enjoy significant operating and marketing advantages – especially if they fully implement HTTPS Strict Transport Security. HSTS not only enables SPDY but also helps protect you and your website visitors from malicious hackers, ISP and other third-party snoopers, and unwarranted government surveillance (#HelloNSA). Concerns over Internet privacy and the confidentiality of personal information are at an all-time high. And with Baby Boomers especially, websites that are proactive about Internet security will be their preferred product vendors and service providers.

SS rwd or #ssRwd, it’s all about PERFORMANCE.

Speedy secure responsive web design is where you need to be. Hop in and let WebFL.US take you there!