Performance Cheat Sheet

This is an overview of all of the performance related topics I've covered and things that you should look at it if you want to make your site go faster.


PageSpeed

PageSpeed is an open-source webserver module that is designed specifically to improve the performance of your site without having to make any changes to your content or workflow. By implementing a whole host of best practises, I saw a notable improvement in page load time by simply running the default config.

Article: PageSpeed - Performance optimisation made easy


Brotli Compression

Brotli is a new type of compression that can compress better than gzip in a lot of circumstances. You can also support static compression to reduce the burden of compressing assets on the fly. Smaller payloads mean faster transfers!

Article: Brotli Compression


HTTP/2

The new version of the HTTP protocol allows us to remove a lot of the old performance 'hacks' we used in the past to go faster. We can now get considerably better performance without all of the overhead by upgrading to support HTTP/2.

Article: HTTP/2 is here!


ChaCha20-Poly1305

ChaCha20 is a a very fast cipher and has a significant performance advantage over AES when implemented in software. This means that devices that don't have hardware AES acceleration, typically mobile devices, will see a ~200% increase in performance when using ChaCha20.

Article: Doing the ChaCha with Nginx


Caching

My blog is running Ghost as my blogging platform and as fast as Node is, it was dynamically generating every page when a visitor requested it. This is a bit of a waste of resources and was an unnecessary overhead. I setup caching in Nginx to serve my pages faster.

Article: Caching Ghost with Nginx


HSTS

When serving over HTTPS, most sites will use a 301 to redirect HTTP to HTTPS. This adds a redirect on the initial page load which can be avoided using HTTP Strict Transport Security. This increases the speed of the initial page load and has some nice security benefits too. You should also check out preloading and my cheat sheet.

Article: HSTS - The missing link in Transport Layer Security


ECDSA

The majority of sites on the web use RSA keys because they've been around the longest and are the current default. ECDSA keys offer much faster performance and most clients can support them. I did some testing on ECDSA certificates and you can support both at the same time for the best of backwards compatibility and performance.

Article: Hybrid RSA and ECDSA certificates with NginX


OCSP Stapling

The Online Certificate Status Protocol is used to check the revocation status of a certificate. The browser makes a request to the CA to check the status of the certificate, an OCSP request, and the CA responds with an OCSP response saying the certificate is valid or revoked. This puts a burden on the client to do a DNS lookup for the CA and then the overhead of the OCSP request and also leaks the site that the client is visiting to the CA, which is a huge privacy issue. To solve this problem, OCSP Stapling was created. When OCSP Stapling is setup, the server will do the OCSP request and then cache the OCSP response on the server. It will then 'staple' this to the certificate and send it to the client, removing the performance burden and privacy issues.

Article: OCSP Stapling; SSL with added speed and privacy


Misc

I wrote an article about a few micro-optimisations I made to my site that just goes to show there are often things you can optimise that get overlooked. It probably didn't result in a huge increase in performance but several small changes like this can soon mount up.

Article: Micro-optimisation for fun!