Can Third-Party Scripts Take Down Your Entire Site?

•

6 likes•6,205 views

Do you know how many third-party scripts your pages are currently running? And do you know how many of those scripts are affecting your site's performance — either by slowing down page rendering or by potentially blocking the entire page? If you don't know the answer to these questions, you're not alone. The rampant proliferation of third-party scripts makes them difficult to manage and control. In this presentation, you'll walk through a process for testing the scripts on your pages to see which ones represent a SPOF. We'll also review an 11-step plan for bullet-proofing your site against third-party failure. For more on web performance and application delivery, please visit: http://blog.radware.com/applicationdelivery/applicationaccelerationoptimization/

Technology Education

Can Third-Party Scripts
Take Down Your
Entire Site?
Tammy Everts
O’Reilly Webcast – June 4, 2014

Conversions
Ad revenue
Page views
Visitor data
No need to re-invent the wheel
Quick and easy
Established
Support
Slide 2

Third-party calls can make up
>50% of page requests.
Slide 3
Steve Souders: http://www.fastly.com/blog/steve-souders-webperf-web-components/

Third-party scripts present risks to your pages
and to your users:
Outages
Slowdowns
Security (?)
Slide 7

Increase page weight
Increase number of hosts and connections
Introduce additional latency
Slide 10

Wait… what the heck is a
fourth-party call?
Slide 12

Slide 13
http://www.webperformancetoday.com/2011/07/14/fourth-party-calls-third-party-content/

• Identify all third-party scripts
• Know which pages they’re on
• Find out what performance best
practices, if any, each script uses
(e.g., deferral, async loading)
• Read the SLA for each provider (if they
have one)
Slide 16

http://www.webperformancetoday.com/2014/03/18/waterfalls-101-how-to-use-a-waterfall-chart-to-diagnose-
performance-pains/
Slide 19

The old, painful way:
http://www.webperformancetoday.com/2011/10/13/how-
vulnerable-is-your-site-to-third-party-failure/
Slide 23

Slide 24
The new, better way:
https://chrome.google.com/webstore/search/spof-o-matic

https://www.optimizely.com/security
Slide 34

Blackhole test results fall into one of three groups:
1. SPOF page loads SLOWER than original page
Fix: Deferral or async script
2. SPOF page loads FASTER than original page
Fix: Talk to provider about script hosting
3. SPOF page times out.
Fix: Same as #1
Slide 38

3. Before you add a new script, research
the provider.

• Response time and time to last byte
• RT and TTLB from multiple locations
• Average monthly downtime
• Do they use a CDN?
• If so, where are their caches located?
Slide 40

4. Read the provider’s
service level agreement.

An ideal third-party SLA should:
• Express monthly annual uptime guarantee as a percentage
(ideally, as close to 100% as possible)
• Explain how performance will be monitored and reported
• Describe the process for reimbursing site owners (if site owners
are paying for the service provided by the script) if uptime drops
below the SLA guarantee
Slide 42

2-second slowdown = 14% conversion loss
But…
…if that same tool promises a 20% conversion increase,
that = a net gain of 6%
Slide 46

Pro: It’s a relatively easy fix.
Con: It won’t work for all content.
Slide 51

Slide 56
Pro:
Doesn’t block primary content.
Cons:
Can be tricky to program.
Can mess up onLoad and make it difficult
to see other problems.

http://www.stevesouders.com/blog/2009/04/27/loading-scripts-without-blocking/
Slide 57

Slide 58
http://calendar.perfplanet.com/2011/the-art-and-craft-of-the-async-snippet/

RUM/APM
Tag management systems
SPOF-o-matic
No excuses.
Slide 60

Tammy Everts
tammye@radware.com
webperformancetoday.com
twitter.com/tameverts
Slide 66
Questions?

Viewers also liked

Accu 15

OlivierGh

#ACCU2015 Conférence annuelle utilisateurs Claroline Connect 06 mai 2105 #ClaCo

Thierry Koscielniak

Slow pages hurt mobile user metrics, from bounce rate to online revenues and long-term user retention. At Radware, we wanted to understand the science behind this, so we engaged in the first documented study of the neurological impact of poor performance on mobile users. Your takeaway from this presentation is hard data that you can use to make a case for investing in mobile performance in your organization. Based on similar research performed on desktop users, our study involved using a groundbreaking combination of eyetracking and electroencephalography (EEG) technologies to monitor brain wave activity in a group of mobile users who were asked to perform a series of online transactions via mobile devices. In our study, participants were asked to complete standardized shopping tasks on four ecommerce sites while using a smartphone. We studied participants during these tasks, both at the normal speed over Wifi and also at a consistently slowed-down speed (using software that allowed us to create a 500ms network delay). The participants did not know that speed was a factor in the tests; rather, they believed that they were participating in a generic usability/brand perception study. From the data, we were able to extract measures of frustration and emotional engagement for the browsing and checkout stages of both the normal and slowed-down versions of all four sites. This presentation, shared by Radware Web Performance Evangelist Tammy Everts at the 2014 Velocity Conference and the CMG Performance and Capacity 2014 Conference, provides a deeper understanding of the impact of performance on mobile users. For even more on the research, you can also download it here: http://www.radware.com/mobile-eeg2013/

Mobile Web Stress: Understanding the Neurological Impact of Poor Performance

Radware

Publier des videos sur Youtube

Gilles Le Page

What Young Adults Need to Know About Money-03-16

Barbara O'Neill

Social media presence

Rolando Unda

Rowe rcs4000 rcs6000-rcs8000-rcs9000

uzburo

Chi ha trasformato l’appello al popolo in una mozione di sfiducia alla democr...

Carlo Favaretti

Viewers also liked (8)

Accu 15

#ACCU2015 Conférence annuelle utilisateurs Claroline Connect 06 mai 2105 #ClaCo

Mobile Web Stress: Understanding the Neurological Impact of Poor Performance

Publier des videos sur Youtube

What Young Adults Need to Know About Money-03-16

Social media presence

Rowe rcs4000 rcs6000-rcs8000-rcs9000

Chi ha trasformato l’appello al popolo in una mozione di sfiducia alla democr...

More from Radware

Cyber Security Through the Eyes of the C-Suite (Infographic)

Radware

What’s the Cost of a Cyber Attack (Infographic)

Radware

DDoS Threat Landscape - Ron Winward CHINOG16

Radware

Radware Cloud Security Services

Radware

Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)

Radware

The enterprise perimeter is disappearing. Migration to the cloud means a more distributed network infrastructure. Transition of web based applications to the cloud renders on premise mitigation tools ineffective against web attacks and requires organizations to protect applications both on premise and in-the-cloud. Introducing Radware's Hybrid Cloud WAF Service - a fully-managed, always on service that integrates cloud-based with on premise protection against a broad range of attack vectors. Visit here http://www.radware.com/social/hybridcloudwaf/ to read "The Dawn of Hybrid Cloud WAF" and to learn how the industry's first hybrid cloud-based WAF service addresses today's most challenging web-based cyber-attacks.

Radware Hybrid Cloud WAF Service

Radware

When it Comes to ADCs, Perception is Not Reality. The Enterprise Strategy Group and Radware recently conducted a collaborative research project about the current use and future strategies of application delivery controllers (ADCs). Based on a survey of 243 IT professionals, the research reveals that the role of ADCs has expanded well beyond the historical perception of hardware-based load balancers. What’s most interesting is that ADCs are becoming a critical component of a defense-in-depth security strategy as enterprises fine-tune security policy and enforcement to align with their sensitive business applications. Organizations are also deploying ADCs as virtual appliances at an increasing rate and taking advantage of ADC functionality from the network through the application layer. There is a lesson to be learned here: enterprise organizations can get creative with ADC deployments for performance tuning, application-specific services, and critical system protection. Read this research http://www.radware.com/social/esg-adc-research/ to understand the benefits of applying ADCs in this fashion.

The Expanding Role and Importance of Application Delivery Controllers [Resear...

Radware

With cyber-attacks becoming a growing concern for organizations, availability-based attacks, also known as Denial of Service or Distributed Denial of Service attacks, have long moved from a form of cyber protest to a destructive weapon that is used by cyber criminals, hacktivists and even governments. In 2013 we saw a growing use of a new type of attack where attackers used legitimate transactions to saturate application servers’ resources. In this presentation, Security Expert Werner Thalmeier demonstrates how such an advanced attack can be created from a laptop running in an anonymous public WiFi network. He also evaluates the attack landscape and its impact on organizations as well as shares the best practices to protect against such cyber-attacks. Understand the current availability-based threat landscape and learn about new types of cyber-attacks that are being used to saturate resources. For more information on the state of Application and Network Security, please visit: http://www.radware.com/ert-report-2013/

The Art of Cyber War [From Black Hat Brazil 2014]

Radware

The Cyber Attack landscape is evolving with new attack vectors and dangerous trends that can affect the security of your business. Some attacks can take only minutes to complete, yet months to be discovered. Determine your attack risk and learn what to look for in a quality cyber attack defense. Please visit here: http://www.radware.com/social/amn/ for information on Radware's AMN (Attack Mitigation Network.

Cyber Attack Survival: Are You Ready?

Radware

An Important Notice About Shellshock Bash Protection Since the news about “Shellshock Bash” vulnerabilities came out, we have been working around the clock to ensure our customers and partners are getting the best solutions from us. We have published this Shellshock Security Advisory, which will help protect your business with: • Two IPS signatures that can be used by DefensePro to block the vulnerability • Recommendations provided by Radware’s Emergency Response Team (ERT) that can be applied immediately • Recommended reference sources and vendor information Radware's team of cyber-security experts is available to our customers, 24/7. Contact us if you require immediate support for this vulnerability. We assure you that we continue to closely monitor the situation in order to ensure we provide you with the best cyber-attack protection mechanisms.

Radware ERT Threat Alert: Shellshock Bash

Radware

Is the world in the midst of a cyber-war? If so, what are the implications? In this presentation Carl Herberger, Radware's VP of Security Solutions, explores some of the most notable recent cyber-attacks and how many of the findings correlate with the tenets of warfare as defined in The Art of War by Sun Tzu, the ancient military general, strategist and tactician. How should organizations be preparing for an information security landscape that is shaped by ideologically motivated cyber warfare rather than just opportunistic cyber-crime? Learn the techniques being employed to safeguard IT operations in a theatre that is witnessing ever more sophisticated attacks. For more on how to help detect, mitigate and win this cyber war battle, visit here: http://www.radware.com/ert-report-2013/ to download the 2013 Global Application and Network Security Report.

The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre

Radware

This is your brain. This is your brain on a mobile site with throughput throttled just enough to frustrate the heck out of you. This is your brain thinking about all the tests you could run if you had your own lightweight, wireless EEG braincap to directly but passively monitor brain activity in your customers as they interact with your digital assets. From the eMetrics Conference in Chicago, Radware Evangelist Tammy Everts describes a mobile web stress test conducted to gauge the impact of network speed on emotional engagement and brand perception. Neural marketing has escaped the lab and has found its way into practical applications. For even more on the web stress tests, please visit: http://www.radware.com/mobile-eeg2013/

Emotional Engagement and Brand Perception

Radware

InfoSecurity Europe 2014: The Art Of Cyber War

Radware

Why would you want to have an open source driver? Samuel Bercovici, Radware's Director of Automation & Cloud Integration, answers this and offers an introduction to Drivers in Havana in this presentation from his recent appearance at OpenStack Israel. Read more in our Press Release: http://www.radware.com/NewsEvents/PressReleases/Radware-Alteon-Provides-Load-Balancing-for-OpenStack-Cloud-Applications/

OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...

Radware

SecureWorld St. Louis: Survival in an Evolving Threat Landscape

Radware

In the Line of Fire - The Morphology of Cyber-Attacks

Radware

Survival in an Evolving Threat Landscape

Radware

In the Line of Fire-the Morphology of Cyber Attacks

Radware

In the Line of Fire-the Morphology of Cyber Attacks

Radware

Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security

Radware

More from Radware (20)

Cyber Security Through the Eyes of the C-Suite (Infographic)

What’s the Cost of a Cyber Attack (Infographic)

DDoS Threat Landscape - Ron Winward CHINOG16

Radware Cloud Security Services

Radware 2016 State of the Union: Multi Industry Web Performance (Desktop)

Radware Hybrid Cloud WAF Service

The Expanding Role and Importance of Application Delivery Controllers [Resear...

The Art of Cyber War [From Black Hat Brazil 2014]

Cyber Attack Survival: Are You Ready?

Radware ERT Threat Alert: Shellshock Bash

The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre

Emotional Engagement and Brand Perception

InfoSecurity Europe 2014: The Art Of Cyber War

OpenStack Networking: Developing and Delivering a Commercial Solution for Lo...

SecureWorld St. Louis: Survival in an Evolving Threat Landscape

In the Line of Fire - The Morphology of Cyber-Attacks

Survival in an Evolving Threat Landscape

In the Line of Fire-the Morphology of Cyber Attacks

Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security

Recently uploaded

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

Choosing the right accounts payable services provider is a strategic decision that can significantly impact your business's financial performance and operational efficiency. By considering factors such as expertise, range of services, technology infrastructure, scalability, cost, and reputation, businesses can make informed decisions and select a provider that aligns with their unique needs and objectives. Partnering with the right provider can streamline accounts payable processes, drive cost savings, and position your business for long-term success. https://katprotech.com/accounts-payable-and-purchase-order-automation/

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

Katpro Technologies

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

CNv6 Instructor Chapter 6 Quality of Service

giselly40

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

A Call to Action for Generative AI in 2024

Results

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Artificial Intelligence: Facts and Myths

Advantages of Hiring UIUX Design Service Providers for Your Business

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

Presentation on how to chat with PDF using ChatGPT code interpreter

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Finology Group – Insurtech Innovation Award 2024

CNv6 Instructor Chapter 6 Quality of Service

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

GenCyber Cyber Security Day Presentation

Axa Assurance Maroc - Insurer Innovation Award 2024

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

What Are The Drone Anti-jamming Systems Technology?

A Call to Action for Generative AI in 2024

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

08448380779 Call Girls In Civil Lines Women Seeking Men

Powerful Google developer tools for immediate impact! (2023-24 C)

🐬 The future of MySQL is Postgres 🐘

08448380779 Call Girls In Friends Colony Women Seeking Men

Can Third-Party Scripts Take Down Your Entire Site?

1. Can Third-Party Scripts Take Down Your Entire Site? Tammy Everts O’Reilly Webcast – June 4, 2014

2. Conversions Ad revenue Page views Visitor data No need to re-invent the wheel Quick and easy Established Support Slide 2

3. Third-party calls can make up >50% of page requests. Slide 3 Steve Souders: http://www.fastly.com/blog/steve-souders-webperf-web-components/

4. Slide 4

5. Slide 5

6. Slide 6

7. Third-party scripts present risks to your pages and to your users: Outages Slowdowns Security (?) Slide 7

8. Slide 8

9. Slide 9

10. Increase page weight Increase number of hosts and connections Introduce additional latency Slide 10

11. Slide 11 832ms 1.788s918ms

12. Wait… what the heck is a fourth-party call? Slide 12

13. Slide 13 http://www.webperformancetoday.com/2011/07/14/fourth-party-calls-third-party-content/

14. Slide 14

15. 1. Audit your third-party scripts.

16. • Identify all third-party scripts • Know which pages they’re on • Find out what performance best practices, if any, each script uses (e.g., deferral, async loading) • Read the SLA for each provider (if they have one) Slide 16

17. Slide 17 http://www.webpagetest.org

18. Slide 18

19. http://www.webperformancetoday.com/2014/03/18/waterfalls-101-how-to-use-a-waterfall-chart-to-diagnose- performance-pains/ Slide 19

20. Slide 20

21. Slide 21

22. 2. Test for SPOFs.

23. The old, painful way: http://www.webperformancetoday.com/2011/10/13/how- vulnerable-is-your-site-to-third-party-failure/ Slide 23

24. Slide 24 The new, better way: https://chrome.google.com/webstore/search/spof-o-matic

25. Slide 25

26. Slide 26

27. Slide 27

28. Slide 28 SPOF: 22.7s Original: 3.5s

29. Slide 29

30. Slide 30

31. Slide 31

32. Slide 32

33. Slide 33 Original SPOF

34. https://www.optimizely.com/security Slide 34

35. Slide 35

36. Slide 36

37. Slide 37 Original SPOF

38. Blackhole test results fall into one of three groups: 1. SPOF page loads SLOWER than original page Fix: Deferral or async script 2. SPOF page loads FASTER than original page Fix: Talk to provider about script hosting 3. SPOF page times out. Fix: Same as #1 Slide 38

39. 3. Before you add a new script, research the provider.

40. • Response time and time to last byte • RT and TTLB from multiple locations • Average monthly downtime • Do they use a CDN? • If so, where are their caches located? Slide 40

41. 4. Read the provider’s service level agreement.

42. An ideal third-party SLA should: • Express monthly annual uptime guarantee as a percentage (ideally, as close to 100% as possible) • Explain how performance will be monitored and reported • Describe the process for reimbursing site owners (if site owners are paying for the service provided by the script) if uptime drops below the SLA guarantee Slide 42

43. 5. Perform a cost-benefit analysis.

44. Slide 44

45. Slide 45

46. 2-second slowdown = 14% conversion loss But… …if that same tool promises a 20% conversion increase, that = a net gain of 6% Slide 46

47. 6. Be ready to say no.

48. Slide 48

49. 7. Defer scripts whenever possible.

50. Slide 50

51. Pro: It’s a relatively easy fix. Con: It won’t work for all content. Slide 51

52. Slide 52

53. 8. Use asynchronous scripts.

54. Slide 54