<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom"><title>Peakhour.IO - CDN</title><link href="https://www.peakhour.io/" rel="alternate"></link><link href="https://www.peakhour.io/feeds/tag/cdn.atom.xml" rel="self"></link><id>https://www.peakhour.io/</id><updated>2025-11-18T21:00:00+11:00</updated><entry><title>Cloudflare outage proves Plan B depends on controlling DNS</title><link href="https://www.peakhour.io/blog/cloudflare-outage-dns-plan-b/" rel="alternate"></link><published>2025-11-18T21:00:00+11:00</published><updated>2025-11-18T21:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2025-11-18:/blog/cloudflare-outage-dns-plan-b/</id><summary type="html">&lt;p&gt;Tuesday’s Cloudflare incident reminded everyone that you can’t execute a Plan B if your DNS knobs are trapped behind the provider that’s failing. Here’s how Peakhour runs a detect-decide-divert playbook without touching your existing third-party DNS vendors.&lt;/p&gt;</summary><content type="html">&lt;p&gt;On Tuesday, 18 November 2025, Cloudflare’s own status page marked every major service—CDN, Firewall, WARP, Workers, and the dashboard—as degraded for most of the day while engineers worked through an internal control-plane failure. The timeline moved from “Investigating” at 11:48 UTC to “Monitoring” after 14:42 UTC, and the incident wasn’t officially resolved until 19:28 UTC. During the worst of it, Cloudflare disabled WARP in London, bot scores seesawed, and customers were told to wait while remediation continued.&lt;/p&gt;
&lt;p&gt;Waiting was the only option for many teams because their Plan B lived behind the same dashboard that was timing out. The top comment on the Hacker News thread was a set of &lt;code&gt;curl&lt;/code&gt; commands for moving domains off Cloudflare’s proxy edge. Admins were stuck in 2FA flows trying to fetch an API token, or searching for Terraform credentials so they could toggle a proxied flag. That is not a resilience strategy.&lt;/p&gt;
&lt;p&gt;We learned this lesson the hard way—and wrote about it after the 2021 Fastly outage in &lt;a href="/blog/fastly-outage-how-to-have-a-plan-b"&gt;How to have a Plan B&lt;/a&gt;. The rule still stands: the platform you are trying to leave cannot be the only place that can change where your DNS points.&lt;/p&gt;
&lt;h2&gt;Detect: understand what’s actually broken&lt;/h2&gt;
&lt;p&gt;Incidents like Tuesday’s change shape quickly. Cloudflare’s own feed showed different failure domains every 30 minutes: bot management, dashboard auth, Access, WARP. The first mile is impartial telemetry that tells you what your users feel, not what the provider thinks. At Peakhour we stream real user monitoring, synthetic checks, and control-plane health from multiple CDNs and DNS partners. That lets us distinguish “cache errors in Hong Kong” from “global auth outage” and choose the right lever.&lt;/p&gt;
&lt;h2&gt;Decide: keep DNS authority in neutral territory&lt;/h2&gt;
&lt;p&gt;When your domain delegation lives with agnostic providers—Route 53, NS1, Azure DNS, or the enterprise registrar your legal team already approved—you can make failover decisions without pleading with a failing control plane. Peakhour doesn’t replace those vendors; we orchestrate them. We set short-but-safe TTLs, keep secondary answers staged, and continuously audit API access so we can flip traffic with one signed request. The minute you outsource DNS authority to a proxy CDN, you have given up the control that makes Plan B possible.&lt;/p&gt;
&lt;h2&gt;Divert: run the playbook in minutes, not hours&lt;/h2&gt;
&lt;p&gt;A workable Plan B has three moves:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Pre-stage alternate edges.&lt;/strong&gt; Your secondary CDN, origin, or transit provider must be in sync with the active one—certificates, cache rules, WAF policies, everything. We keep them hot by replaying production configs across vendors.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Wire DNS automation.&lt;/strong&gt; We integrate with multiple third-party DNS APIs at once so we can update apex A/AAAA, flattened CNAMEs, and geo/latency rules in a single workflow. Because the automation lives off the impacted platform, we can execute even while Cloudflare’s dashboard is returning 500s.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Drill humans on the handoff.&lt;/strong&gt; Our SOC sits in Sydney and Melbourne, but we cover global hours. During an incident we line up Slack/Teams bridges with your SREs, confirm business impact, and keep execs in the loop while traffic drains to the healthy provider.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;With that in place we routinely hit sub-five-minute diversion times, including DNS propagation, because the decision, the tooling, and the people are ready before the outage hits.&lt;/p&gt;
&lt;h2&gt;What Peakhour brings to your Plan B&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Independent authority, familiar vendors.&lt;/strong&gt; We leverage multiple established DNS providers instead of locking you into ours. You keep your contracts; we bring the automation and guardrails.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Unified multi-CDN config.&lt;/strong&gt; Cache rules, image optimisation, WAF, and routing policies stay aligned across providers so you don’t lose capabilities when you switch.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Real drills, not just runbooks.&lt;/strong&gt; Quarterly failover exercises prove that certificates, APIs, and humans are ready. We share the post-mortems so your execs see clear RTO/RPO numbers.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;People you can phone.&lt;/strong&gt; 24×7 Australian-based engineers who know your stack and can execute the play while your own team communicates with customers.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Book a resilience review&lt;/h2&gt;
&lt;p&gt;If Tuesday exposed that your failover path still depends on your primary provider’s dashboard, book a 30-minute Resilience Review with Peakhour and we’ll:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Map who really controls your DNS today.&lt;/li&gt;
&lt;li&gt;Identify the gaps between your primary and standby CDNs.&lt;/li&gt;
&lt;li&gt;Outline the automations we can layer on top of your existing DNS and hosting vendors.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;The output is a concrete Plan B, a drill schedule, and a team that can execute it the next time a global provider blinks.&lt;/p&gt;</content><category term="Interest"></category><category term="CDN"></category><category term="DNS"></category><category term="Multi CDN"></category><category term="Incident Response"></category></entry><entry><title>Did Residential Proxies enable a $600 Billion loss?</title><link href="https://www.peakhour.io/blog/residential-proxies-deepseek/" rel="alternate"></link><published>2025-01-31T00:00:00+11:00</published><updated>2025-01-31T00:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2025-01-31:/blog/residential-proxies-deepseek/</id><summary type="html">&lt;p&gt;How residential proxy networks may have enabled DeepSeek to bypass AI platform protections, leading to Nvidia's historic market value loss&lt;/p&gt;</summary><content type="html">&lt;p&gt;The DeepSeek story puts &lt;a href="/learning/threat-detection/what-is-residential-proxy-detection/"&gt;residential proxy&lt;/a&gt; networks under scrutiny as a possible factor in
AI's latest market disruption. In January 2025, the Chinese startup's emergence erased $600 billion from Nvidia's market
value by demonstrating AI capabilities that match industry leaders at a fraction of the cost.&lt;/p&gt;
&lt;p&gt;The path to this capability raises a practical security question for AI platforms. Leading platforms protect their APIs with multiple security layers -
rate limiting to prevent mass data extraction, bot detection
to block automated requests, and geoblocking to restrict access from certain regions. These measures are meant to prevent the systematic collection of training data.&lt;/p&gt;
&lt;p&gt;Residential &lt;a href="/products/residential-proxy-detection/"&gt;proxy networks&lt;/a&gt; create a route around those protections. These networks route traffic through
household IP addresses, so requests appear to originate from homes in permitted regions.
A request from a restricted location could look like legitimate traffic from Sydney, Melbourne, or Perth.&lt;/p&gt;
&lt;p&gt;The circumstances suggest this approach is plausible. By distributing requests across millions of residential IPs worldwide,
each IP could maintain human-like patterns while staying below rate limits. The aggregate data could form a substantial
training set without triggering security alerts.&lt;/p&gt;
&lt;p&gt;Meta's lawsuit against Bright Data strengthens this possibility. The case exposed how proxy providers monetise residential
IPs, often without homeowners' knowledge. That model creates a global network capable of bypassing traditional security
measures - exactly the type of infrastructure needed for large-scale data collection.&lt;/p&gt;
&lt;p&gt;The residential proxy industry threatens $600 billion in business value through data theft and security bypasses.
DeepSeek's impact on Nvidia's market capitalisation highlights the real-world impact of residential proxies.&lt;/p&gt;
&lt;p&gt;For AI platforms, the question is operational. How can platforms distinguish between legitimate users and well-crafted
requests through residential proxies? When geographical restrictions lose meaning, what security measures remain effective?
Traditional &lt;a href="/blog/anti-fraud-residential-proxy-detection/"&gt;IP Intelligence based proxy detection&lt;/a&gt; based on historical
usage is no longer effective; per-connection proxy detection is essential.&lt;/p&gt;
&lt;p&gt;DeepSeek's emergence suggests AI security teams need to revisit their assumptions. The potential use of residential proxy networks
to dissolve digital borders challenges current approaches to platform protection.&lt;/p&gt;</content><category term="Residential Proxies"></category><category term="Residential Proxies"></category><category term="CDN"></category><category term="Bot Management"></category><category term="Machine Learning"></category><category term="API Security"></category><category term="Threat Detection"></category></entry><entry><title>Addressing Key Cloud Security Categories</title><link href="https://www.peakhour.io/blog/peakhour-cloud-security-post-wiz/" rel="alternate"></link><published>2024-05-01T10:00:00+10:00</published><updated>2024-05-01T10:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2024-05-01:/blog/peakhour-cloud-security-post-wiz/</id><summary type="html">&lt;p&gt;An analysis of Peakhour's role in addressing key cloud security categories identified in recent industry analysis, demonstrating its comprehensive approach to modern cloud security challenges.&lt;/p&gt;</summary><content type="html">&lt;p&gt;A recent &lt;a href="https://www.scalevp.com/insights/a-world-after-wiz-emerging-opportunities-in-cloud-security/"&gt;Scale Venture Partners analysis&lt;/a&gt; sets out emerging opportunities in cloud security after Wiz. Peakhour is a reverse proxy rather than a cloud control-plane product, but it addresses several of these categories and covers related security needs at the application edge.&lt;/p&gt;
&lt;h2&gt;Cloud Security Posture Management (CSPM)&lt;/h2&gt;
&lt;p&gt;The analysis identifies CSPM as a key category in cloud security. Peakhour is not a traditional CSPM, but it contributes to security posture management through:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Traffic Analysis: Peakhour analyses incoming traffic patterns to identify potential security risks.&lt;/li&gt;
&lt;li&gt;Configuration Recommendations: Peakhour recommends security configuration improvements based on observed traffic patterns.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Cloud Workload Protection Platform (CWPP)&lt;/h2&gt;
&lt;p&gt;The article notes that CWPP products provide granular protection for cloud workloads. Peakhour contributes to workload protection through:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Application-Layer Filtering: Peakhour filters traffic at the application layer to protect cloud workloads.&lt;/li&gt;
&lt;li&gt;Real-Time Threat Detection: Peakhour detects and blocks threats in real-time.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Cloud Detection &amp;amp; Response (CDR)&lt;/h2&gt;
&lt;p&gt;CDR focuses on detecting, investigating, and responding to incidents. Peakhour supports CDR work via:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Log Generation: Peakhour generates detailed logs of all traffic for incident investigation.&lt;/li&gt;
&lt;li&gt;Anomaly Detection: Peakhour detects anomalous traffic patterns that indicate security incidents.&lt;/li&gt;
&lt;li&gt;Automated Response: Peakhour responds to detected threats by blocking malicious traffic.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Cloud-Native Application Protection Platform (CNAPP)&lt;/h2&gt;
&lt;p&gt;The analysis defines CNAPP as a combination of CSPM, CWPP, and CDR. Peakhour aligns with that model through:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Integrated Security: Peakhour provides a single platform for traffic filtering, threat detection, and response.&lt;/li&gt;
&lt;li&gt;Application-Centric Protection: Peakhour's reverse proxy design protects cloud-native applications at the application edge.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Cloud Infrastructure Entitlement Management (CIEM)&lt;/h2&gt;
&lt;p&gt;Peakhour does not directly manage cloud infrastructure entitlements, but it complements CIEM efforts through:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Access Pattern Analysis: Peakhour analyses access patterns to applications, providing insights that can inform entitlement decisions.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Non-Human Identity (NHI)&lt;/h2&gt;
&lt;p&gt;The article highlights the growing importance of managing non-human identities. Peakhour contributes to this area by:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Service-to-Service Communication Monitoring: Peakhour monitors and controls service-to-service communication.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Remediation Ops (RemOps)&lt;/h2&gt;
&lt;p&gt;RemOps focuses on managing the growing volume of security alerts. Peakhour supports RemOps through:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Alert Aggregation: Peakhour aggregates security events from traffic analysis into usable alerts.&lt;/li&gt;
&lt;li&gt;Prioritisation: Peakhour prioritises alerts based on threat severity and potential impact.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Additional Peakhour Capabilities&lt;/h2&gt;
&lt;p&gt;Peakhour also addresses &lt;a href="/learning/cloud-security/introduction-to-cloud-security/"&gt;cloud security&lt;/a&gt; needs outside the categories covered in the Scale VP analysis:&lt;/p&gt;
&lt;h3&gt;DDoS Protection&lt;/h3&gt;
&lt;p&gt;Peakhour provides DDoS protection via:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Layer 7 Rate Limiting: Peakhour protects against application-layer DDoS attacks.&lt;/li&gt;
&lt;li&gt;Traffic Anomaly Detection: Peakhour identifies and mitigates DDoS attacks in real-time.&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;Content Delivery Network (CDN)&lt;/h3&gt;
&lt;p&gt;Peakhour's delivery and cache functionality reduces cloud load and traffic bills through:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Traffic Optimisation: Peakhour reduces load on origin servers and decreases traffic bills.&lt;/li&gt;
&lt;li&gt;Geographic Distribution: Peakhour serves content from geographically distributed nodes.&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;Bot Management&lt;/h3&gt;
&lt;p&gt;Peakhour manages bot traffic through:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Bot Detection: Peakhour identifies bot traffic.&lt;/li&gt;
&lt;li&gt;Policy Control: Peakhour implements policies for managing different types of bots.&lt;/li&gt;
&lt;li&gt;Automated Mitigation: Peakhour applies countermeasures against malicious bot activity.&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;Cloud Visibility&lt;/h3&gt;
&lt;p&gt;Peakhour addresses visibility gaps in modern cloud environments:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Traffic Insights: Peakhour provides detailed insights into front-end traffic patterns.&lt;/li&gt;
&lt;li&gt;Real-Time Analytics: Peakhour delivers real-time analytics on traffic, threats, and application behaviour.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Final Thoughts&lt;/h2&gt;
&lt;p&gt;Peakhour addresses several categories identified in the Scale VP analysis of emerging cloud security opportunities. It also covers adjacent needs at the application edge, where traffic, threats, bots, delivery, and visibility meet.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;&lt;em&gt;See how Peakhour's Application Security Platform addresses key areas of modern cloud security. &lt;a href="/contact-sales/"&gt;Contact our team&lt;/a&gt; to strengthen your cloud security posture.&lt;/em&gt;&lt;/p&gt;</content><category term="Security"></category><category term="API Security"></category><category term="Threat Detection"></category><category term="Account Protection"></category><category term="DevSecOps"></category><category term="Application Security"></category><category term="CDN"></category></entry><entry><title>RFC 9460</title><link href="https://www.peakhour.io/blog/rfc-9460-dns-evolution/" rel="alternate"></link><published>2023-11-16T00:00:00+11:00</published><updated>2023-11-16T00:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2023-11-16:/blog/rfc-9460-dns-evolution/</id><summary type="html">&lt;p&gt;Introducing SVCB and HTTPS records in DNS and their impact on web connectivity.&lt;/p&gt;</summary><content type="html">&lt;p&gt;RFC 9460 introduces two DNS record types: "SVCB" (Service Binding) and "HTTPS". They let browsers learn more connection details during DNS lookup, before redirects and TLS negotiation add extra steps. The result is cleaner connection setup, with practical improvements in speed, security, and efficiency.&lt;/p&gt;
&lt;h2&gt;Understanding the Current Process&lt;/h2&gt;
&lt;p&gt;Traditionally, when a browser connects to a website, it follows a sequence:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Browser requests site via HTTP.&lt;/li&gt;
&lt;li&gt;Server redirects request to HTTPS.&lt;/li&gt;
&lt;li&gt;Browser receives ALPN (Application-Layer Protocol Negotiation) during the HTTPS handshake.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;The model is secure, but it is not optimal. It involves multiple round trips, which affects Time to First Byte (TTFB) and the overall user experience. Load balancing and failover are also less direct than they could be. RFC 9460 changes this by allowing DNS to provide the necessary connection details earlier. That reduces the steps involved in establishing a secure connection, lowering TTFB.&lt;/p&gt;
&lt;h2&gt;The Impact of SVCB and HTTPS Records&lt;/h2&gt;
&lt;p&gt;SVCB and HTTPS records move useful connection hints into DNS. They speed up the time-to-first-packet by incorporating the Alt-Svc HTTP header and ALPN TLS extension into DNS, which shortens connection setup. These records also enable redirection at the zone apex, a task not possible with CNAMEs. They simplify DNS load distribution and failover, making web services more resilient. They also remove the need for HSTS preloading and support Encrypted Client Hello (ECH), formerly ESNI, for better privacy.&lt;/p&gt;
&lt;h2&gt;Adoption and Industry Response&lt;/h2&gt;
&lt;p&gt;Adoption started before the RFC was finalised. Firefox has been conducting HTTPS lookups since May 2020, limited to DNS over HTTPS (DoH). Apple's iOS, Safari, and macOS have followed suit since September 2020. Chrome introduced partial support in December 2020 and has recently enabled ECH by default. Various DNS service providers have also started supporting HTTPS and SVCB records.&lt;/p&gt;
&lt;p&gt;As reported on &lt;a href="https://netmeister.org/blog/https-rrs.html"&gt;Netmeister&lt;/a&gt;, adoption is still early but not insignificant. As of October 2023, about 10 million domains have implemented an HTTPS record for their 'www' service names, roughly 4.4% of domains. Around 9.1 million domains, or about 4.0%, use the record on their bare second-level domain name. Among the top 1 million domains, approximately 22.5K (25.5%) use HTTPS records for 'www' service names, and nearly 24K (25.6%) use them on bare domains.&lt;/p&gt;
&lt;p&gt;&lt;img alt="October 2023 Usage" src="/static/images/blog/https-records-oct-2023.png"&gt;&lt;/p&gt;
&lt;h2&gt;What the Records Look Like&lt;/h2&gt;
&lt;p&gt;A typical &lt;a href="/learning/service-binding-record/"&gt;SVCB record&lt;/a&gt; might look like this:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;_example.com. 7200 IN SVCB 1 svc4.example.net. (alpn=&amp;quot;h2,h3&amp;quot; port=&amp;quot;8004&amp;quot;)
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;This record indicates that the service at &lt;code&gt;_example.com&lt;/code&gt; can be accessed at &lt;code&gt;svc4.example.net&lt;/code&gt; using either HTTP/2 or HTTP/3 on port 8004.&lt;/p&gt;
&lt;p&gt;An &lt;a href="/learning/https-record/"&gt;HTTPS record&lt;/a&gt; could be:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;example.com. 3600 IN HTTPS 0 svc.example.net.
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;This record suggests that &lt;code&gt;example.com&lt;/code&gt; should be accessed securely through &lt;code&gt;svc.example.net&lt;/code&gt;.&lt;/p&gt;
&lt;h2&gt;Apex Domains and the Importance of SVCB/HTTPS Records&lt;/h2&gt;
&lt;p&gt;One long-running DNS limitation is the inability to use CNAME records at the apex (root level) of a domain due to conflicts with other necessary records like NS and SOA. RFC 9460's SVCB/HTTPS records address this by enabling apex domain aliasing without those conflicts. This matters for efficient content delivery networks (CDNs) and load balancing strategies.&lt;/p&gt;
&lt;h2&gt;These records enhance capability&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;1. Load Balancing:&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;Consider a website that needs to distribute traffic across multiple servers. SVCB records can indicate different server endpoints with varying priorities.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;example.com. IN SVCB 10 server1.example.com. (alpn=&amp;quot;h2,h3&amp;quot;)
example.com. IN SVCB 20 server2.example.com. (alpn=&amp;quot;h2&amp;quot;)
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;In this example, &lt;code&gt;server1.example.com&lt;/code&gt; is the preferred endpoint (lower priority number), offering both HTTP/2 and HTTP/3 protocols. If it's unavailable, traffic automatically shifts to &lt;code&gt;server2.example.com&lt;/code&gt;.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;2. Failover Mechanism:&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;For a service that requires high availability, SVCB records can express failover directly:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;critical-service.example.com. IN SVCB 1 primary-service.example.com. (alpn=&amp;quot;h2,h3&amp;quot;)
critical-service.example.com. IN SVCB 2 backup-service.example.com. (alpn=&amp;quot;h2&amp;quot;)
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Here, &lt;code&gt;primary-service.example.com&lt;/code&gt; is the primary endpoint. If it fails, the system automatically falls back to &lt;code&gt;backup-service.example.com&lt;/code&gt;.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;3. Apex Domain Usage:&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;A practical advantage of SVCB/HTTPS records is their ability to handle apex domains, where CNAME records are not feasible. This is important for root domain aliasing to different service providers.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;example.com. IN HTTPS 0 cdn-provider.example.net.
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;This record indicates that the apex domain &lt;code&gt;example.com&lt;/code&gt; is to be served through &lt;code&gt;cdn-provider.example.net&lt;/code&gt;, overcoming traditional DNS limitations.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;4. Encrypted ClientHello Support:&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;Future enhancements of SVCB could include keys for Encrypted ClientHello, which improves privacy and security during the initial TLS handshake.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;secure.example.com. IN SVCB 1 tls-service.example.net. (ech=&amp;quot;base64-encoded-key&amp;quot;)
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;This record can be used to initiate a TLS connection with &lt;code&gt;tls-service.example.net&lt;/code&gt; using the provided Encrypted ClientHello key.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;5. Directing Traffic to Specific Protocols:&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;For services that need to direct clients to newer or more efficient protocols, SVCB records can specify the exact protocols to use.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;api.example.com. IN SVCB 1 api-server.example.com. (alpn=&amp;quot;h3&amp;quot;)
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Clients that understand HTTP/3 can connect directly using this protocol, bypassing the usual HTTP/1.1 or HTTP/2 protocols.&lt;/p&gt;
&lt;h2&gt;The Long Wait&lt;/h2&gt;
&lt;p&gt;HTTPS has been around for a while, so RFC 9460 raises an obvious question: why did this take so long? Apex records have had their share of problems, including not being able to use CNAMEs and having to resort to custom records like ALIAS or Cloudflare's 'cname flattening'.&lt;/p&gt;
&lt;p&gt;It is a fair question. We've had some bizarre records hanging around for ages along with a wide range of solutions to the "CNAME at the zone apex"
problem.&lt;/p&gt;
&lt;p&gt;Credit to the creators of RFC 9460 for getting this through and obtaining browser support:
   - B. Schwartz from Meta Platforms, Inc.
   - M. Bishop from Akamai Technologies
   - E. Nygren from Akamai Technologies&lt;/p&gt;
&lt;h2&gt;Final Thoughts&lt;/h2&gt;
&lt;p&gt;RFC 9460 gives DNS a more useful role in HTTPS connection setup. SVCB and HTTPS records let operators publish endpoint, protocol, failover, and privacy information before the browser starts negotiating the connection. That gives service providers more precise control over how clients reach web services, with practical benefits for performance, reliability, and security.&lt;/p&gt;</content><category term="Interest"></category><category term="HTTP"></category><category term="Web Performance"></category><category term="Rate Limiting"></category><category term="TLS Fingerprinting"></category><category term="CDN"></category><category term="DDoS"></category></entry><entry><title>Enterprise-Level Caching for All</title><link href="https://www.peakhour.io/blog/magento-2-plugin/" rel="alternate"></link><published>2023-11-02T13:00:00+11:00</published><updated>2023-11-02T13:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2023-11-02:/blog/magento-2-plugin/</id><summary type="html">&lt;p&gt;Elevate your e-commerce with our newly released Magento 2 plugin. Experience enterprise-level caching features accessible to all Peakhour customers.&lt;/p&gt;</summary><content type="html">&lt;p&gt;We've released our Magento 2 plugin for e-commerce stores using Magento. It brings Peakhour's caching features into
Magento, including capabilities that other providers often reserve for enterprise plans. With Peakhour,
'Enterprise for Everyone' means making those features available to all customers, regardless of plan.&lt;/p&gt;
&lt;h2&gt;Why Cache Tags Matter&lt;/h2&gt;
&lt;p&gt;&lt;a href="/learning/cache-tags/"&gt;Cache tags&lt;/a&gt; solve a practical website management problem: keeping your cache current when content changes.
In Magento 2, a single change, such as updating a product's price, can affect multiple pages. Cache tags ensure that only
the relevant cached content is updated, maintaining cache efficiency and reducing server load. That matters for
website speed and user experience, which directly affect sales and SEO rankings.&lt;/p&gt;
&lt;h2&gt;Enterprise for Everyone&lt;/h2&gt;
&lt;p&gt;While other providers offer cache tags only in expensive enterprise plans, Peakhour makes this feature available
to everyone. Our infrastructure and caching algorithms make that possible. We also offer other
enterprise-level features, including DDoS protection, real-time analytics, and custom caching rules, so
'Enterprise for Everyone' is reflected in the product rather than just the plan names.&lt;/p&gt;
&lt;h2&gt;Peakhour vs. Magento and Varnish Caching&lt;/h2&gt;
&lt;p&gt;Our plugin goes beyond Magento's built-in caching and Varnish cache in several ways:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Custom Cache Tags&lt;/strong&gt;: Unlike Magento's built-in cache, we offer custom cache tags for more granular cache control.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Advanced Algorithms&lt;/strong&gt;: Our caching algorithms go beyond Varnish, helping improve cache hit rates and lower server load.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Additional Features&lt;/strong&gt;: With Peakhour, caching sits alongside real-time analytics, DDoS protection, and custom caching rules, features often missing in standard Magento or Varnish setups.&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;Expected Performance Improvements&lt;/h2&gt;
&lt;p&gt;By using Peakhour's Magento 2 plugin, you can expect performance improvements:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Faster Page Loads&lt;/strong&gt;: Our caching can reduce page load times by up to 50%, giving users a smoother experience.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Reduced Server Load&lt;/strong&gt;: Efficient caching means fewer requests to your origin server, reducing server load by as much as 70%.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Improved SEO&lt;/strong&gt;: Faster websites are favoured by search engines, which can improve SEO rankings.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Higher Conversion Rates&lt;/strong&gt;: A faster website gives users a better experience, which can lead to higher conversion rates and increased sales.&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;Installation Options&lt;/h2&gt;
&lt;p&gt;You can install the Magento 2 plugin through Magento Connect, Composer, or a ZIP file. For
more detail, see our &lt;a href="/docs/how-to-guides/integrations/magento-2/"&gt;plugin page&lt;/a&gt;.&lt;/p&gt;</content><category term="CMS"></category><category term="Caching"></category><category term="Magento"></category><category term="CDN"></category><category term="Drupal"></category><category term="WordPress"></category><category term="Web Performance"></category></entry><entry><title>Useful tips to accelerate your Magento store</title><link href="https://www.peakhour.io/blog/accelerate-magento/" rel="alternate"></link><published>2023-11-01T13:00:00+11:00</published><updated>2023-11-01T13:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2023-11-01:/blog/accelerate-magento/</id><summary type="html">&lt;p&gt;There are many things you can do to speed up your Magento store, here are just a few.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Out of the box, Magento is not the fastest ecommerce platform. Magento 2 is built with Full Page Cache in mind, so repeat page requests do not always have to hit the application. A slow Magento store can frustrate customers, increase bounce rates, and cost sales. There are several practical ways to accelerate &lt;a href="/learning/ecommerce-security/securing-magento-shopify/"&gt;your Magento&lt;/a&gt; store and improve the user experience. These are good places to start.&lt;/p&gt;
&lt;h2&gt;Caching is King&lt;/h2&gt;
&lt;p&gt;Caching is usually the biggest performance lever for a Magento store. By storing pre-generated versions of pages, you reduce server response times and avoid asking Magento to rebuild the same page for every request.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Full Page Caching (FPC)&lt;/strong&gt;: Magento includes built-in FPC, but it can be extended. Varnish is a common choice for this role. Magento 2 has native support for Varnish, which acts as a web application accelerator.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Redis&lt;/strong&gt;: Use Redis for session and cache storage. It is an in-memory data structure store that can speed up backend operations by reducing database load.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Edge Caching&lt;/strong&gt;: Use Peakhour Edge to cache your dynamic pages close to users. This serves content from a nearby delivery path and reduces latency. Peakhour's &lt;a href="/docs/how-to-guides/integrations/magento-1/"&gt;Magento 1&lt;/a&gt; and &lt;a href="/docs/how-to-guides/integrations/magento-2/"&gt;Magento 2&lt;/a&gt; plugins make this straightforward to set up.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Optimise Your Images&lt;/h2&gt;
&lt;p&gt;Images often make up the bulk of a page's weight. Optimising them is one of the simplest ways to improve load times.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Compression&lt;/strong&gt;: Use image compression tools to reduce file sizes without a noticeable loss in quality.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Next-Gen Formats&lt;/strong&gt;: Serve images in modern formats like WebP or AVIF, which offer better compression. A CDN can often handle this conversion automatically.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Lazy Loading&lt;/strong&gt;: Implement lazy loading for images that are "below the fold" (not immediately visible). This means they only load when they are about to enter the user's viewport.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Minify and Merge CSS/JavaScript&lt;/h2&gt;
&lt;p&gt;Magento has built-in features for merging and minifying CSS and JavaScript files.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Minification&lt;/strong&gt;: Removes unnecessary characters (like whitespace and comments) from code to reduce file size.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Merging&lt;/strong&gt;: Combines multiple CSS or JavaScript files into a single file to reduce the number of HTTP requests.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt;: Always test thoroughly after enabling merging, as it can sometimes cause issues with certain themes or extensions.&lt;/p&gt;
&lt;h2&gt;Keep Your Environment Updated&lt;/h2&gt;
&lt;p&gt;The environment your Magento store runs in has a direct effect on performance.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Latest PHP Version&lt;/strong&gt;: Use the latest stable version of PHP supported by your Magento version. Each new release brings performance and security improvements.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Server Resources&lt;/strong&gt;: Ensure your server has adequate RAM and CPU power to handle your traffic, especially during peak times.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Web Server&lt;/strong&gt;: Use a high-performance web server like Nginx, which is known for its speed and efficiency.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Use Edge Caching and Delivery&lt;/h2&gt;
&lt;p&gt;An edge delivery layer is a practical requirement for many ecommerce stores. It caches your static assets (images, CSS, JavaScript) close to users.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Reduced Latency&lt;/strong&gt;: Users receive content from the server geographically closest to them, which speeds up load times.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Reduced Origin Load&lt;/strong&gt;: By serving cached content, an edge cache reduces the number of requests that hit your origin server, improving its performance and stability.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Enhanced Security&lt;/strong&gt;: Peakhour also offers security features like a Web Application Firewall (WAF) and DDoS protection.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Database Optimisation&lt;/h2&gt;
&lt;p&gt;A slow database can slow the whole store.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Clean Logs&lt;/strong&gt;: Regularly clean out Magento's log tables (e.g., &lt;code&gt;log_customer&lt;/code&gt;, &lt;code&gt;log_visitor&lt;/code&gt;). These can grow very large and slow down database queries.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Enable Flat Catalog&lt;/strong&gt;: For Magento 1 and older versions of Magento 2, enabling the Flat Catalog for products and categories can improve performance by reducing the complexity of database queries.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Re-index Regularly&lt;/strong&gt;: Keep your Magento indexes up to date. A cron job should be set up to handle this automatically.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Audit Third-Party Extensions&lt;/h2&gt;
&lt;p&gt;Poorly coded or unnecessary third-party extensions are a common cause of Magento performance issues.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Review Extensions&lt;/strong&gt;: Audit your installed extensions regularly. If you're not using one, disable or uninstall it.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Use a Profiler&lt;/strong&gt;: Use Magento's built-in profiler or a tool like New Relic to identify slow-running code, which can often be traced back to a specific extension.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;These changes will not fix every Magento performance problem, but they cover the areas that usually matter first: cache behaviour, asset weight, the hosting environment, database maintenance, and extension overhead.&lt;/p&gt;</content><category term="CMS"></category><category term="Magento"></category><category term="Web Performance"></category><category term="Drupal"></category><category term="WordPress"></category><category term="Caching"></category><category term="CDN"></category></entry><entry><title>Navigating CDN Consolidation</title><link href="https://www.peakhour.io/blog/navigating-cdn-consolidation/" rel="alternate"></link><published>2023-11-01T00:00:00+11:00</published><updated>2023-11-01T00:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2023-11-01:/blog/navigating-cdn-consolidation/</id><summary type="html">&lt;p&gt;Explore the complexities of switching CDN providers amid industry consolidation and how Peakhour can assist in the transition&lt;/p&gt;</summary><content type="html">&lt;p&gt;The &lt;a href="/learning/cdn/"&gt;CDN&lt;/a&gt; industry is moving quickly, with major providers such as Akamai and Cloudflare consolidating their positions. For businesses caught in that movement, changing CDN providers is rarely a simple swap. Your CDN sits in front of your website or application, so migration decisions touch performance, security, routing, caching, and operational risk.&lt;/p&gt;
&lt;h2&gt;Market Shifts in the CDN Industry&lt;/h2&gt;
&lt;p&gt;The CDN market is being reshaped by large providers and newer entrants. Akamai's acquisition of Linode is one example, expanding its cloud services and strengthening its position beyond CDN. Cloudflare is moving in a similar direction, adding cloud-based services around its CDN platform.&lt;/p&gt;
&lt;h2&gt;Akamai's Strategic Moves&lt;/h2&gt;
&lt;p&gt;Akamai has recently bought customer contracts from both Lumen and StackPath. This is likely to lift its 2024 revenue by tens of millions of dollars. The transferred customers will also benefit from Akamai’s wider cloud and security services.&lt;/p&gt;
&lt;p&gt;Azure CDN Standard from Akamai, StackPath CDN, and Lumen CDN are all going offline soon. Clients have received only 2-3 months' notice to migrate, which is a tight window for a service that usually has routing, security, caching, and origin dependencies. Vendors should avoid putting customers in this position. A multi-CDN strategy can reduce that exposure.&lt;/p&gt;
&lt;h2&gt;What Happened to Section.io?&lt;/h2&gt;
&lt;p&gt;Section.io, once a CDN, shifted to edge computing before being sold to Webscale. That leaves approximately 300 Australian websites looking for new service providers. If you are one of them, now is the time to act.&lt;/p&gt;
&lt;p&gt;These moves make the decision to switch or stay with a CDN provider more complex, especially for smaller businesses that need flexible and reliable local alternatives such as Peakhour. Switching your CDN is not as straightforward as changing a DNS record. Your CDN acts as the gateway to your website or application, so a move can involve reconfiguring a large part of the delivery stack.&lt;/p&gt;
&lt;h2&gt;Why Peakhour Is the Right Choice&lt;/h2&gt;
&lt;p&gt;Peakhour is a local, reliable alternative in an industry changing quickly. We offer the flexibility needed for customisation and a full suite of services.&lt;/p&gt;
&lt;p&gt;If you are considering a CDN switch, treat it as a technical migration rather than a procurement task. Peakhour can help make that transition smoother.&lt;/p&gt;
&lt;h2&gt;Peakhour's Top 10 Things to Consider When Changing Providers&lt;/h2&gt;
&lt;p&gt;Switching CDNs? Work through these ten factors before you move:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Caching Rules&lt;/strong&gt;: Use the migration to review and optimise your caching settings.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;POP Distribution&lt;/strong&gt;: Understand how the new CDN's points of presence may affect your traffic.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Security Gaps&lt;/strong&gt;: Evaluate how the new CDN's security measures compare to your current provider.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Access Lists&lt;/strong&gt;: Make sure IP whitelists and blacklists are carried over cleanly.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Origin Security&lt;/strong&gt;: Update IP addresses to ensure your origin server recognises the new CDN.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;SSL/TLS Certificates&lt;/strong&gt;: Confirm the new CDN supports your existing SSL/TLS settings and can carry over the certificates you need.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;API Compatibility&lt;/strong&gt;: Ensure the new CDN offers APIs that match or exceed your current usage.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Analytics and Monitoring&lt;/strong&gt;: Assess if the new CDN's analytics tools meet your needs.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Rate Limiting&lt;/strong&gt;: Review the new CDN's rate limiting options, especially if your site experiences traffic bursts.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Costs&lt;/strong&gt;: Account for migration work, potential downtime, and any hidden fees.&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;Additional Considerations for a Seamless Transition&lt;/h2&gt;
&lt;p&gt;Beyond the top ten, also consider:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Bot Protection&lt;/strong&gt;: Evaluate how the new CDN manages automated traffic.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;User Agent Validation&lt;/strong&gt;: Make sure the new CDN effectively screens search engine bots.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;IP Reputation Lists&lt;/strong&gt;: Know how your new CDN updates and uses IP reputation lists.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;API Protection&lt;/strong&gt;: Confirm that the new CDN provides strong API security controls.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Dynamic Page Caching&lt;/strong&gt;: Check how the new CDN handles caching for dynamic content.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Query String Handling&lt;/strong&gt;: Understand how your new CDN treats query strings, as this can affect cache performance after migration.&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;Special Concerns for E-commerce Sites&lt;/h2&gt;
&lt;p&gt;For e-commerce, also think about:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Site Integrations&lt;/strong&gt;: Does the new CDN support plugins for your platform, such as Magento?&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Custom WAF Rules and Exceptions&lt;/strong&gt;: Ensure these can be moved to the new CDN.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Image Optimisation&lt;/strong&gt;: Update Image APIs if your CDN handles image transformations.&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;Advanced Configurations&lt;/h2&gt;
&lt;p&gt;Advanced setups need closer review:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Origin Mounting&lt;/strong&gt;: Confirm your multiple origins will work as needed with the new CDN.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Request Routing&lt;/strong&gt;: Make sure you can replicate your existing routing configurations with the new provider.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Edge Redirects&lt;/strong&gt;: Ensure the new CDN can handle any redirects you’ve configured at the edge.&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;</content><category term="Interest"></category><category term="CDN"></category><category term="Magento"></category><category term="Account Protection"></category><category term="DDoS"></category></entry><entry><title>Vary Cache on Cookie Value</title><link href="https://www.peakhour.io/blog/vary-cache-on-cookie-value/" rel="alternate"></link><published>2023-08-03T13:00:00+10:00</published><updated>2023-08-03T13:00:00+10:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2023-08-03:/blog/vary-cache-on-cookie-value/</id><summary type="html">&lt;p&gt;Varying the cache on a specific cookie value is a powerful way to cache personalised content. Many CDNs consider this an enterprise feature, but it's essential for modern dynamic websites.&lt;/p&gt;</summary><content type="html">&lt;p&gt;On most websites, a user requests a page and receives the same response as everyone else. Some websites, however, change
the content depending on who is visiting. For example, someone visiting from Australia might get the page in English,
while someone visiting from Spain gets it in Spanish.&lt;/p&gt;
&lt;h2&gt;The Vary Header&lt;/h2&gt;
&lt;p&gt;The HTTP &lt;code&gt;Vary&lt;/code&gt; header is the standard way to tell a cache that the content of a page can change depending on a request
header. For example, if a website returns this header:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="n"&gt;Vary&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;Accept&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Language&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;It tells any cache that the content can change depending on the language preference of the user's browser. The cache then
stores a separate copy of the page for each language.&lt;/p&gt;
&lt;p&gt;That works for standard request headers, but content often changes based on something else. For example, a user might be
able to select their currency on an ecommerce store. This preference is usually stored in a cookie.&lt;/p&gt;
&lt;p&gt;A common, but problematic, way of handling this is to return:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="n"&gt;Vary&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;Cookie&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;This tells the cache to store a separate version of the page for every unique &lt;code&gt;Cookie&lt;/code&gt; header it sees. The problem is that
the &lt;code&gt;Cookie&lt;/code&gt; header can contain many different cookies (e.g., for analytics, session tracking, etc.), creating many cached
versions and a very low cache hit rate. This effectively makes caching useless.&lt;/p&gt;
&lt;h2&gt;Varying on a Specific Cookie Value&lt;/h2&gt;
&lt;p&gt;A better solution is to vary the cache based on the value of a &lt;em&gt;specific&lt;/em&gt; cookie. For example, an ecommerce store might use
a cookie named &lt;code&gt;currency&lt;/code&gt; to store the user's preference. By instructing the CDN to look only at the value of the &lt;code&gt;currency&lt;/code&gt;
cookie, it can store separate cached versions for AUD, USD, EUR, etc., while ignoring all other cookies.&lt;/p&gt;
&lt;p&gt;This means you can serve personalised, dynamic content while still benefiting from a high cache hit rate.&lt;/p&gt;
&lt;h2&gt;Use Cases&lt;/h2&gt;
&lt;p&gt;Varying the cache on a cookie value is useful for dynamic websites:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Multi-Currency/Multi-Lingual Stores&lt;/strong&gt;: Serve cached pages with the correct currency and language for each user.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;User Groups&lt;/strong&gt;: Show different content or pricing to different user groups, like wholesale vs. retail customers, without them needing to log in.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;A/B Testing&lt;/strong&gt;: Serve different versions of a page to different users as part of an A/B test and cache both versions.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Personalisation&lt;/strong&gt;: Cache pages with personalised content, like recently viewed items or location-based offers.&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;Enterprise or Essential?&lt;/h2&gt;
&lt;p&gt;Many major CDN providers restrict this feature to their expensive enterprise plans, putting it out of reach for many businesses.
At Peakhour, we see it as an essential feature for modern dynamic websites. That's why we make it available on all our plans.
It's a core part of our 'Enterprise for Everyone' philosophy.&lt;/p&gt;
&lt;p&gt;The ability to vary the cache on a specific cookie value addresses the limitations of the &lt;code&gt;Vary: Cookie&lt;/code&gt; header and allows
for efficient caching of personalised content. It is not a luxury feature; it is an essential tool for improving performance
and user experience on modern websites.&lt;/p&gt;</content><category term="Features"></category><category term="Caching"></category><category term="CDN"></category><category term="Drupal"></category></entry><entry><title>Content and Origin Mounting</title><link href="https://www.peakhour.io/blog/content-mounting/" rel="alternate"></link><published>2023-06-29T13:00:00+10:00</published><updated>2023-06-29T13:00:00+10:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2023-06-29:/blog/content-mounting/</id><summary type="html">&lt;p&gt;Content/Origin mounting allows you to seamlessly bring content together from multiple sources, on to your main website.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Some features look niche until you map them to the problems they remove. Content mounting is one of those features.
It has been available in Peakhour for some time and has helped solve some unique challenges for our biggest clients.
We've applied it to SEO, usability, performance, and security problems. Peakhour's implementation is also unique in the
CDN world.&lt;/p&gt;
&lt;h2&gt;What is Content Mounting?&lt;/h2&gt;
&lt;p&gt;Peakhour's 'Content Mounting' lets you 'mount' content hosted on another website or server onto a subfolder
of your main website. For example, say you have the primary hostname of:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;example.com
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;This feature effectively means that you can serve content from:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;shop.example.com
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;under your primary hostname, eg&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;example.com/shop/.
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Fetching content from a different origin is configured using Edgerules, giving you a high degree of control over how content
is fetched and for whom. EdgeRules allow you to:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Match criteria beyond the URL, for example a cookie value, a header, the device type, and more.&lt;/li&gt;
&lt;li&gt;Override the hostname header, eg the incoming request for example.com will have the host header to the origin replaced
  with shop.example.com. This is crucial for the secondary origin server to respond to the request. It also overrides
  the Server Name Indication (SNI) for the request to the origin.&lt;/li&gt;
&lt;li&gt;Rewrite the path, eg the request for /shop/ can be rewritten to be just / so it matches the URL scheme on the secondary
  origin.&lt;/li&gt;
&lt;li&gt;Rewrite links in the returned HTML document. Content on shop.example.com will have resources/links referencing
  shop.example.com. Those links need to be rewritten as example.com/shop/ so navigation stays on example.com and
  CSS/JS/images load properly. The restriction is that only links in HTML will be rewritten. Links in JavaScript or CSS
  won't be rewritten, so content might not look right.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Use Cases for Content Mounting&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Boost domain authority&lt;/strong&gt;: By 'mounting' all your content onto your main domain, you can significantly increase the amount of quality content
   under your primary URL. This aggregation can improve your website's domain authority, a key factor search engines
   consider when ranking your site.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Improved User Experience&lt;/strong&gt;: This strategy also improves the user experience by keeping everything under one main
   domain. It reduces confusion, provides consistency, and keeps navigation seamless. Search engines prioritise websites
   that offer a strong user experience, so this could indirectly improve your rankings.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Improve Performance&lt;/strong&gt;: Each hostname that the browser has to connect to incurs a performance cost. It has to start
   a new thread and negotiate a DNS lookup and TLS handshake. You can speed things along with browser hints like
   dns-prefetch and pre-connect but it can still be in the region of 100-500ms per hostname. Mounting them onto your
   main domain and allowing Peakhour to maintain warm connections to the different hosts can deliver measurable benefits.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;API Security&lt;/strong&gt;: With the rise of Headless eCommerce and microservices, it is common for information to be fetched
   from several different hostnames. By mounting them on your main domain, say under /api/, you can achieve versioning and consistency.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Eliminate CORS configuration issues and preflight requests&lt;/strong&gt;: When JavaScript
   in your browser has to call another hostname, it needs specific headers that grant permission,
   and there is also a preflight request penalty. Trendspek eliminated CORS and preflight requests from their
   application using our content mounting and dramatically improved 3D model loading.&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;Content mounting is a practical tool for organising and orchestrating your website content. With the rise
of microservices and headless ecommerce, it can be vital for ensuring a consistent and secure website experience.&lt;/p&gt;</content><category term="Features"></category><category term="CDN"></category></entry><entry><title>Cache Tags/Surrogate Keys</title><link href="https://www.peakhour.io/blog/surrogate-keys-cache-tags/" rel="alternate"></link><published>2023-06-28T13:00:00+10:00</published><updated>2023-06-28T13:00:00+10:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2023-06-28:/blog/surrogate-keys-cache-tags/</id><summary type="html">&lt;p&gt;Surrogate Keys, or cache tags, are a powerful mechanism for targeted flushing of content from a cache, not all CDNs support them though.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Caches are a way of storing information so future requests for the same data can be served more quickly. CDNs, including
Peakhour, run caches on each of their POPs (Points of Presence). At that level these caches are key/value stores, where
the key can be a combination of several request details, as outlined in our previous blog post on
&lt;a href="/blog/cdn-cache-keys/"&gt;cache keys&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;An established way to improve website performance is &lt;a href="/blog/caching-dynamic-content-with-a-cdn/"&gt;full page caching&lt;/a&gt;,
where a copy of a full page generated by a CMS is stored in a CDN. For a cache hit compared with a cache miss, this can
typically cut 1-4s off a page load.&lt;/p&gt;
&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/savvy-before.jpg" width="100%" alt="Savvysupporter before"/&gt;
&lt;em&gt;Main document load &lt;strong&gt;before&lt;/strong&gt; caching: &lt;strong&gt;2.07s&lt;/strong&gt;&lt;/em&gt;
&lt;/div&gt;

&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/savvy-after.jpg" width="100%" alt="Savvysupporter after"/&gt;
&lt;em&gt;Main document load &lt;strong&gt;after&lt;/strong&gt; caching: &lt;strong&gt;82ms!!&lt;/strong&gt;&lt;/em&gt;
&lt;/div&gt;

&lt;h2&gt;A Simple Cache Example&lt;/h2&gt;
&lt;p&gt;When a website changes a resource, such as a page or image, it can instruct the CDN to flush the cache entry for that
resource's key. For example, say we have a page:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;/about-us/
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;If we're doing full page caching, it will be stored in the CDN with the key &lt;strong&gt;"/about-us/"&lt;/strong&gt;. If it changes, we can
issue a flush using the key &lt;strong&gt;"/about-us/"&lt;/strong&gt; and the CDN will fetch a fresh version.&lt;/p&gt;
&lt;h2&gt;A blog example&lt;/h2&gt;
&lt;p&gt;But consider a blog article with the URL &lt;strong&gt;"/caching/caching-explained/"&lt;/strong&gt;. A typical blog has categories, tags, and
authors. A link and summary for the article can exist on many pages: the home page if it's recent, the category pages
that the article belongs to, the author page, and so on.&lt;/p&gt;
&lt;p&gt;When we update the article, flushing only the key &lt;strong&gt;"/caching/caching-explained/"&lt;/strong&gt; is not enough. We also have to find
the other pages it appears on and flush them too, because they may have changed. That means issuing database queries to
find all the pages that our article appears on, gathering them into a list, and issuing a flush for each of them.&lt;/p&gt;
&lt;h2&gt;An eCommerce example&lt;/h2&gt;
&lt;p&gt;Another example is an ecommerce store with lots of products and product categories. A particular product might appear on
100s of pages with its price displayed. When that price changes, the cached site needs to reflect it. You have two
choices: do a lot of work on the server to discover the pages the product is on and flush them, or flush everything.
Neither option is good. The first can slow your website to a crawl with database queries; the second forces the cache to
repopulate.&lt;/p&gt;
&lt;h2&gt;Enter Cache Tags&lt;/h2&gt;
&lt;p&gt;Cache tags, also known as surrogate keys, are a mechanism for adding another way to find content in a cache. Unlike the
primary cache key, these tags are not unique.&lt;/p&gt;
&lt;p&gt;A website utilises cache tags by returning them in an HTTP header with the response. For example, Magento 2 uses the
header &lt;strong&gt;X-Magento-Tags&lt;/strong&gt;:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;x-magento-tags: cms_b_site_home_main_banner,store,cms_b,cms_b_site_homepage_bar,cms_p_47,cms_b_header_custom_notice,cms_b_porto_custom_block_for_header_home5,cms_b_site_header_social_links,cms_b_site_home_shopby_category,cms_b_site_home_shopby_brand,cat_c_p_2,cat_p_2508,cat_p,cat_p_2483,cat_p_2387,cat_p_2372,cat_p_1412,cat_p_1388,cat_p_2575,cat_p_2560,cat_p_2557,cat_p_2543,cat_p_2520,cat_p_1262,cat_p_2434,cat_p_2423,cat_p_1660,cat_p_1579,cat_p_1276,cat_p_1217,cms_b_site_footer_social_links,cms_b_site_footer_contact_us,cms_b_site_footer_popular_items,cms_b_site_footer_quick_links,cms_b_site_footer_information
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Magento returns tags for page elements like the navigation, sidebar, and notice, as well as for product categories and
products. Products have tags in the format &lt;strong&gt;cat_p_1234&lt;/strong&gt;, where &lt;strong&gt;1234&lt;/strong&gt; is the product id in the database.&lt;/p&gt;
&lt;p&gt;When someone updates product 1234, a flush is issued for the tag &lt;strong&gt;cat_p_1234&lt;/strong&gt; and all pages that have that tag are
flushed. Magento doesn't have to do any work trying to determine which page the product might be on. The cache can
efficiently find those cached pages and invalidate them.&lt;/p&gt;
&lt;h2&gt;Cache tags in CMSs&lt;/h2&gt;
&lt;p&gt;As mentioned, Magento 2 uses a sophisticated cache tag strategy to maximise the performance of its full page cache. Other
CMSs, including Drupal 8/9/10 and Typo3, also utilise cache tags. Peakhour adds cache tags to &lt;a href="/docs/how-to-guides/integrations/wordpress"&gt;WordPress&lt;/a&gt;,
&lt;a href="/docs/how-to-guides/integrations/prestashop/"&gt;Prestashop&lt;/a&gt;, &lt;a href="/docs/how-to-guides/integrations/magento-1/"&gt;Magento 1&lt;/a&gt;, and &lt;a href="/docs/how-to-guides/integrations/opencart-3/"&gt;Opencart&lt;/a&gt;
via our plugins to enable full page caching.&lt;/p&gt;
&lt;h2&gt;Cache Tag support amongst CDNs&lt;/h2&gt;
&lt;p&gt;If you're looking for maximum full page cache effectiveness for your website, especially if you're using a CMS with
built-in cache tag support, cache tag support matters. The table below outlines support amongst major CDN providers.&lt;/p&gt;
&lt;table class="table table-striped"&gt;
&lt;tr&gt;&lt;th&gt;CDN/Cache&lt;/th&gt;&lt;th&gt;Cache Tag Support&lt;/th&gt;&lt;th&gt;Custom Header&lt;/th&gt;&lt;/tr&gt;
&lt;tr&gt;
    &lt;td&gt;Peakhour&lt;/td&gt;
    &lt;td&gt;&lt;i class="fas fa-check-circle text-green-500 text-xl"&gt;&lt;/i&gt;&lt;/td&gt;
    &lt;td&gt;&lt;i class="fas fa-check-circle text-green-500 text-xl"&gt;&lt;/i&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
    &lt;td&gt;Cloudflare&lt;/td&gt;
    &lt;td&gt;
        &lt;i class="fas fa-exclamation-triangle text-yellow-200 text-xl"&gt;&lt;/i&gt;
        Enterprise Plan Only
    &lt;/td&gt;
    &lt;td&gt;&lt;i class="fas fa-times-circle text-red-700 text-xl"&gt;&lt;/i&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
    &lt;td&gt;Fastly&lt;/td&gt;
    &lt;td&gt;&lt;i class="fas fa-check-circle text-green-500 text-xl"&gt;&lt;/i&gt;&lt;/td&gt;
    &lt;td&gt;&lt;i class="fas fa-check-circle text-green-500 text-xl"&gt;&lt;/i&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
    &lt;td&gt;Self Hosted Varnish&lt;/td&gt;
    &lt;td&gt;&lt;i class="fas fa-check-circle text-green-500 text-xl"&gt;&lt;/i&gt;&lt;/td&gt;
    &lt;td&gt;&lt;i class="fas fa-check-circle text-green-500 text-xl"&gt;&lt;/i&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
    &lt;td&gt;Cloudfront&lt;/td&gt;
    &lt;td&gt;&lt;i class="fas fa-times-circle text-red-700 text-xl"&gt;&lt;/i&gt;&lt;/td&gt;
    &lt;td&gt;&lt;i class="fas fa-times-circle text-red-700 text-xl"&gt;&lt;/i&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;

&lt;h2&gt;Enterprise or essential?&lt;/h2&gt;
&lt;p&gt;In our view, cache tags are an essential feature for any &lt;a href="/learning/cdn/"&gt;CDN&lt;/a&gt; trying to maximise cache performance.
They make cache invalidation targeted and efficient, which protects hit rates and reduces work on the origin server. They
shouldn't be walled off in an Enterprise-level package.&lt;/p&gt;</content><category term="Performance"></category><category term="Caching"></category><category term="CDN"></category><category term="Drupal"></category><category term="Web Performance"></category></entry><entry><title>ZDNS - scan the entire internet</title><link href="https://www.peakhour.io/blog/zdns/" rel="alternate"></link><published>2023-06-20T13:00:00+10:00</published><updated>2023-06-20T13:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2023-06-20:/blog/zdns/</id><summary type="html">&lt;p&gt;Details the use of ZDNS, a high-performance DNS toolkit, to create a comprehensive Reverse DNS (rDNS) lookup database by scanning the entire internet, and how randomizing the IP space overcomes UDP timeout issues.&lt;/p&gt;</summary><content type="html">&lt;p&gt;The lack of a free &lt;a href="/learning/reverse-dns-lookup/"&gt;Reverse DNS&lt;/a&gt; (rDNS) lookup database has made large-scale DNS research harder. To address this,
we used ZDNS, an open-source, high-performance DNS toolkit developed by Stanford University, to create our own
rDNS database. To reduce UDP timeout issues during rDNS operations, we devised a scan-ordering approach that randomised
the IP space and improved the efficiency of the scanning process.&lt;/p&gt;
&lt;h2&gt;Leveraging ZDNS for rDNS Lookups Across the Internet&lt;/h2&gt;
&lt;p&gt;Understanding rDNS is useful for internet operations and research. Active DNS measurement helps us inspect how providers
advertise the use of their IP address space. One of the components of this ecosystem is Reverse DNS (rDNS), which serves
an important role in IP database categorisation and ASN (Autonomous System Number) classification. However, running rDNS
across the entire internet is not a trivial task.&lt;/p&gt;
&lt;p&gt;Previously, Rapid7 provided a free database for rDNS lookups, but it has discontinued the offering. This situation has
prompted the need to create our own database, calling for a robust, efficient, and scalable tool to accomplish
the task. ZDNS was the right fit.&lt;/p&gt;
&lt;h2&gt;Introducing ZDNS&lt;/h2&gt;
&lt;p&gt;ZDNS, a part of the ZMap.io project, is a capable tool developed by Stanford University to support scalable and
reproducible DNS research. ZDNS is an open-source DNS measurement framework specifically optimised for large-scale
DNS research on the public internet. It can resolve 50 million domains in 10 minutes and query the PTR records of the
complete public IPv4 address space in approximately 12 hours.&lt;/p&gt;
&lt;p&gt;This high-performance toolkit offers a modular interface, enabling researchers to safely implement new functionalities.
Its architecture is designed to expose &lt;a href="/learning/web-concepts/what-is-reverse-dns-lookup/"&gt;DNS lookup&lt;/a&gt; chains by performing recursive resolution. ZDNS supports a
command-line interface and outputs results in JSON, a machine-parsable format.&lt;/p&gt;
&lt;h2&gt;Enhancements by ZDNS&lt;/h2&gt;
&lt;p&gt;ZDNS's architecture and feature set are tailored to the challenges of extensive DNS research. Its guiding
principles are that the DNS lookup chain is exposed, and that the tool is safe, easy to use, and extensible.&lt;/p&gt;
&lt;p&gt;ZDNS's performance optimisations make it a suitable tool for DNS experiments that require querying a large number of
names. Parallelism, UDP socket reuse, and selective caching are some of the critical performance optimisations that
enable ZDNS to efficiently handle large volumes of DNS queries.&lt;/p&gt;
&lt;p&gt;ZDNS's scalability, execution time, and success rate have been evaluated against several existing tools, showcasing its
performance. For instance, when it comes to exposing the DNS lookup chain, ZDNS is 85 times faster than Dig.
ZDNS also outperforms other higher-performance tools, achieving 2.6 to 3.6 times more successful queries per second and
experiencing about 30% less packet drop than MassDNS.&lt;/p&gt;
&lt;h2&gt;Our rDNS Journey&lt;/h2&gt;
&lt;p&gt;When we started scanning the whole internet with rDNS, we hit a practical roadblock: UDP timeouts made the scans
slow. The system spent too much time waiting for responses from parts of the internet that were either empty or broken.&lt;/p&gt;
&lt;p&gt;We used two changes. Firstly, instead of scanning the internet's addresses in order, we mixed them
up and scanned randomly. This spread out our requests and stopped the system from getting stuck on troublesome ranges.
Secondly, we checked smaller sections of the internet first, so we did not waste time waiting for big chunks of the
internet that weren't responding.&lt;/p&gt;
&lt;p&gt;With these changes, we scanned the whole internet in &lt;em&gt;13 days&lt;/em&gt;, finding over a &lt;em&gt;billion addresses&lt;/em&gt;. The main lesson was
straightforward: scan order matters when timeout behaviour dominates runtime.&lt;/p&gt;
&lt;h2&gt;Wrapping Up&lt;/h2&gt;
&lt;p&gt;ZDNS has proven to be a valuable tool for DNS research, especially for substantial tasks like performing a reverse
DNS scan of the entire internet. Our experience underscores the value of practical adjustments when dealing with
large-scale challenges, like randomising the IP space to avoid delays caused by UDP timeouts.&lt;/p&gt;
&lt;p&gt;As an open-source tool, ZDNS is available on Github. For more detail, read the award-winning paper presented at IMC
2022.&lt;/p&gt;
&lt;p&gt;Our work with ZDNS shows its value in DNS research and the operational detail involved in large-scale DNS work. By
randomising the scan order, we mitigated timeout issues and improved the efficiency of our scanning process.&lt;/p&gt;
&lt;div class="footnote"&gt;
&lt;hr&gt;
&lt;ol&gt;
&lt;li id="fn:1^"&gt;
&lt;p&gt;Izhikevich, L., Akiwate, G., Berger, B., Drakontaidis, S., Ascheman, A., Pearce, P., Adrian, D., &amp;amp; Durumeric, Z. (2022). ZDNS: a fast DNS toolkit for internet measurement. In Proceedings of the 22nd ACM Internet Measurement Conference (pp. 33-43). https://doi.org/10.1145/3517745.3561434&amp;#160;&lt;a class="footnote-backref" href="#fnref:1^" title="Jump back to footnote 1 in the text"&gt;&amp;#8617;&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li id="fn:2^"&gt;
&lt;p&gt;ZMap Project. (n.d.). ZDNS. GitHub. Retrieved 2023-05-15 13:00, from https://github.com/zmap/zdns.&amp;#160;&lt;a class="footnote-backref" href="#fnref:2^" title="Jump back to footnote 2 in the text"&gt;&amp;#8617;&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;/div&gt;</content><category term="Technical"></category><category term="DNS"></category><category term="CDN"></category><category term="Rate Limiting"></category><category term="Residential Proxies"></category><category term="DDoS"></category></entry><entry><title>Maximising Website Speed</title><link href="https://www.peakhour.io/blog/maximising-website-speed-an-essential-strategy/" rel="alternate"></link><published>2023-06-07T12:31:00+10:00</published><updated>2023-10-12T00:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2023-06-07:/blog/maximising-website-speed-an-essential-strategy/</id><summary type="html">&lt;p&gt;How can maximising website speed boost your company's revenue, especially during an impending economic recession?&lt;/p&gt;</summary><content type="html">&lt;p&gt;As businesses prepare for a global economic downturn, every source of friction matters. One of the most controllable is
&lt;a href="/blog/wordpress-plugin/"&gt;website speed&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;For many customers, the website is where they first test whether a business is worth their time. They learn about the
company, compare products, read content, and, if the experience holds up, buy. Loading time shapes that first
impression, affects engagement, and can change whether a visitor becomes a customer.&lt;/p&gt;
&lt;p&gt;This article looks at why speed deserves attention when trading conditions tighten. It covers search rankings,
conversion impact, and published case studies where faster sites produced measurable gains.&lt;/p&gt;
&lt;h2&gt;The Need for Speed&lt;/h2&gt;
&lt;p&gt;Website speed is not an abstract technical score. It is how quickly users can see and interact with content. A delay
measured in milliseconds can affect engagement, conversion rates, and customer retention.&lt;/p&gt;
&lt;p&gt;Speed matters because user expectations are set by fast services and fast networks. When a page feels slow, people leave
and are less likely to return.&lt;/p&gt;
&lt;p&gt;Speed also affects how search engines, including Google, rank
&lt;a href="/learning/performance/how-to-pass-core-web-vitals/"&gt;your website&lt;/a&gt;. For businesses trying to remain visible in a crowded market, especially
during an economic downturn, performance is a practical lever.&lt;/p&gt;
&lt;h2&gt;Correlation with Search Rankings&lt;/h2&gt;
&lt;p&gt;The relationship between website speed and search rankings is supported by research and by statements from Google. A few
years ago, Google announced that page speed would be a ranking factor. The change reflected Google's focus on relevant,
usable pages.&lt;/p&gt;
&lt;p&gt;Websites that meet all of Google's requirements receive a slight advantage, ranking
&lt;a href="https://www.sistrix.com/support/sistrix-visibility-index-explanation-background-and-calculation/" title="Visibility Index"&gt;one percentage point higher than the average&lt;/a&gt;. These requirements cover several areas, from content relevance and
quality to mobile-friendliness and &lt;a href="/solutions/use-case/improve-web-vitals/"&gt;page speed&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;By contrast, websites that fail to meet at least one of Google's requirements can sit at a measurable disadvantage,
&lt;a href="https://www.sistrix.com/support/sistrix-visibility-index-explanation-background-and-calculation/" title="Visibility Index"&gt;ranking 3.7 percentage points lower&lt;/a&gt;. That matters when search visibility is already under pressure.&lt;/p&gt;
&lt;p&gt;Google's Core Web Vitals have also become a measurable factor in search rankings. These vitals measure aspects of page
speed and user experience, showing how speed and SEO (Search Engine Optimisation) now overlap.&lt;/p&gt;
&lt;p&gt;&lt;a href="https://crystallize.com/blog/this-is-how-much-site-speed-affects-google-seo-ranking-with-data" title="How Site Speed Affects SEO &amp;amp; Google Rankings (With Data)?"&gt;A study by Crystallize&lt;/a&gt; also found a correlation between speed and SEO. In their page speed score experiment, a page
with a high score ranked #1 in Google with a featured snippet for the optimised item. Unoptimised pages with lower speed
scores did not appear in search results.&lt;/p&gt;
&lt;p&gt;The practical point is straightforward: website speed can improve search visibility. In an economic downturn, that extra
visibility can matter.&lt;/p&gt;
&lt;h2&gt;Conversion Impact of Speed&lt;/h2&gt;
&lt;p&gt;Speed also affects conversion rates. Deloitte's 'Milliseconds Make Millions' report shows how small improvements in
loading time can change commercial outcomes.&lt;/p&gt;
&lt;p&gt;The study examined a 0.1 second decrease in loading time across different market sectors. In retail, &lt;a href="https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/Consulting/Milliseconds_Make_Millions_report.pdf" title="Milliseconds Make Millions"&gt;a quicker page
loading time led to an 8.4% rise in conversion rates&lt;/a&gt; and a &lt;a href="https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/Consulting/Milliseconds_Make_Millions_report.pdf" title="Milliseconds Make Millions"&gt;9.2% improvement in average shopping basket size&lt;/a&gt;. The
travel sector saw a &lt;a href="https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/Consulting/Milliseconds_Make_Millions_report.pdf" title="Milliseconds Make Millions"&gt;10.1% increase in conversion rates&lt;/a&gt; and a &lt;a href="https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/Consulting/Milliseconds_Make_Millions_report.pdf" title="Milliseconds Make Millions"&gt;1.9% rise in average basket size&lt;/a&gt;. For luxury
brands, faster loading times resulted in an &lt;a href="https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/Consulting/Milliseconds_Make_Millions_report.pdf" title="Milliseconds Make Millions"&gt;8.6% increase in page views per session&lt;/a&gt; and an &lt;a href="https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/Consulting/Milliseconds_Make_Millions_report.pdf" title="Milliseconds Make Millions"&gt;8.3% decrease in form
bounce rates&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;Peakhour clients have seen the same pattern. Pharmacy Direct reported a 30% increase in conversions and order value
after reducing page load time by 90%. Kitchen Warehouse saw a 150% increase in revenue after decreasing page load times
by 70%.&lt;/p&gt;
&lt;p&gt;These numbers show that page speed is tied to business metrics, not just technical scores. The scale varies by site and
sector, but the direction is consistent across the cited examples.&lt;/p&gt;
&lt;h2&gt;Real-Life Success Stories&lt;/h2&gt;
&lt;p&gt;The effects of website speed optimisation are visible in published case studies:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;French linen brand Carré Blanc saw a &lt;a href="https://info.fasterize.com/etude-de-cas-carre-blanc" title="[Success Story] Carré Blanc : des conversions et un CA boostés par un site rapide"&gt;25% increase in conversion rates&lt;/a&gt; after improving web page loading
   speed.&lt;/li&gt;
&lt;li&gt;Renault optimised the Largest Contentful Paint (LCP), leading to a 14 percentage point decrease in bounce
   rate and a &lt;a href="https://web.dev/renault/" title="How Renault improved its bounce and conversion rates by measuring and optimizing Largest Contentful Paint"&gt;13% rise in conversions&lt;/a&gt;.&lt;/li&gt;
&lt;li&gt;E-commerce platform eBay found that every 100ms improvement in search page loading time resulted in a &lt;a href="https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/Consulting/Milliseconds_Make_Millions_report.pdf" title="Milliseconds Make Millions"&gt;0.5% increase
   in additions to the shopping cart&lt;/a&gt;.&lt;/li&gt;
&lt;li&gt;SnipesUSA.com &lt;a href="https://www.digitalcommerce360.com/2020/10/07/snipesusa-invests-in-site-speed-now-and-for-the-future/" title="Snipes invests in site speed now and for the future"&gt;doubled their average conversion rate&lt;/a&gt; from about 1% to about 2% by decreasing load times by
   30%.&lt;/li&gt;
&lt;li&gt;French toy retailer King Jouet enjoyed a &lt;a href="https://www.fasterize.com/fr/blog/king-jouet-soulage-ses-serveurs-et-maintient-la-fluidite-de-la-navigation-pendant-les-pics-de-charge-grace-a-fasterize/" title="Soldes : comment King Jouet maintient une navigation fluide pendant les pics de charge "&gt;5% increase in conversion rates&lt;/a&gt; within a month through page speed
   optimisation.&lt;/li&gt;
&lt;li&gt;AliExpress, a global online retail marketplace, experienced a 10.5% increase in orders and a 27% increase in
   conversions for new customers by reducing loading time by 36%.&lt;/li&gt;
&lt;li&gt;Boutique designer brand Revelry saw 43% faster page loading, an 8% decrease in bounce rates, and a &lt;a href="https://www.digitalcommerce360.com/2020/09/22/revelrys-bounce-rate-plummets-with-faster-site/" title="Revelry’s bounce rate plummets with faster site"&gt;30% increase in
   conversions&lt;/a&gt; after optimising images on their eCommerce site.&lt;/li&gt;
&lt;li&gt;Zalando, an online fashion platform, reported a &lt;a href="https://engineering.zalando.com/posts/2018/06/loading-time-matters.html" title="Loading Time Matters"&gt;revenue increase of 0.7% per session&lt;/a&gt; by reducing web page loading
   time by 100ms.&lt;/li&gt;
&lt;li&gt;Pinterest observed a &lt;a href="https://medium.com/pinterest-engineering/driving-user-growth-with-performance-improvements-cfc50dafadd7" title="Driving user growth with performance improvements"&gt;15% increase in platform registrations&lt;/a&gt; following an improvement in loading speed.&lt;/li&gt;
&lt;li&gt;Telecommunications company Vodafone saw an &lt;a href="https://web.dev/vodafone/" title="Vodafone: A 31% improvement in LCP increased sales by 8%"&gt;8% sales increase&lt;/a&gt; with a 31% improvement in Largest Contentful Paint (
    LCP).&lt;/li&gt;
&lt;li&gt;Mobile marketplace Swappie achieved a &lt;a href="https://web.dev/swappie/" title="How Swappie increased mobile revenue by 42% by focusing on Core Web Vitals"&gt;42% increase in mobile revenue&lt;/a&gt; by focusing on Core Web Vitals.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;These examples show how improving loading speed can lift conversion rates and revenue.&lt;/p&gt;
&lt;h2&gt;Optimising for Search Performance&lt;/h2&gt;
&lt;p&gt;Speed also affects search performance beyond organic ranking. Several examples point to paid search impact:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Lever Interactive Agency reported that one of their clients improved their Quality Score, resulting in a &lt;a href="https://leverinteractive.com/blog/why-page-speed-is-more-than-just-seo/" title="Why Page Speed is More Than Just SEO"&gt;17% decrease
   in Cost Per Click&lt;/a&gt; (CPC), a &lt;a href="https://leverinteractive.com/blog/why-page-speed-is-more-than-just-seo/" title="Why Page Speed is More Than Just SEO"&gt;31% decrease in Cost Per Acquisition&lt;/a&gt; (CPA), and a &lt;a href="https://leverinteractive.com/blog/why-page-speed-is-more-than-just-seo/" title="Why Page Speed is More Than Just SEO"&gt;20% increase in conversion rate&lt;/a&gt; on
   faster landing pages.&lt;/li&gt;
&lt;li&gt;Crystallize Headless Commerce noted that scoring high in the Quality Score can lead to significant benefits,
   including up to a &lt;a href="https://crystallize.com/blog/site-speed-affects-adwords-pricing" title="Site Speed Affects Adwords Pricing"&gt;50% discount on CPC prices&lt;/a&gt;. Conversely, a low Quality Score can result in paying up to 400% extra,
   severely impacting your marketing budget.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Core Web Vitals have also become a priority for eCommerce platform Shopify. The company continues to optimise speed
performance to improve search rankings.&lt;/p&gt;
&lt;p&gt;These cases show why performance work needs to be ongoing, especially where search traffic and paid acquisition costs
are material to the business.&lt;/p&gt;
&lt;h2&gt;Enhancing Engagement&lt;/h2&gt;
&lt;p&gt;Engagement is not separate from speed. A fast, well-optimised site gives users less reason to leave and more opportunity
to browse, compare, and interact. The data supports this in several ways.&lt;/p&gt;
&lt;p&gt;Take eCommerce for instance. Customers are 10% more likely to recommend an eCommerce website when pages load in 10
seconds instead of 13 seconds. The likelihood of recommendation rises to 26% if loading time is reduced to 3 seconds.
That shows how quickly performance changes user perception.&lt;/p&gt;
&lt;p&gt;Other companies have also seen measurable effects from speed optimisation. Netflix implemented Gzip compression for
resource optimisation, resulting in a 43% reduction in outbound traffic. Yahoo Japan News saw &lt;a href="https://web.dev/yahoo-japan-news/" title="How CLS optimizations increased Yahoo! JAPAN News's page views per session by 15%"&gt;increases in both page
views per session and session times (15% and 13% respectively)&lt;/a&gt;, as well as a 1.72% decrease in bounce rate, by
improving their Cumulative Layout Shift (CLS) by 0.2 points.&lt;/p&gt;
&lt;p&gt;Google has also published data linking Core Web Vitals to engagement. Their data showed that favourable Core Web Vitals
scores can &lt;a href="https://blog.chromium.org/2020/05/the-science-behind-web-vitals.html" title="The Science Behind Web Vitals"&gt;reduce the likelihood of users abandoning a page&lt;/a&gt; before it loads by up to 24%. Meeting Core Web Vitals
thresholds also led to an overall &lt;a href="https://web.dev/economic-times-cwv/" title="How The Economic Times passed Core Web Vitals thresholds and achieved an overall 43% better bounce rate"&gt;43% improvement in bounce rate&lt;/a&gt; for The Economic Times.&lt;/p&gt;
&lt;p&gt;The agriculture e-commerce platform, Agrofy, improved their Core Web Vitals scores by 70% for LCP and 72% for CLS,
resulting in a &lt;a href="https://web.dev/agrofy/" title="Agrofy: A 70% improvement in LCP correlated to a 76% reduction in load abandonment"&gt;76% reduction in abandonment rate&lt;/a&gt;. Again, the useful lesson is not just that the site became faster.
It is that users behaved differently once it did.&lt;/p&gt;
&lt;h2&gt;Key Speed Metrics&lt;/h2&gt;
&lt;p&gt;Website speed is about more than full-page load time. Several metrics help assess how fast and stable a page feels to a
user. Google's &lt;a href="https://developers.google.com/speed/docs/insights/v5/about" title="About PageSpeed Insights"&gt;Pagespeed Insights&lt;/a&gt; lists the following important metrics:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Largest Contentful Paint (LCP)&lt;/strong&gt; measures the time taken to load the largest visible content on the page. The ideal
   target for this is less than 2.5 seconds. This metric matters because it provides a clear indicator of perceived
   load speed for the user.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Cumulative Layout Shift (CLS)&lt;/strong&gt; evaluates the visual stability of a page during loading. The target here is less
   than 0.1. This helps limit content jumping or shifting while the page loads, providing a smoother user experience.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;First Input Delay&lt;/strong&gt; determines how quickly a page responds to user input, with the target being less than 0.1
   seconds. This metric measures the interactivity and responsiveness of a website.&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Together, these metrics show whether a website delivers a fast, smooth user experience.&lt;/p&gt;
&lt;h2&gt;User Expectations and Impact on Business&lt;/h2&gt;
&lt;p&gt;Users expect pages to respond quickly. When they do not, speed becomes a business issue rather than only an engineering
issue.&lt;/p&gt;
&lt;p&gt;According to Think with Google, slow-loading pages can affect user experience, resulting in higher bounce rates,
negative brand perception, and an impact on conversions and revenue. When users have to wait too long for a webpage to
load, they are likely to leave and look for a faster experience elsewhere.&lt;/p&gt;
&lt;p&gt;Digital marketing expert Neil Patel highlights that a 1-second delay in page response can lead to a &lt;a href="https://neilpatel.com/blog/loading-time/" title="How Loading Time Effects Your Bottom Line"&gt;7% reduction in
conversions&lt;/a&gt;. To put that into perspective, if an e-commerce site is making $100,000 per day, a 1-second page delay
could cost $2.5 million in lost sales every year.&lt;/p&gt;
&lt;p&gt;Akamai also found that &lt;a href="https://www.akamai.com/newsroom/press-release/akamai-releases-spring-2017-state-of-online-retail-performance-report" title="Akamai Online Retail Performance Report"&gt;53% of mobile site visitors will leave a page&lt;/a&gt; that takes longer than three seconds to load.
This shows the standards modern users have for &lt;a href="/blog/testing-sitespeed-lighthouse/"&gt;website performance&lt;/a&gt; and the revenue
risk for businesses that fail to meet them.&lt;/p&gt;
&lt;h2&gt;Common Culprits&lt;/h2&gt;
&lt;p&gt;If your website is running slowly, a few common issues could be to blame. The usual causes are technical and operational:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Time to First Byte (TTFB)&lt;/strong&gt; is the time it takes for the first byte of data to be received from the server. High
   TTFB can affect loading times and should be minimised.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Large Page Size and Resources&lt;/strong&gt; can also contribute to slow loading times. This includes heavy content, such as
   images, videos, or large files. Optimising these resources can materially improve loading speed.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Third-Party Resources&lt;/strong&gt; like ads, plugins, or widgets can require additional loading time. While these are often
   necessary, they need to be managed carefully to avoid excessive loading delays.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;JavaScript&lt;/strong&gt; can be a double-edged sword. While it enables advanced functionality, complex or poorly optimised
   JavaScript code can also hinder performance.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Single-Page Applications (SPAs)&lt;/strong&gt; may experience slower initial loading due to their extensive scripting
   requirements, but they often offer faster navigation once loaded.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Busy Servers Handling Bot Traffic&lt;/strong&gt; can also cause slowdowns. Bot traffic, in some instances, can account for over
   40% of server load. Managing this effectively can help improve website speed.&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Understanding which of these factors applies to your site helps you focus performance work where it will matter.&lt;/p&gt;
&lt;h2&gt;Continuous Monitoring and Performance Optimisation&lt;/h2&gt;
&lt;p&gt;Getting a site fast once is not enough. Speed can regress as content, third-party tags, releases, and traffic patterns
change, so monitoring and performance optimisation need to be continuous.&lt;/p&gt;
&lt;p&gt;Tools such as Google's Pagespeed Insights can help track website performance. Regular checks of key metrics can show
which issues are slowing the site down and which changes need attention.&lt;/p&gt;
&lt;p&gt;It is also important to test improvements on a staging website before deploying them to production. That reduces the
risk of disrupting live performance or user experience. Regular diagnostic testing and iterative improvements help keep
the site aligned with current performance expectations.&lt;/p&gt;
&lt;p&gt;As SEO consulting company Moz highlights, &lt;a href="https://moz.com/"&gt;focusing on continuous performance optimisation can have significant benefits.&lt;/a&gt;
It can help maintain a fast, usable site and support higher search rankings, better engagement, and increased
conversions and revenue.&lt;/p&gt;
&lt;h2&gt;Preparing for the Coming Recession&lt;/h2&gt;
&lt;p&gt;With an economic downturn on the horizon, a fast, well-optimised website becomes more important. Consumers are likely to
be more selective with their spending, and businesses will need to compete harder for each sale.&lt;/p&gt;
&lt;p&gt;A fast website can be a useful differentiator in this environment. It can &lt;a href="/blog/magento-1-plugin/"&gt;boost your&lt;/a&gt; search
rankings, making the site more visible to potential customers. It can improve engagement by giving visitors fewer
reasons to leave. It can also increase conversion rates, which has a direct effect on sales.&lt;/p&gt;
&lt;p&gt;In this context, website speed is not cosmetic. It is an operating requirement. The work is to measure the current
experience, fix the main bottlenecks, and keep monitoring performance as the site changes.&lt;/p&gt;
&lt;p&gt;The data and case studies point in the same direction: speed optimisation is a practical investment. It helps align the
website with user expectations and makes the site a more effective part of the business.&lt;/p&gt;
&lt;p&gt;Website speed is measurable, improvable, and commercially relevant. For businesses preparing for tighter conditions, it
deserves active management rather than occasional clean-up.&lt;/p&gt;</content><category term="Performance"></category><category term="Web Performance"></category><category term="SEO"></category><category term="Analytics"></category><category term="Magento"></category><category term="Core Web Vitals"></category><category term="CDN"></category></entry><entry><title>Down But Not Out - JXL Will Return on Safari</title><link href="https://www.peakhour.io/blog/jpeg-xl-down-but-not-out/" rel="alternate"></link><published>2023-06-04T00:00:00+10:00</published><updated>2023-06-04T00:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2023-06-04:/blog/jpeg-xl-down-but-not-out/</id><summary type="html">&lt;p&gt;What Apple's announcement of JPEG-XL support means for the web ecosystem.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Just as we were &lt;a href="/blog/the-death-of-jxl/"&gt;coming to terms&lt;/a&gt; with the controversial decision by Google to drop support for JPEG-XL (JXL) in Chrome,
Apple announced support for JXL during the WWDC June 5th livestream. That is a meaningful shift. JXL was down, but not
out.&lt;/p&gt;
&lt;p&gt;Google's decision to stop JXL support in Chrome surprised us at Peakhour, along with plenty of others who care about
web performance and image delivery. Google Chrome, as the most used browser globally, often sets the course for web
standards. In deciding to drop JXL, Google appeared to be exercising its dominance over those standards, and the decision
drew real debate in the web community.&lt;/p&gt;
&lt;p&gt;Apple's announcement changes the picture. Apple has long pushed high dynamic colour and high-resolution features, and
Safari support is a useful signal for image delivery. By bringing JXL support to Safari, Apple is giving this promising
image format a fair go.&lt;/p&gt;
&lt;p&gt;This move also hints at wider JXL support across the entire Apple ecosystem, which includes iPad, iPhone, Mac, and Apple
TV. While there are still some limitations - embedded colour profiles and animations are not yet supported in the
current MacOS Sonoma beta - we hope these gaps are fixed soon.&lt;/p&gt;
&lt;p&gt;At Peakhour, this is good news. We look forward to welcoming Apple users to our websites, where they will be able to see
the quality benefits of JXL images as soon as their operating systems support it.&lt;/p&gt;
&lt;p&gt;This turn of events gives JXL a much-needed boost. It does not undo Google's Chrome decision, but it keeps the format in
play and makes the future of web image formats less settled than it looked a short while ago.&lt;/p&gt;</content><category term="Interest"></category><category term="Core Web Vitals"></category><category term="Browser Fingerprinting"></category><category term="CDN"></category></entry><entry><title>Understanding HTTP Link Headers</title><link href="https://www.peakhour.io/blog/http-link-headers/" rel="alternate"></link><published>2023-05-24T13:00:00+10:00</published><updated>2023-05-24T13:00:00+10:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2023-05-24:/blog/http-link-headers/</id><summary type="html">&lt;p&gt;HTTP Link headers are a relatively unknown but powerful way to improve page load times.&lt;/p&gt;</summary><content type="html">&lt;p&gt;HTTP headers are part of browser requests and server responses. They carry information about the
connecting client, the requested resource, the server, and other request context.
An HTTP header has a case-insensitive name followed by a colon (:), then its value. Headers are used for
authentication information, content negotiation, and related protocol behaviour. Here are some sample
request headers sent by my browser when requesting a page on the Peakhour website:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="n"&gt;Accept&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;text&lt;/span&gt;&lt;span class="sr"&gt;/html,application/xhtml+xml,application/xml;q=0.9,*/&lt;/span&gt;&lt;span class="o"&gt;*;&lt;/span&gt;&lt;span class="n"&gt;q&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="mf"&gt;0.8&lt;/span&gt;
&lt;span class="n"&gt;Accept&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Encoding&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;gzip&lt;/span&gt;&lt;span class="o"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;deflate&lt;/span&gt;&lt;span class="o"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;br&lt;/span&gt;
&lt;span class="n"&gt;Accept&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Language&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;en&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;AU&lt;/span&gt;&lt;span class="o"&gt;,&lt;/span&gt;&lt;span class="n"&gt;en&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="n"&gt;q&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="mf"&gt;0.9&lt;/span&gt;
&lt;span class="n"&gt;Connection&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;keep&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;alive&lt;/span&gt;
&lt;span class="n"&gt;Cookie&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;_ga_NRWSVE0PSC&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;GS1&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="mf"&gt;1.1685943893&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="mf"&gt;13.0&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="mf"&gt;1685943893.0&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="mf"&gt;0.0&lt;/span&gt;
&lt;span class="n"&gt;Host&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;www&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="na"&gt;peakhour&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="na"&gt;io&lt;/span&gt;
&lt;span class="n"&gt;Sec&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Fetch&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Dest&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;document&lt;/span&gt;
&lt;span class="n"&gt;Sec&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Fetch&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Mode&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;navigate&lt;/span&gt;
&lt;span class="n"&gt;Sec&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Fetch&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Site&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;none&lt;/span&gt;
&lt;span class="n"&gt;User&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Agent&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;Mozilla&lt;/span&gt;&lt;span class="sr"&gt;/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4.1 Safari/&lt;/span&gt;&lt;span class="mf"&gt;605.1&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="mi"&gt;15&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;h2&gt;The HTTP Link header&lt;/h2&gt;
&lt;p&gt;An HTTP Link header lets a server send
context about a document back to a client. It can identify related
resources or the direct location of a specific asset. For page-load optimisation, Link headers can be an alternative to
putting preload/preconnect/prefetch hints in the HTML.&lt;/p&gt;
&lt;h2&gt;History&lt;/h2&gt;
&lt;p&gt;HTTP Link headers were proposed as a standard in the late 1990s, around the same time the
HTTP/1.1 protocol was defined. However, it wasn't until 2010 that HTTP Link headers were officially recognised by
the Internet Engineering Task Force (IETF) in RFC 5988, which described their purpose and functionality.&lt;/p&gt;
&lt;h2&gt;Uses&lt;/h2&gt;
&lt;p&gt;HTTP Link headers have several uses in web development. Some common examples are:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Pagination&lt;/strong&gt;: Say we have a blog site with hundreds of posts, and we display 10 posts per page.
  When a user requests a page, we can use Link headers to provide URLs for the next and previous pages.
  This helps navigation through the large list of posts. Here's an example of how it might look:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;Link:&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="err"&gt;&amp;lt;&lt;/span&gt;/posts?page=2&amp;gt;;&lt;span class="w"&gt; &lt;/span&gt;rel=&amp;quot;next&amp;quot;,&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="err"&gt;&amp;lt;&lt;/span&gt;/posts?page=4&amp;gt;;&lt;span class="w"&gt; &lt;/span&gt;rel=&amp;quot;prev&amp;quot;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Preloading&lt;/strong&gt;: Suppose we have a heavy image or a large CSS file that we know will be required for a webpage.
  We can use a Link header to tell the browser to start downloading it early, improving the perceived page
  load speed. For instance:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="n"&gt;Link&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="o"&gt;&amp;lt;/&lt;/span&gt;&lt;span class="n"&gt;images&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;big&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;picture&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;jpg&lt;/span&gt;&lt;span class="o"&gt;&amp;gt;&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;rel&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nb"&gt;preload&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="k"&gt;as&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;image&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Resource Hints&lt;/strong&gt;: Link headers can give the browser hints about resources that might be needed in the
  future, so the browser can decide whether to fetch them ahead of time. For instance:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="nt"&gt;Link&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="o"&gt;&amp;lt;/&lt;/span&gt;&lt;span class="nt"&gt;scripts&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="nt"&gt;myscript&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;js&lt;/span&gt;&lt;span class="o"&gt;&amp;gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;rel&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;prefetch&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Comparison to Link Tags and Why Headers Can Be Better&lt;/h2&gt;
&lt;p&gt;Now you might be wondering, "Why use Link headers when we can use HTML Link tags?" There are several reasons
HTTP Link headers might be a better choice:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Faster Processing&lt;/strong&gt;: Since HTTP Link headers are part of the HTTP response, they arrive before the HTML document.
  This allows browsers to start preloading or prefetching resources sooner, which can improve page load times.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Greater Flexibility&lt;/strong&gt;: HTTP Link headers can be used in situations where HTML Link tags cannot. For instance, they
  can be used with file types that don't support HTML, like JSON or XML. They can also be added by a third party, e.g.,
  &lt;strong&gt;an edge delivery layer such as Peakhour&lt;/strong&gt;, without the need to parse and rewrite the HTML document.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Less Clutter&lt;/strong&gt;: Link headers can make your HTML less cluttered, as you can avoid filling the HTML document with
  numerous Link tags.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;HTTP Link headers are a small part of HTTP, but they are useful for performance and flexibility. An edge delivery layer
can add Link headers without the overhead of parsing or manipulating the main document, which makes them useful for
optimising website performance.&lt;/p&gt;</content><category term="Learning"></category><category term="HTTP"></category><category term="Web Performance"></category><category term="Caching"></category><category term="Rate Limiting"></category><category term="Core Web Vitals"></category><category term="CDN"></category></entry><entry><title>Multi-Origin Load Balancing</title><link href="https://www.peakhour.io/blog/multi-origin-load-balancing/" rel="alternate"></link><published>2023-04-11T13:00:00+10:00</published><updated>2023-04-11T13:00:00+10:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2023-04-11:/blog/multi-origin-load-balancing/</id><summary type="html">&lt;p&gt;Websites with a global audience need more than just a traditional CDN. They need geographic multi origin load balancing.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Websites and applications with global audiences often run into a problem that a standard CDN cannot always hide: not
every request can be served from cache. Traditional Content Delivery Networks (CDNs) reduce latency by distributing
content across multiple points of presence (POPs) around the world. But when content has to be fetched from a distant
origin server, for example dynamic content that cannot be cached, users still wait on that round trip. This post explains
the problem multi-origin &lt;a href="/learning/load-balancing/"&gt;load balancing&lt;/a&gt; solves and how Peakhour handles it.&lt;/p&gt;
&lt;h2&gt;Understanding the Problem&lt;/h2&gt;
&lt;p&gt;Web content usually starts from a single server, called the origin server. As a website's audience grows, that server
takes more traffic, which can slow response times. CDNs reduce the pressure by caching and delivering content from
servers distributed across multiple geographic locations. When the content is already cached, this reduces origin load
and lowers latency for users accessing the content.&lt;/p&gt;
&lt;p&gt;However, traditional CDNs still have limits when serving global audiences. If a user requests content that is not cached
in the CDN, the request has to go back to the origin server. If that origin is far away from the user, latency increases
and pages take longer to load.&lt;/p&gt;
&lt;p&gt;Multi-origin load balancing addresses that remaining gap in &lt;a href="/learning/cdn/"&gt;CDN&lt;/a&gt; performance and further reduces latency.&lt;/p&gt;
&lt;h2&gt;Introducing Multi-Origin Load Balancing&lt;/h2&gt;
&lt;p&gt;Traditional load balancing distributes traffic evenly across two or more servers that
are physically hosted in the same location.&lt;/p&gt;
&lt;p&gt;Multi-origin load balancing extends that approach across origin servers in different geographical locations. The
Peakhour EDGE can select the closest origin server to a user, or choose a different origin based on criteria such as
device type, user preferences, or URL. For requests not stored in the CDN, this reduces the time spent crossing long
network paths.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Real-Time Performance Monitoring:&lt;/strong&gt; Peakhour continuously monitors its global network of servers in real time. This
allows the system to detect potential issues or bottlenecks and adjust routing. If one origin server experiences high
traffic or goes offline, Peakhour can reroute user requests to the next best server to keep the site responsive.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Adaptive Content Caching:&lt;/strong&gt; Peakhour Edge uses adaptive content caching strategies, which dynamically cache both
static and dynamic content based on user behaviour and request patterns. Frequently requested dynamic elements, such as
personalised user data or search results, are cached on edge servers, reducing the need to fetch content from the
origin servers and further minimising latency.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Load Balancing and Failover:&lt;/strong&gt; Peakhour's multi-origin load balancing is complemented by load balancing and failover
mechanisms. These features keep the system resilient and responsive during periods of high traffic or server outages.
By distributing user requests evenly across origin servers and automatically redirecting traffic when a server fails,
Peakhour maintains a stable and reliable content delivery experience for users worldwide.&lt;/p&gt;
&lt;h2&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;Multi-origin load balancing addresses the limitations of traditional CDNs by optimising content delivery for a global
audience. Peakhour Edge reduces latency and improves the experience for users who would otherwise wait on a distant
origin server.&lt;/p&gt;
&lt;p&gt;As web content and applications grow in complexity and reach, origin placement and routing become part of performance
planning. Peakhour implements multi-origin load balancing with clients' origin servers so requests can be sent to the
most suitable origin instead of treating a single distant server as the only fallback.&lt;/p&gt;</content><category term="Features"></category><category term="CDN"></category><category term="Web Performance"></category><category term="Drupal"></category><category term="Caching"></category><category term="Rate Limiting"></category></entry><entry><title>The Death of JPEG-XL</title><link href="https://www.peakhour.io/blog/the-death-of-jxl/" rel="alternate"></link><published>2023-04-05T13:00:00+10:00</published><updated>2023-04-05T13:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2023-04-05:/blog/the-death-of-jxl/</id><summary type="html">&lt;p&gt;We bid farewell to JPEG-XL after its abrupt deprecation by Google, reinforcing the tech giant's domineering influence over the web and sparking a call for resilient alternatives.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Today, Peakhour disabled JPEG-XL transformations on our image optimisation service. We had enabled them because the technical case
looked strong, but that work came to an abrupt stop when Google announced it was deprecating JPEG-XL in Chrome.&lt;/p&gt;
&lt;p&gt;JPEG-XL (JXL) was widely treated as a serious next-generation image format. It was royalty-free, performed better than
JPEG, and had only recently become practical to target, with the bitstream frozen in late 2020. Google then removed
support for the young format in Chrome 110, a decision that mattered because of Chrome's reach.&lt;/p&gt;
&lt;h2&gt;The Rise and Fall of JXL&lt;/h2&gt;
&lt;p&gt;The decision to phase out JXL was hard to reconcile with the state of the format. As an image optimisation service focused on transparent image
optimisation, we had been following JXL closely and had seen substantial improvements and interest. Seeing it shelved
so soon was frustrating, especially since it was largely based on Google's own PIK proposal.&lt;/p&gt;
&lt;p&gt;The rationale provided by Google was that there wasn't "enough interest from the entire ecosystem" and the format did
not bring "sufficient incremental benefits." That justification was thin. JXL was still experimental, so broad adoption
was always going to take time. Google also did not provide direct comparisons with existing formats that proved JXL
lacked incremental benefits.&lt;/p&gt;
&lt;p&gt;Google's move shows how much control Chrome gives it over web standards, with other browsers often left to follow.
That matters. By deciding what features are included or omitted in Chrome, Google shapes the web, often in line with
its own strategic interests. The deprecation of JXL in favour of its own patented AVIF format is one example.&lt;/p&gt;
&lt;h2&gt;A Resounding Response From the Community&lt;/h2&gt;
&lt;p&gt;The community response was unusually strong. The issue surrounding JXL's removal became the second most "starred" issue
in the history of the Chromium project. Developers raised clear concerns about Google disregarding community feedback
while exercising heavy influence over web standards. Google's interpretation of "ecosystem interest" may be more
self-referential than it appears.&lt;/p&gt;
&lt;p&gt;This incident, like many before it, shows the control Google exercises over the web and the impact of its decisions on
the internet ecosystem. Our removal of JXL transformations from Peakhour's services is a reluctant acceptance of that
reality.&lt;/p&gt;
&lt;h2&gt;The Way Forward&lt;/h2&gt;
&lt;p&gt;Google's decision may have sounded the death knell for JXL, but it does not end work on better image formats. We remain
committed to optimising the digital experience for our customers and will continue to support formats that improve
performance and user experience.&lt;/p&gt;
&lt;p&gt;This incident also shows why alternatives matter when one vendor has outsized influence. Browsers like GNU IceCat,
which plan to support JXL and similar formats, keep pressure on the dominant path, and networks beyond the web like
Gemini remind us that the web is not a monopoly.&lt;/p&gt;
&lt;p&gt;This is our message to the "big G": we might be smaller, but we won't be bossed around. The internet is broad enough
for more than one path.&lt;/p&gt;</content><category term="Features"></category><category term="CDN"></category></entry><entry><title>Introducing Automatic Cache Tags in the Updated Peakhour WordPress Plugin</title><link href="https://www.peakhour.io/blog/wordpress-plugin-cache-tags/" rel="alternate"></link><published>2023-03-20T13:00:00+11:00</published><updated>2023-03-20T13:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2023-03-20:/blog/wordpress-plugin-cache-tags/</id><summary type="html">&lt;p&gt;Read about automatic cache tags in the updated Peakhour WordPress plugin.&lt;/p&gt;</summary><content type="html">&lt;p&gt;We have updated the Peakhour WordPress plugin with automatic cache tag generation. The update is designed to help keep
cached WordPress content accurate without forcing full cache clears for routine content changes. We have also checked
compatibility with the latest versions of WordPress and PHP.&lt;/p&gt;
&lt;h2&gt;What are Cache Tags?&lt;/h2&gt;
&lt;p&gt;Cache tags are labels that CDNs such as Peakhour use to manage cached content more precisely. Instead of clearing the
whole cache when one page changes, you can purge only the content associated with the relevant tag. Visitors get the
updated content, while the rest of the site can continue to be served from cache.&lt;/p&gt;
&lt;h3&gt;A Cache Tag Example&lt;/h3&gt;
&lt;p&gt;Suppose you run a site with a home page, product pages, and blog articles. Without cache tags, updating one product page
or article may require clearing the entire cache. With cache tags, each part of the site can use its own tag, such as
"homepage," "product," and "blog." When you update content, you only need to purge the cache for the affected tag. That
means less unnecessary cache invalidation and a faster site for visitors.&lt;/p&gt;
&lt;h2&gt;Automatic Cache Tags in the Peakhour WordPress Plugin&lt;/h2&gt;
&lt;p&gt;The updated Peakhour WordPress plugin generates cache tags automatically for your site's content. When you update
content in the WordPress admin, the plugin sends the relevant purge requests to Peakhour. The result is more targeted
cache clearing without extra manual work.&lt;/p&gt;
&lt;h2&gt;How to Get Started with Automatic Cache Tags&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;Update to the latest version of the Peakhour WordPress plugin.&lt;/li&gt;
&lt;li&gt;Follow the instructions to configure cache tags in the Peakhour admin.&lt;/li&gt;
&lt;li&gt;Flush your cache.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;After that, the plugin generates cache tags and sends purge requests to Peakhour whenever you update content in the
WordPress admin.&lt;/p&gt;
&lt;h2&gt;Final Thoughts&lt;/h2&gt;
&lt;p&gt;Automatic &lt;a href="/learning/cache-tags/"&gt;cache tags&lt;/a&gt; in the Peakhour WordPress plugin make cache purging more precise. They
help improve performance, give you more flexibility, and reduce unnecessary cache clears. Try the updated plugin and let
us know how it works for you.&lt;/p&gt;</content><category term="CMS"></category><category term="Caching"></category><category term="CDN"></category><category term="Drupal"></category><category term="WordPress"></category><category term="Rate Limiting"></category></entry><entry><title>Layer 7 DDoS Protection</title><link href="https://www.peakhour.io/blog/layer-7-dos-and-full-page-caching/" rel="alternate"></link><published>2023-02-07T13:00:00+11:00</published><updated>2024-12-01T13:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2023-02-07:/blog/layer-7-dos-and-full-page-caching/</id><summary type="html">&lt;p&gt;Comprehensive guide to Layer 7 DDoS protection using strategic caching within application security platforms. Learn how intelligent caching strategies provide robust defence against sophisticated application-layer attacks.&lt;/p&gt;</summary><content type="html">&lt;p&gt;In previous blog posts we've covered the benefits that &lt;a href="/blog/caching-dynamic-content-with-a-cdn/"&gt;full page caching has on page load performance&lt;/a&gt;.
We also covered how caching pages lowers origin server utilisation, so the site can handle more customers.
A lesser-known side benefit is protection against Layer 7 &lt;a href="/products/ddos-protection/"&gt;denial of service&lt;/a&gt; (DoS) attacks.&lt;/p&gt;
&lt;h2&gt;What is a Denial of Service attack?&lt;/h2&gt;
&lt;p&gt;The goal of a DoS attack is to make a network resource, such as a website or networked service, unavailable to users
by overwhelming it with excessive traffic or requests. DoS attacks can be launched from a single source or from multiple
sources (known as a distributed denial of service, or DDoS attack).&lt;/p&gt;
&lt;p&gt;Typically, an attacker floods the web server with HTTP or API requests to try to overwhelm it. An
attacker might also launch a 'slow attack', especially if they find a weak point in the application that consumes
a lot of server resources for a single request. One example is repeatedly using a site search function.
By slowing down the rate at which requests are sent, the attacker can bypass common rate-limiting and
traffic-shaping mechanisms that are designed to block high-volume traffic spikes.&lt;/p&gt;
&lt;p&gt;DoS conditions can also be inadvertent. A CMS like Magento or WordPress on an underpowered server can be overwhelmed,
or slowed to a crawl, by so-called 'grey' bots. Examples include Semrush, Ahrefs, dotbot, and MJ12Bot. These spiders
can crawl a site aggressively enough to bring it to its knees. Even Bing or Google can negatively impact a site.&lt;/p&gt;
&lt;h2&gt;What is Layer 7?&lt;/h2&gt;
&lt;p&gt;In networking parlance, Layer 7 refers to the actual application running on a web server. It is part of the OSI (Open Systems
Interconnection) model used to describe the various functions in transmitting data over a network. The model is as follows:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Layer 1 -&amp;gt; Physical Layer&lt;/strong&gt;, responsible for transmitting raw bits of data, e.g., a wire or wireless link&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Layer 2 -&amp;gt; Data Link&lt;/strong&gt;, responsible for transmitting data frames between network devices and detecting transmission errors.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Layer 3 -&amp;gt; Network Layer&lt;/strong&gt;, responsible for routing data packets between networks and determining the best path for transmission.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Layer 4 -&amp;gt; Transport Layer&lt;/strong&gt;, responsible for end-to-end communication between applications, providing reliable data transmission and flow control.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Layer 5 -&amp;gt; Session Layer&lt;/strong&gt;, responsible for establishing, maintaining, and terminating communication sessions between applications.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Layer 6 -&amp;gt; Presentation Layer&lt;/strong&gt;, responsible for formatting data to be presented to the application layer and for converting data from the application layer into a standardised format for transmission.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Layer 7 -&amp;gt; Application Layer&lt;/strong&gt;, responsible for providing services to the user, such as file transfer, email, and web access.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;How Full Page Caching helps&lt;/h2&gt;
&lt;p&gt;Full page caching helps by reducing the number of dynamic requests to the server. Caching the entire page
allows the server to serve pre-generated content to visitors, rather than generating it dynamically each time a page is
requested. This reduces the server's processing load and helps prevent excessive requests from overloading
the server or making it unavailable.&lt;/p&gt;
&lt;h2&gt;A real world example&lt;/h2&gt;
&lt;p&gt;As part of a series of Peakhour recommendations to 'harden' its website against layer 7 attacks, a Peakhour client
(a government site) applied limited full page caching with a &lt;strong&gt;time to live of 10 minutes.&lt;/strong&gt;  This means that Peakhour
will serve a page from its Edge cache for 10 minutes before hitting the origin again for a new version.&lt;/p&gt;
&lt;p&gt;Not long after implementation, that change was tested: a DDoS originating from hundreds of IPs across multiple countries
hammered a set of 5 pages. The attack was spread over several days with bursts of activity lasting about 15 minutes. With
the first hit, the page was cached and every subsequent hit was served from our high-performance Edge cache. No
slowdown was observed and the attackers gave up.&lt;/p&gt;
&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/blog/layer-7-dos-attack.jpeg" width="100%" alt="Layer 7 DoS real world"/&gt;
&lt;em&gt;Real attack on a Peakhour client; the spikes formed in 15 minute bursts.&lt;/em&gt;
&lt;/div&gt;

&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/blog/dos-attack-page-load.jpg" width="100%" alt="Layer 7 DoS real world page load"/&gt;
&lt;em&gt;Real page load times measured in the client browser&lt;/em&gt;
&lt;/div&gt;

&lt;h2&gt;But my site is dynamic...&lt;/h2&gt;
&lt;p&gt;Many websites have a small dynamic component on the page. For ecommerce sites this might be the mini cart in the top right
showing the number of items in the cart, or it might be some personalisation for a user. Often these dynamic
parts of the page can be rendered in the browser using Ajax or local storage, rather than rendered on the server.
By moving the dynamic components to the browser, the full page becomes cacheable. Another option is to use Edge Side
Includes (ESI), which enables the majority of the page to be cached in the CDN while the dynamic parts are fetched separately
before serving the full page to the user.&lt;/p&gt;
&lt;p&gt;Peakhour can help move dynamic page components from the server to the browser and cache more at the edge.
We also have a range of CMS plugins that do just that. Contact us if you want some help.&lt;/p&gt;
&lt;h2&gt;Final Thoughts&lt;/h2&gt;
&lt;p&gt;Layer 7 DoS attacks have become more common than traditional DoS attacks, as they typically require far fewer
resources from the attacker. Reducing dynamic requests to the origin using full page caching is a useful but underappreciated
way to mitigate them. If you're concerned about website security, resilience, and performance,
Peakhour helps you cache more so you can protect, accelerate, and scale your website.&lt;/p&gt;</content><category term="DDoS"></category><category term="DDoS"></category><category term="CDN"></category><category term="Rate Limiting"></category><category term="Caching"></category><category term="Drupal"></category><category term="DNS"></category></entry><entry><title>Automatic Image Optimisation</title><link href="https://www.peakhour.io/blog/automatic-image-optimisation/" rel="alternate"></link><published>2022-12-06T13:00:00+11:00</published><updated>2022-12-06T13:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2022-12-06:/blog/automatic-image-optimisation/</id><summary type="html">&lt;p&gt;Image optimisation saves you bandwidth and designer effort while reduces page load time.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Since releasing our &lt;a href="/image-optimisation/"&gt;automatic image optimisation&lt;/a&gt; capability in 2019, Peakhour optimises
more than 35 million images each month. On average, clients reduce page download time by 35% and image sizes by
91%.&lt;/p&gt;
&lt;p&gt;Automatic image optimisation offers a number of benefits over manual optimisation:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Image formats are dynamically chosen based on the content of the image.&lt;/li&gt;
&lt;li&gt;Files are optimised based on client capabilities.&lt;/li&gt;
&lt;li&gt;Designer time is saved by offloading image optimisation work.&lt;/li&gt;
&lt;li&gt;Page load times can be reduced across an entire website.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;What is Image Optimisation?&lt;/h2&gt;
&lt;p&gt;Image optimisation means delivering high quality images in the right format and resolution for the device viewing them.
The aim is to minimise file size without compromising visual quality. Smaller image files generally load faster in a
visitor's browser, which can improve website speed, reduce traffic and support higher page visits and conversions.&lt;/p&gt;
&lt;h2&gt;Why dynamically choose the image format?&lt;/h2&gt;
&lt;p&gt;Using a one size fits all optimisation process does not account for the different types of images used across a typical
website.&lt;/p&gt;
&lt;p&gt;Website images can include:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Photographs, such as product images, demonstration photos and title photos.&lt;/li&gt;
&lt;li&gt;Logos, which are typically text and can include animation.&lt;/li&gt;
&lt;li&gt;Illustrations that incorporate custom graphics to support the quick perception of information.&lt;/li&gt;
&lt;li&gt;3D graphics from computer renders including buildings, interior and exterior designs and products.&lt;/li&gt;
&lt;li&gt;Combinations of the above!&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Any optimisation process needs to account for the end user's device type, supported file formats, resolution and the
content of the image. For example, a photograph with text needs different optimisation parameters so the text remains
crisp, while images with large areas of colour may need different formats to avoid colours being degraded by lossy
compression.&lt;/p&gt;
&lt;h2&gt;Fine developer control&lt;/h2&gt;
&lt;p&gt;With the &lt;a href="/docs/explanation/image-optimisation/api/"&gt;image optimisation API&lt;/a&gt;, your developers can enable reactive images by
resizing images on the edge. Peakhour serves and caches these optimisations, reducing origin requests and traffic,
cutting costs and making image changes faster to ship. You no longer need to wait for a designer to resize, crop or
re-orient an image for a page.&lt;/p&gt;
&lt;h2&gt;How does image optimisation effect web application performance&lt;/h2&gt;
&lt;p&gt;Large portions of a website are typically built from images. Large images loading over a 4G network in a train can delay
image rendering and create a poor user experience. Layout shifts can occur as the browser attempts to render the page,
and the user's perceived page load time will be affected.&lt;/p&gt;
&lt;p&gt;You can see the benefit of automatic image optimisation with our &lt;a href="/pages/page-weight"&gt;free tool&lt;/a&gt;. It will analyse any
website, calculate its optimisation potential and let you download the optimised images.&lt;/p&gt;
&lt;h2&gt;See how it can help in a real life example below&lt;/h2&gt;
&lt;div class=images&gt;
&lt;div class=image-container style="border: 1px;border-color: lightgrey; border-style: solid;"&gt;&lt;div class="section text-center"&gt;&lt;div class=image-header&gt;&lt;i class="fa-image fas" style="padding-right: 5px;"&gt;&lt;/i&gt; security.png &lt;/div&gt; &lt;div class=image-box&gt;&lt;a href=https://www.peakhour.io/static/images/security.png target=original title="show original"&gt;&lt;img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAChCAMAAABK+nL1AAAAt1BMVEX///8sOU/yyLr99fL+/f0hLUP9+/rvrUD//v7EjzT0z8MUIzvxwbL88Ozsrpr11cpTfrj55d7onYTvu6ofME7qp5H44Nb66uXttaJZUUPBiy6Eo8y6y+Hb5O/lkXb22tCZstXy9fqnvdvPlTLJ1eX3sj/n7fTbnznT3eyyt79pj8HJlDeRl6F1YT9ESlXrqDqPcT2rgTrhgGD34LjQpFnivHtibHzszJQ7bK7utVfbaEOhprCAh5RYZMzlAAAACXBIWXMAAAsSAAALEgHS3X78AAAWIklEQVR4nO1dCUPiOhAOaYwxtiltt4ccLSAiwgME12Pd/f+/680k5ZRzRReUz4PSFmg/ZiYzk2RCyAknnHDCCSeccMIJJ5xwwgknfBTEGP/6Qo4AYunm98YKIgRx7BxB9D3ZWqpSYslu2JGqIEcaEfYJF3dgYIwwtEECNpAgeEosTjjX9gn+MTjMBNJHrJRoswWnKPrtyGLEU0lGLOCHRDE8cwmzSKZInCQx7GOckTjCDYtospgB/55kubajMiVtRbOMJtImMnRVSNwwi+3EVXbmBRnskipDiUsnr0u+JVlUKN9OwjiwbRkGkoROQiWxoiAJbRUQldAgsTLfDjRZxmkQ/HuSlYUJpcoNHJsmKrQlARmTLnGDhCYBCFqgPDguAxWNJcvYrG9IFty64xAWcyYYF44FxgieCKAhBpPlCDT0cCQWHAyaIN4ojh04aMVWGJDv6JrO3LNWsbEDZXbjf5E3k3KUpv4olWrkp+koJOx7+lrbgIGGwj9uB0EMj1FKHGg7T3QtBfjvqR+GYZKAcQvDVBKeBctd2hPQz3LHyFwPtTMOrG9o5/8OIGzBtwx7toFgM8AdYMLAKTuxtR3A5ToZrh3A4sQ6+RBbAux+4p2Ea0sATSfDpTFjzdfBDT7jYg4cWyqXICfDRcBJN04o33wmGq5PuKKDBSMqDUOllL8xagYDb8svb+bX3Z4gPsTMjuPE1PM8a9MbufbX5spyiJYKk4gxW2KSpWHE94jvhz4G0L4vNgjXlzZcENolgUtizh3GHODNciyL4C+3jBhx6sUUdgoiQ+k7G5gQxnB9TbqArFA6ibK9UAahSiRYp8RLEhrK0MWb5r5BmhH/1Q83kQWxI7FdnUH8eoSB7+3ZSeIoGqggCjxFXQqEUUWtwOaYRk6x35CTJCCZijZKlmbL1a/8egDJUoEMQ2rDgydj240yN0ts6VqBwluOX33MV9FXSjhhW5CFZi5OHOJuc+rRgTvEdgTXFkqYptFCI21xfOKF9ijivgLJ4oynDvjzGzmA1ypH9zJ+NeherXkLk/dT6D/PJ1ma2sROVOqnfn7CJhoEof636ygTJPL1WAcSJAScLZCqSEbcHFqHBBP0K8gSIs8gfrGONBzbMGkNjY7yWNo003ytkRzLWjzIOGD5K/DQ5kD98AFsReC5e5Ezs5M7klIX6RB8pXDMHNA8mc16q1VtNyt3gMpdpdlsV1t1c0isJvOoYAY3TJ7iHTEro1Q6nGzSRxwUgeDtu99/np76/cKZxuXZjx9nZ4VCod9/evrz312lapT7uHshxZJ0FggU/OcRpTTGVnR1C4myIqp3f56ApEv4maIwxg8EPO0//XfXwjfbnN44Omh+uAd8edZklOCCUuI51f+ezi4BZwv4YVCYkoYMPv1uHbt0rYCmBgw+taMY+WILYTYj7A6ZmhB0OSNUV33EWLJy1lAzn5qbXZOjBPCD40UclwYZjn5wZwblwh03n8ZMwUPh6qrXu78fDoelUumidHs+GAxub2+7F8P7+95Vv5AzBnw9VckXVEUD1BphZTJw48yfksXIbyNKl8BT735Y6l4jut3uBQDIAtyc3xicD7rD+6uC4euscHdsDu0uhoNpNyJyJfj6+W0y8p+hqtC7LyFJF/PQZM0AKRsMe32k68fZkbE1jXm2A7aIjvLHesjIneaqD0whT6UFrkqLZOWMDYZ9ZKvQPCq2hIXu+i62QxBXTrd5H8nqXVxfLMdSsrRm9oCts6cjylkwEvs4di0gfKeLZhMlrGiurt+I1FrJMnTdo+GqHphorUmom8iZxOnOpsuAk9/gg/YXDdUWkgUYgCYenNUCJWP5zAk9gyKfRIFIgCx3FHopsf9qig5H8355tUoH10rW+c2VJuuA3AcIkYEP4giIYC20UGikONM5QEaUT9IRV69RNPqrFPFGstZJ1iGS5YRuTENXUTfMklC6ylV2kDgmFROqdEToq53mncw7pp7eJVnnB0gW9+xEWV5o0SQJnNC3A9zUA0VJrNJX5bivI18uCNY4dbeQuVswMF9PspLAxpkTllJ2qChVWWC5oR6rzdMgGgWpPQoyk/HkWeTFjmO99SUYckechf1fTLIIzpKAMBju1HJ4AI8OZ6Z7mpFEERdUkI584qU4xAG8c5dCxExtm1IpZRRFcWxZee6PEanmBXALyfo1pmbwa4Grj5EsMY+/ef3k5sab2mJZzEpp6oUqtIkz1TDMLFiWE8dR5kqXUgqiCeRRV3r+PFtbSJYVjbmKfn0CWYuOyP58XkZcn1A/FG6Yf4owdurNidxyHM+LIt+f27+RrK5HyMNAU+NZnyFZotWuVqvt/Lfd2t87A1khzm4lE7IWPhn9sqmNFyRQ8ydsIqv0gKZRs/VAnI+zWeNB6Jw0XoqzeKnsz+kV3EHTjT2wm88FqYt3ag27F6VHhm//PBg8gO38MMmamb9VxtC8jmi16i1S6/zD4HMnsjD596gt5jNI2BvJ2qMaNmtzaGFE1umUi6SxT7LyzO62rcbiaWvJKj0/lrqlZ0w7c53Z2TNZ2glES0EqL+VyuVMeo1Osw4c2m+3Kfsl6J9aRBTTxn6VbzZbu6XgcfIzNYqRt0mIgTvV2vcnqxfZYxorlwwnU15AFCgj+3M/b85IeDQGGq7RXyRKkUexMUOwUy1xwkLHGS7VebI7lbB9k6f4H3Uv4PiFdTRaYdlQQ59fNoOTid/5cWhSsd5ElSOulUcnRhJ9KsYGzsVqsRVpFzJJVq632PtRQzPim7xq1sZKs0k9uwsv4/Pz2IiKEvuHqfWQBGWCZhHEays1ahXQatbG/UEQnAgz8yyayxEppmelwrtehBSmXq7C107Vua+BLP6087iAesNWN3bdcvc9mjcnSqYJOpdMgnVoVZAzRKLaM/9BaTRaWT8HEHtO8YJJPu5T5o/Et9UHSLneq1U612alXOuXWLoK6MApmBVmlnzGeiX2M4JIiW93bt1z9tWQxjoPNWsUmuukTdBr6ztrlOtiszljIaktsFqvnt8xbdd4af35dj+rj+bF2q9kygldutcq1JiGNRplU9NuJN+NCcow7f/QjtDXbBNIlCHKAK+8C5YuhA3+7hKtFsvALNl+y/tbNn6mPM90hzCn4w4sLznobyeo0Oy1oDdsgYPAHUrEkWmw1CKm20KhVG5VqHR7qvM0aFQK316wxfN4sg7dWb3N4da2BIODulivlXQKCTmeerRWSleFIkbirXVI453mJCr5Hsmo1ptWwxesG4KvXwWbV2wCQtopWw1oNRGGJGmqyqrVaBSio1KB5gBMbVfiDrQbITrtcbdRgE09A/lmjxhlwVyMtsIwo041isVEtFst1kN96uVhsV2Z2tMByNmFHrVV86cxJ31Ky0Lij11DKQ0Pr13KyFmwWXFu9CpddbzSaDG6ENRsN+OobbdhRYXCUj3c0X8rwtlObVX+pFWtAVvllYuDXk1UjICONZhuoamNbCm8K3LRrKFywp90oY/uK14P9V+VavQmMVtqtWrmNCgi2sVWHlzI4i8Eb1FsVEFB4I9hR4bCjhTtY56WyWbKQLMMV1RnGn9fLuVqQLPiKQCaKlfwr6tTzHY3JDvjO2k3Y0XoBniZkIc+tZhUMPKkzMEHadUAVRDFbooZw1UA43FGj3KhWGyiLrTZQ12pUG1VSbzSrqJwooc0atICtDtiscgOpr/FmZzIjZfZxidGHrxAM3WabhWSB794t/cT2ha3iamc1nHg7NdPaFcu1PL5BX71crJCpUzqxZO1lRgYNI9DSmGnb2FsKzCdCk9o0ni2DtrCKG2LWsorcspLxzsmTxUh6JVmPJXxEbXhcxdUKA8/e2vPxk/wP2jBUhnpxGg0iXnS+oVmvQLiD6rMmT6rf2FRZY3mhNRzNrUeMMe0eGscnv+NKw8Qg4Grt1L26cPIKshhyhY/A1WKQs9Jm7QA9Tn1GDZtGDSszgbSYnLnmXba5dYZNrAk0y/V3xU4ryNJcaQl7ExC+Qw2nEMYpbekhv5yhgS+DgR+ThWb4HTf1Fq22xk4e6Vusckpz0ohdur35ALJIThYxSRrSQs3sLPM/9wKxhZhugfX5rJ8PpQ/rNwRF7Mw7pWCo6txg36Ttp7zthrRyd20n63vzWfXmHN6pJB+PgxoYcnBcHVT3PZv9+eiJLiYo3eUFfMF5eEvW7FCt7rENOVqDnUaTGg9N0fm9b8gqDad0de+H4MWviKL3YLM+E5zQRCprg5E3g2nyV1hRGq4LpLvD/tXVsKtdh9LF9dX9denR9EefL6HsICVrkjqen5pJ4hRL+q1xTsQMTV4kqbQjOH9NIH09vLrt9S56V73r+6uri6th6f7ReXge/Hp4eD5/Hjz+On94eFiUrIPpfZlAR1d64JDQfcQ4FCmlQEcql3yzYjqvxnI8V+KQmsizOPH8+bO5HtldmGjhsD+8uu9dDQv3F7gBP4/ZT+/Xw+Nt9PwweHg8j2bSgIPCj8KPPXav7wPcI7GZAxfPTf4ejTLP85LX+amoU+crp0kiTSw/EMeL03aaOAp+2J2oYe++i/NRhr0ekFXoXT8+3D48Zr9uHwxZD4OJPt4MgavCQXlHOMSfJJ4bERpJ6TnSyjLPxQle3H9FuPnVTnVO8NiTktpSZrE19vSXN5tmHPxED0H5brvXIFnDUt9IVg9s1sOv54fH6Bf8gGQtmKzDGgePM3oT37PDgEZ2GiswU5HSZTSDUQo2aJTOlCziVgymiQbSjZxJPZrZIUhvWgNuZqMMr3PJ6qFxB5t1cX/VG94PL3o/0VTdPj/8vH18eP51/jzRQRSsQzNZOACXJEEQKukFaQacKZaFEu5S+amM/TDVmgUWPHNxyFoWWblZEts4YRDE4pzVsdXqatKur69h6xqjne717fnt4PwaH66vB+cTi3VzCzp41j+0Mho8Ip5HpWPLOM48GkciozjCKLWDV3/kpLq8SoQW3JnQtMNcHi1al1fL5g1gAjDPOtzkf3NN4aEJFplzi6YdsKCFIYl9qoiXWjPu6WZpEotP89k7K0KeFR78zaHO3GGmZAMzCVPMMuKwFt8jrop9QnxTnWDJ4MgVbzcvDIy0UREvl7O1ItzR83Z+9A+qKVwNRnzq+GE8cuN0p4koVrbolxlf6+zyfilbS8kyXB3N/DlBsrwIlK92uGJGeODLN4n435erZGupZBmufhycwdon0JzxOEpGi7KVz2a97C2x8m/IGpiZhoWz3wcWFa7DfJ3pTRCYqsUSIrazZGkZTv5otq4uuqUNkjW4GVwdHVc7QcsUMuWBN7us2l/um172h4uquEjWTbef6+CX5ArFCJiSpmoIZ8uqMQiwW6ZYwYKZX5Ssm2FB2/YvyZWRKaplKu9jXe5iQJtY0FPLe93uSskam6t+89i5WjLoS8dBWClkWlllzcvbfWO4ZlVxTrKMCoIv2jrudhAN+Jz3rpVthqnNERAn9SfNFqhid4lk3dzcaxU8+8OPXK4Eseg0lBGmHJSkNELt29K3Z+PiITPCNZWsm9urSZmQQ/fbMd6ZmePC5swPI460X6U07ZweVYNMZZqpHT6Ek2b/Mrfz3TnJysWqcPl0aLUJlkCYXDEXAhe50rsYNmw4llXnvEKVKD8vMSMcl5oSdmu1T/DFYhDQKNb/mAo+V8OZWjRgrbRY/Sj8dwwqyCkVnuWZJ4I4VGL+T5fEwqd+GigntNPQQqZsmXGxWfuW3TUIsGkVL/MqIkjWzSC3VtAKHrwKYk0Qatu+DO3YorFHiQyoHQeWb3vUgptOfH80kqPUTylxgSlGtim7GaglxeNBbFt5hag+6CJI1s2NrjsDjuifel6Y5KDLJDKiYkcpT8kgUYGyiVRJELhBkiWJg2SNQk9yGfkjqm9niypgAlf/GC2pu4mae2eciLOr0vXtzW3vx0Ss2MzLDxUgWbZNAzdxEpW4SURoIBWQZcsoxEjPSvxYStdL7S1KIRJNpuCSusvLCsNRsFy5LnaNYT9DazXuECFRdMiGS4DNIp4EqwVqGDtgs6jlBZYjMcMM37J8xVUGwtetVrjCNGHsJh7L1PLTcQgFNIuaroIRq6e2ESttImOaJOPk+yHaMLGwMXuJjLhpnOAUfC/dvDoFDld1bIoZQ2vligS4tuRvE/4AVZf9u0m7iv6L9KhyiemLPMhcqR5zLPQEgfHqyPpq9TBc5UZpolTqBPYG0cKktAeNAyNLJ6/MfV4LdVFrYH0sQCxGqQSxthPNFBfekVX9BrICkKvE9YNwPVlo/DO41XF7tu42schp8wkk6091XPGVYDFmj7BEkkjXh8hs6ieHbL7eAvwtPwxx8YowjNcQgA2gh+UktxQFlNo7XWFzJoyCj3IiSbIMmwibetSlxyVaCDE7zGHZcdRXSSXOL9n6TXVJm2ldG4GlXpjrKykpyF0m3SBA5sQWPXCHg+lqhquuGfZD+BhZuy78y2ZHDvMIWJIQTYQJlpMQklo0ySYf8DWgfQVpe/ydviTFNRwoCBq3ffTobFwr3cMuIywX/iXowkYrDqSnW9J3vRHFeFRKPa0ugMjKUq6NPbwsTNWXWDwEvY2M2hZ7t/vISBYJy6Uq1p4LRA2uQ2P8LpxQUv9418KYGi/BI3s/K6AI4iUyCaSJvrlFYhVmyCE4XYH0j3XdRDH9zzM7s/YT9oJkBVKadcgY4xCKEi8MI2ghcdkkuunlhwpuuaFnhmlxbKz2liIwJfjxbWWmQtBBEvng2rEsUdlhmCwxSYzMVL4g+qKZmY8452HpxT9Go1E6qT+217sw0bRFfXdEsVq6oYvvS3z3gby+g2ZHF3gYe9U4etmkr4SZR0r0sjJO4FipY+b17RGTL8uiqa+CGCXXIZmf6JIG/54s8JACN98aB60Rj3CwHyeubenMskVdOb0TICv2MXdqf9T1C+LSxMWkRURlIB3pBxYJNqyq+CkIswBcP5lx6keZdGwap67r2XFiRb6bpdSzvMRPbc92pOuiywhkYbk61//A1ZosJ9PzkyCUTlPKuZ3mWZt/CZCakBCpbKUSaSdhAu2OreIkU8p2iAw85SVOQoPAhUOhF+LXi2QFYI3TNP24y9fDchhxAxXa4PASHrz6/5osuCoF4aqUIYT4SaCoTSOaREmSqMCKKXg4WUCVpNQL4bhw0fMxZIH/4/ofZkfyhoXIDKyXxKg6NEV4d52ott+rIg7Ev7FwIyYljzInthwviz3pxRwiWe5kDo0cJ+axdDySuRPJgmuOP46sycVhqhttu+Pkew4gpjYXsS4FM93wRq6PK/fh0nQff+ETt8WUPnOTYOuE2UdczXiE8thv0JUftLSzabUovdOUlCIywQU9PkGyTDf5JOnKHSsYJeEocraoBHooYATiWulmwaeaXGiLRmnqhyH4xOrf6+K2EIJjZ08Yfu5K5IwkeS1F/6+WPfhWYMROCMcOJ/9fmq3dsT7J/EGfiRXUdZidHoIzf9gAf94E71b6ry/l8GFWhiWf0gofPTRLmrPwRNYmgO+A89XZqur0J8xBpJ5lOZjzOJG1CYLYqZ8CPte/O1qcSNoeS0aPnXDCCSeccMIJJ5xwwgnfFP8D+4Qq+JHEZOkAAAAASUVORK5CYII=" style="max-width: 100%; max-height: 300px"&gt;&lt;/a&gt;&lt;/div&gt; &lt;div class=info-box&gt;&lt;div&gt;&lt;div style="width: 40%;display: inline-block"&gt;&lt;h5&gt;Original&lt;/h5&gt;&lt;/div&gt; &lt;div style="width: 50%;display: inline-block"&gt;&lt;strong&gt;2362 x 1266px&lt;/strong&gt;&lt;/div&gt;&lt;/div&gt; &lt;div&gt;&lt;div style=" width: 35%; display: inline-block"&gt;&lt;strong&gt;PNG&lt;/strong&gt;&lt;/div&gt; &lt;div style=" width: 5%;display:inline-block"&gt;&lt;/div&gt; &lt;div style="display: inline-block; width: 25%"&gt;&lt;strong&gt;190.2 kb&lt;/strong&gt;&lt;/div&gt; &lt;div style="width: 30%; display: inline-block; font-size: 17px"&gt;&lt;span class="fa-info-circle fas text-primary" data-content="                    &lt;strong&gt;format:&lt;/strong&gt; PNG&lt;br&gt;                    &lt;strong&gt;is_animated:&lt;/strong&gt; False&lt;br&gt;                    &lt;strong&gt;colour_space:&lt;/strong&gt; RGBA&lt;br&gt;                    &lt;strong&gt;has_transparency:&lt;/strong&gt; False&lt;br&gt;                    &lt;strong&gt;is_photo:&lt;/strong&gt; True&lt;br&gt;                    &lt;strong&gt;width:&lt;/strong&gt; 2362&lt;br&gt;                    &lt;strong&gt;height:&lt;/strong&gt; 1266&lt;br&gt;            " data-title="Image Info" data-toggle=popover&gt;&lt;/span&gt;&amp;nbsp; &lt;a href=https://www.peakhour.io/static/images/security.png target=original title="open original in new window"&gt;&lt;span class="fa-external-link-alt fas text-primary"&gt;&lt;/span&gt;&lt;/a&gt;&amp;nbsp; &lt;/div&gt;&lt;/div&gt;&lt;/div&gt; &lt;div class=info-box&gt;&lt;div&gt;&lt;div style="width: 40%;display: inline-block"&gt;&lt;h5&gt;Optimised&lt;/h5&gt;&lt;/div&gt; &lt;div style="width: 50%;display: inline-block"&gt;&lt;strong&gt;605 x 324px&lt;/strong&gt;&lt;/div&gt;&lt;/div&gt; &lt;div&gt;&lt;div style="width: 35%; display: inline-block; text-transform: uppercase"&gt; png &lt;/div&gt; &lt;div style="width: 5%; display: inline-block"&gt;&lt;br&gt;&lt;/div&gt; &lt;div style="width: 25%; display: inline-block"&gt; 10.8 kb &lt;/div&gt; &lt;div style="width: 30%; display: inline-block;font-size: 17px"&gt;&lt;span class="fa-info-circle fas text-primary" data-content="                    &lt;strong&gt;format:&lt;/strong&gt; PNG&lt;br&gt;                    &lt;strong&gt;optimize:&lt;/strong&gt; True&lt;br&gt;                    &lt;strong&gt;quality:&lt;/strong&gt; 75&lt;br&gt;                    &lt;strong&gt;colour_space:&lt;/strong&gt; RGBA&lt;br&gt;                    &lt;strong&gt;lossless:&lt;/strong&gt; False&lt;br&gt;                    &lt;strong&gt;subsampling:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;delay_format:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;strip:&lt;/strong&gt; True&lt;br&gt;                    &lt;strong&gt;compression:&lt;/strong&gt; 6&lt;br&gt;            " data-title="Optimised Info" data-toggle=popover&gt;&lt;/span&gt;&amp;nbsp; &lt;a download=security.png.optimised.png href=/page-weight/result/41377868-5104-4eaf-9776-a9a682a5e8f5/images/6641ec77-2367-4c17-ab27-2447cdc8aceb/img.png title=download&gt;&lt;span class="fa-download fas text-primary"&gt;&lt;/span&gt;&lt;/a&gt;&amp;nbsp; &lt;a href=/page-weight/result/41377868-5104-4eaf-9776-a9a682a5e8f5/images/6641ec77-2367-4c17-ab27-2447cdc8aceb/img.png target=6641ec77-2367-4c17-ab27-2447cdc8aceb title="Open in new window"&gt;&lt;span class="fa-external-link-alt fas text-primary"&gt;&lt;/span&gt;&lt;/a&gt;&lt;/div&gt;&lt;/div&gt; &lt;div&gt;&lt;div style="width: 35%; display: inline-block; text-transform: uppercase"&gt; jpeg &lt;/div&gt; &lt;div style="width: 5%; display: inline-block"&gt;&lt;br&gt;&lt;/div&gt; &lt;div style="width: 25%; display: inline-block"&gt; 15.4 kb &lt;/div&gt; &lt;div style="width: 30%; display: inline-block;font-size: 17px"&gt;&lt;span class="fa-info-circle fas text-primary" data-content="                    &lt;strong&gt;format:&lt;/strong&gt; JPEG&lt;br&gt;                    &lt;strong&gt;optimize:&lt;/strong&gt; True&lt;br&gt;                    &lt;strong&gt;quality:&lt;/strong&gt; 75&lt;br&gt;                    &lt;strong&gt;colour_space:&lt;/strong&gt; RGB&lt;br&gt;                    &lt;strong&gt;lossless:&lt;/strong&gt; False&lt;br&gt;                    &lt;strong&gt;subsampling:&lt;/strong&gt; 4:2:0&lt;br&gt;                    &lt;strong&gt;delay_format:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;strip:&lt;/strong&gt; True&lt;br&gt;                    &lt;strong&gt;progressive:&lt;/strong&gt; False&lt;br&gt;                    &lt;strong&gt;progressive_min_bytes:&lt;/strong&gt; 10240&lt;br&gt;                    &lt;strong&gt;quant_table:&lt;/strong&gt; 3&lt;br&gt;            " data-title="Optimised Info" data-toggle=popover&gt;&lt;/span&gt;&amp;nbsp; &lt;a download=security.png.optimised.jpeg href=/page-weight/result/41377868-5104-4eaf-9776-a9a682a5e8f5/images/796c932f-a4a1-4a4b-890d-d88fba459c29/img.jpeg title=download&gt;&lt;span class="fa-download fas text-primary"&gt;&lt;/span&gt;&lt;/a&gt;&amp;nbsp; &lt;a href=/page-weight/result/41377868-5104-4eaf-9776-a9a682a5e8f5/images/796c932f-a4a1-4a4b-890d-d88fba459c29/img.jpeg target=796c932f-a4a1-4a4b-890d-d88fba459c29 title="Open in new window"&gt;&lt;span class="fa-external-link-alt fas text-primary"&gt;&lt;/span&gt;&lt;/a&gt;&lt;/div&gt;&lt;/div&gt; &lt;div&gt;&lt;div style="width: 35%; display: inline-block; text-transform: uppercase"&gt; [webp](/products/image-optimisation-and-transformation/) &lt;/div&gt; &lt;div style="width: 5%; display: inline-block"&gt;&lt;br&gt;&lt;/div&gt; &lt;div style="width: 25%; display: inline-block"&gt; 10.7 kb &lt;/div&gt; &lt;div style="width: 30%; display: inline-block;font-size: 17px"&gt;&lt;span class="fa-info-circle fas text-primary" data-content="                    &lt;strong&gt;save_all:&lt;/strong&gt; False&lt;br&gt;                    &lt;strong&gt;duration:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;loop:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;format:&lt;/strong&gt; WEBP&lt;br&gt;                    &lt;strong&gt;optimize:&lt;/strong&gt; False&lt;br&gt;                    &lt;strong&gt;quality:&lt;/strong&gt; 75&lt;br&gt;                    &lt;strong&gt;colour_space:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;lossless:&lt;/strong&gt; False&lt;br&gt;                    &lt;strong&gt;subsampling:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;delay_format:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;strip:&lt;/strong&gt; True&lt;br&gt;                    &lt;strong&gt;method:&lt;/strong&gt; 3&lt;br&gt;                    &lt;strong&gt;kmin:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;kmax:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;allow_mixed:&lt;/strong&gt; False&lt;br&gt;                    &lt;strong&gt;minimize_size:&lt;/strong&gt; True&lt;br&gt;            " data-title="Optimised Info" data-toggle=popover&gt;&lt;/span&gt;&amp;nbsp; &lt;a download=security.png.optimised.webp href=/page-weight/result/41377868-5104-4eaf-9776-a9a682a5e8f5/images/72346c2d-1302-40f0-bb38-027890c5c920/img.webp title=download&gt;&lt;span class="fa-download fas text-primary"&gt;&lt;/span&gt;&lt;/a&gt;&amp;nbsp; &lt;a href=/page-weight/result/41377868-5104-4eaf-9776-a9a682a5e8f5/images/72346c2d-1302-40f0-bb38-027890c5c920/img.webp target=72346c2d-1302-40f0-bb38-027890c5c920 title="Open in new window"&gt;&lt;span class="fa-external-link-alt fas text-primary"&gt;&lt;/span&gt;&lt;/a&gt;&lt;/div&gt;&lt;/div&gt; &lt;div&gt;&lt;div style="width: 35%;display: inline-block; text-transform: uppercase"&gt;&lt;strong&gt;avif &lt;span class="fa-trophy fas text-primary"&gt;&lt;/span&gt;&lt;/strong&gt;&lt;/div&gt; &lt;div style="width: 5%; display: inline-block"&gt;&lt;br&gt;&lt;/div&gt; &lt;div style="width: 25%; display: inline-block"&gt;&lt;strong&gt;8.2 kb&lt;/strong&gt;&lt;/div&gt; &lt;div style="width: 30%; display: inline-block;font-size: 17px"&gt;&lt;span class="fa-info-circle fas text-primary" data-content="                    &lt;strong&gt;format:&lt;/strong&gt; AVIF&lt;br&gt;                    &lt;strong&gt;optimize:&lt;/strong&gt; True&lt;br&gt;                    &lt;strong&gt;quality:&lt;/strong&gt; 50&lt;br&gt;                    &lt;strong&gt;colour_space:&lt;/strong&gt; RGBA&lt;br&gt;                    &lt;strong&gt;lossless:&lt;/strong&gt; False&lt;br&gt;                    &lt;strong&gt;subsampling:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;delay_format:&lt;/strong&gt; None&lt;br&gt;                    &lt;strong&gt;strip:&lt;/strong&gt; True&lt;br&gt;                    &lt;strong&gt;compression:&lt;/strong&gt; 6&lt;br&gt;            " data-title="Optimised Info" data-toggle=popover&gt;&lt;/span&gt;&amp;nbsp; &lt;a download=security.png.optimised.avif href=/page-weight/result/41377868-5104-4eaf-9776-a9a682a5e8f5/images/11a20ace-cd35-4f59-91f7-2794c8650815/img.avif title=download&gt;&lt;span class="fa-download fas text-primary"&gt;&lt;/span&gt;&lt;/a&gt;&amp;nbsp; &lt;a href=/page-weight/result/41377868-5104-4eaf-9776-a9a682a5e8f5/images/11a20ace-cd35-4f59-91f7-2794c8650815/img.avif target=11a20ace-cd35-4f59-91f7-2794c8650815 title="Open in new window"&gt;&lt;span class="fa-external-link-alt fas text-primary"&gt;&lt;/span&gt;&lt;/a&gt;&lt;/div&gt;&lt;/div&gt;&lt;/div&gt;&lt;/div&gt;&lt;/div&gt;
&lt;/div&gt;

&lt;h2&gt;Benefits of Peakhour Automatic Image Optimisation&lt;/h2&gt;
&lt;p&gt;Peakhour image optimisation is integrated into your website so you can reduce traffic, speed up page loads and remove
manual image preparation from the design workflow.&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Transforming images on the Peakhour edge enables agility and offloads origin work.&lt;/li&gt;
&lt;li&gt;User experience is improved through faster-loading pages, without a separate workflow for image optimisation.&lt;/li&gt;
&lt;li&gt;Take advantage of new image formats, as supported by end users' browsers, to improve the page load experience.&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;Final Thoughts&lt;/h2&gt;
&lt;p&gt;Peakhour image optimisation runs on Peakhour Edge. Images are optimised as they pass through the Peakhour network, and
optimised versions are cached for reuse. Peakhour image optimisation also works with &lt;a href="/blog/cdn-origin-shield"&gt;Origin Shield&lt;/a&gt;,
with the original and transformed images cached appropriately. This reduces origin hits and bandwidth while speeding up
image delivery.&lt;/p&gt;</content><category term="Features"></category><category term="Web Performance"></category><category term="Caching"></category><category term="Core Web Vitals"></category><category term="CDN"></category><category term="Drupal"></category><category term="Rate Limiting"></category></entry><entry><title>Drupal full page caching module</title><link href="https://www.peakhour.io/blog/drupal-purge-module/" rel="alternate"></link><published>2022-10-05T13:00:00+11:00</published><updated>2022-10-05T13:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2022-10-05:/blog/drupal-purge-module/</id><summary type="html">&lt;p&gt;We're excited to announce our Drupal 8/9 caching module, read on for more details.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Drupal is an open source content management system (CMS) widely used by Australian government websites. For example,
GovCMS is a customised version of Drupal. Peakhour now provides a purge module for Drupal 8/9, extending our
existing Drupal support.&lt;/p&gt;
&lt;p&gt;The Peakhour Purge module extends the Drupal Purge module. The Purge module provides a standardised way of
integrating third party CDNs, like Peakhour, with Drupal's native full page caching support.
Drupal's native support is suitable for small websites, but has a number of drawbacks. These drawbacks include:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Doesn't support the Vary header.&lt;/li&gt;
&lt;li&gt;Is served by PHP, so it doesn't scale well.&lt;/li&gt;
&lt;li&gt;Runs on the same server as Drupal, so geographic latency is still an issue.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Peakhour's edge cache and delivery layer &lt;strong&gt;removes these issues before requests reach origin&lt;/strong&gt;, and also adds
&lt;strong&gt;image/content optimisation and website security.&lt;/strong&gt;&lt;/p&gt;
&lt;h2&gt;Default Caching&lt;/h2&gt;
&lt;p&gt;Since version 8, Drupal has supported cache tags to provide efficient,
targeted invalidation of content for anonymous browser sessions. In this context, anonymous means a user that does
not have a Drupal Session cookie. Peakhour supports cache tags for all sites, a feature some competitors
reserve for 'Enterprise' plans.&lt;/p&gt;
&lt;p&gt;Cache tags are great, but another default setting is not. That setting is to add a:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="n"&gt;Vary&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;Cookie&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Header to the page response to make sure that logged-in users don't get cached pages. The Vary
header informs a cache that different content may be served from origin based on the value in the Cookie
header sent by the browser.&lt;/p&gt;
&lt;p&gt;This is fine if you are using Drupal with no third party javascript libraries. If you do
use third party libraries, it can render page caching close to useless. For example, drupal.org itself uses
perimeterx for bot detection, which results in a unique session cookie being set on the very first request.&lt;/p&gt;
&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/blog/drupal-org-first-request.jpg" width="100%" alt="The cookie set by perimiterx"/&gt;
&lt;em&gt;The first request to drupal.org results in a unique cookie being set by perimiterx&lt;/em&gt;
&lt;/div&gt;

&lt;p&gt;If you use Google analytics, Facebook, or any of a wide array of popular third party libraries, the same
thing can happen.&lt;/p&gt;
&lt;p&gt;This means only the &lt;strong&gt;very first&lt;/strong&gt; request from the user could be served from a general
page cache. Hit rates would be virtually zero.&lt;/p&gt;
&lt;h2&gt;Fix the Vary issue with Skip Cache on Cookie&lt;/h2&gt;
&lt;p&gt;Peakhour gives you a way to work around this. The first step is to disable the &lt;strong&gt;Vary: Cookie&lt;/strong&gt; header. Then, to
make sure any user with a Drupal Session bypasses the cache, use Peakhour's &lt;strong&gt;Skip Cache on Cookie&lt;/strong&gt; feature.
As soon as Drupal sets a session cookie, eg when someone logs in, Peakhour will pass requests through to the origin.
Full instructions on how to do this are provided on our &lt;a href="/docs/how-to-guides/integrations/drupal/"&gt;drupal module documentation&lt;/a&gt;&lt;/p&gt;
&lt;h2&gt;eCommerce Drupal sites&lt;/h2&gt;
&lt;p&gt;If you are running an ecommerce store, or some other type of site that
might serve customised information on a page, for example a mini cart with cart count/information,
then you will have to do custom development to continue caching pages.
A workaround for a mini cart would be to make it load via Ajax or to use local browser storage,
and &lt;strong&gt;Peakhour assists in making that happen&lt;/strong&gt;.&lt;/p&gt;
&lt;h2&gt;Future features&lt;/h2&gt;
&lt;p&gt;Hopefully in the future Drupal will support setting its own cookie for varying the cache, in a similar manner to
Magento 2. eg X-Drupal-Vary, this would allow Peakhour to store multiple versions of a page to serve to different users.
For example, a user in Germany might get a version of a page in German with German currency.&lt;/p&gt;</content><category term="CMS"></category><category term="Drupal"></category><category term="Caching"></category><category term="CDN"></category><category term="Core Web Vitals"></category><category term="WordPress"></category><category term="Rate Limiting"></category></entry><entry><title>Prestashop 1.6/1.7 full page caching plugin released!</title><link href="https://www.peakhour.io/blog/prestashop-plugin/" rel="alternate"></link><published>2022-08-04T13:00:00+10:00</published><updated>2022-08-04T13:00:00+10:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2022-08-04:/blog/prestashop-plugin/</id><summary type="html">&lt;p&gt;Prestashop is the latest shopping cart we've made a plugin for, read on for more details.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Prestashop is a popular open source eCommerce platform written in PHP. We're releasing a Prestashop module that enables
full page caching through Peakhour. Pages can stay cached at the Peakhour edge for longer, and the plugin refreshes them
when the underlying content changes in Prestashop.&lt;/p&gt;
&lt;p&gt;&lt;a href="/blog/caching-dynamic-content-with-a-cdn/"&gt;Full Page Caching&lt;/a&gt; reduces load times by removing the time it takes for a
CMS to generate a dynamic page. That is typically around half a second for a quick page, and 3-5 seconds for a slow one.
Here is a cache miss and hit from our client fatburnersonly.com.au:&lt;/p&gt;
&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/blog/prestashop-cache-miss.jpg" width="100%" alt="Prestashop cache miss"/&gt;
&lt;em&gt;A typical cache miss on a category page. The origin has to generate the page, taking &lt;strong&gt;2.49 seconds&lt;/strong&gt;&lt;/em&gt;
&lt;/div&gt;

&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/blog/prestashop-cache-hit.jpg" width="100%" alt="Prestashop cache miss"/&gt;
&lt;em&gt;A cache hit: &lt;strong&gt;only 35.7 milliseconds&lt;/strong&gt; to deliver to the client from our edge&lt;/em&gt;
&lt;/div&gt;

&lt;p&gt;&lt;strong&gt;Nearly 2.5 seconds removed from Time to First Byte and Largest Contentful Paint.&lt;/strong&gt; That's without changing
the site itself.&lt;/p&gt;
&lt;h3&gt;Tag Based Flushing&lt;/h3&gt;
&lt;p&gt;Like all our recent plugins, the Prestashop plugin adds a header with tag metadata for each cacheable page. This header is
called X-Prestashop-Tag and contains the IDs of the relevant entities on the page, eg products, categories, brands, pages,
etc. This metadata is stored alongside the cached page. When an entity changes in the Prestashop admin, eg a product price
is updated, the plugin issues a flush-by-tag request to Peakhour. Peakhour finds the pages with the associated tag and
invalidates them in the cache. The next request for the page passes through to origin and is then re-cached.&lt;/p&gt;
&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/blog/prestashop-tags.jpg" width="100%" alt="Prestashop full page caching headers"/&gt;
&lt;em&gt;Headers returned by the [caching plugin](/blog/opencart/opencart-3-caching-plugin/).&lt;/em&gt;
&lt;/div&gt;

&lt;h3&gt;Custom TTL&lt;/h3&gt;
&lt;p&gt;TTL (Time to live) is the time a resource stays in cache before the cache checks for a new version. You can control this
within the plugin. The plugin then sets the peakhour-cdn-cache-control header, part of the new
&lt;a href="/blog/cdn-cache-control-header/"&gt;cdn-cache-control specification&lt;/a&gt;, so only Peakhour responds to the cache directive.&lt;/p&gt;
&lt;h3&gt;Ajax Mini Cart&lt;/h3&gt;
&lt;p&gt;Mini carts are dynamic sections of eCommerce websites, and they often stop pages from being cacheable. The Peakhour plugin
loads them via Ajax so as many pages as possible remain cacheable.&lt;/p&gt;
&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/blog/prestashop-mini-cart.jpg" width="100%" alt="Prestashop mini cart"/&gt;
&lt;em&gt;The mini cart is in the top right; it is usually returned as part of the generated page.&lt;/em&gt;
&lt;/div&gt;

&lt;h3&gt;Cache varying&lt;/h3&gt;
&lt;p&gt;The same page can show different information depending on factors such as whether a user is logged in, or whether a
multicurrency store changes currency. The Peakhour Prestashop plugin handles this by changing a cookie value when those
factors change, creating separate cache regions for the different possibilities.&lt;/p&gt;
&lt;h2&gt;The Results&lt;/h2&gt;
&lt;p&gt;The Peakhour Prestashop plugin can improve store performance measurably. Our client fatburnersonly.com.au improved their
'good' web vitals scores by 20% in the two months they've been using Peakhour.&lt;/p&gt;
&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/blog/prestashop-lcp-improvements.jpg" width="100%" alt="Prestashop web vitals improvement"/&gt;
&lt;em&gt;Full page caching was enabled halfway through May. Note that a significant number of pages, eg checkout and admin, cannot be cached and are included in these stats&lt;/em&gt;
&lt;/div&gt;

&lt;h2&gt;Grabbing the plugin&lt;/h2&gt;
&lt;p&gt;If you have a slow Prestashop store, see our &lt;a href="/docs/how-to-guides/integrations/prestashop/"&gt;plugin page&lt;/a&gt; or
&lt;a href="/contact-us/"&gt;contact us&lt;/a&gt; for more information.&lt;/p&gt;</content><category term="CMS"></category><category term="Caching"></category><category term="Drupal"></category><category term="WordPress"></category><category term="Web Performance"></category><category term="CDN"></category><category term="Core Web Vitals"></category></entry><entry><title>Origin shield</title><link href="https://www.peakhour.io/blog/cdn-origin-shield/" rel="alternate"></link><published>2022-06-10T13:00:00+10:00</published><updated>2022-06-10T13:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2022-06-10:/blog/cdn-origin-shield/</id><summary type="html">&lt;p&gt;Origin shield is a CDN must have feature that increases your Cache Hit Rate by consolidating requests from POPs.&lt;/p&gt;</summary><content type="html">&lt;p&gt;&lt;a href="/learning/cdn/"&gt;CDN&lt;/a&gt; providers often promote the size of their network, and how many Points of Presence (POPs) they have. Higher
capacity, more resilient networks are useful from a security point of view (think DDoS attacks), but more POPs can also
work against what the CDN was designed to do: take load off an origin and improve performance for end users.&lt;/p&gt;
&lt;h2&gt;The POP Problem&lt;/h2&gt;
&lt;p&gt;Modern CDNs are what's called 'Pull' CDNs. That means the CDN won't store content/resources until a user requests it.
The first time a user requests a resource, it goes to the CDN POP, checks its local cache, gets a miss, and then passes the request
through to origin. As the resource is returned, the CDN stores a copy for the next time someone wants it. If your CDN has
100 POPs, then this process has to be repeated 100 times to fully 'warm' the CDN for that specific resource. That's 100 requests to origin.
The more POPs your CDN has, the more likely you are to get a miss and hit the origin.&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/origin-shield-without.png" class="img-responsive"&gt;&lt;/p&gt;
&lt;p&gt;When the caches at POPs are fully populated, the effect on your application can be minimal. During a cache MISS
event, typically either due to resource expiration or a manual purge, many requests can be sent to the origin server
concurrently while the individual POPs rebuild their caches. The more POPs, the longer the process takes.&lt;/p&gt;
&lt;p&gt;This can be a problem, especially when caching dynamic pages that need to be server side rendered, large resources, or transformed
resources. For example, take a busy ecommerce store running Magento during a sale, Magento will purge content when sales
are made, forcing the cache to rebuild each time. During a busy period it can reduce your cache hit rate
and degrade site performance.&lt;/p&gt;
&lt;h2&gt;Enter Origin Shield&lt;/h2&gt;
&lt;p&gt;CDN Origin Shield is a feature that lets you nominate the CDN Point of Presence closest to your server as a shield. All
requests that hit other POPs and receive a cache miss will then go to the nominated shield before hitting the origin. The
shield becomes a 'super cache' and can reduce the amount of requests to your origin in a cache miss.&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/origin-shield-with.png" class="img-responsive"&gt;&lt;/p&gt;
&lt;p&gt;Peakhour.IO implements origin shield as a simple dropdown on an origin pool where you can select the geographic location
that should be used as a shield. Requests to your origin are now routed through this geographic location
before reaching your origin in a cache miss scenario.&lt;/p&gt;
&lt;p&gt;Clients who use multiple geographic origins can also benefit from Origin shield. Peakhour.IO allows the specification
of an origin shield per origin. For geographic load balancing, you will need to contact support
for setup.&lt;/p&gt;
&lt;h2&gt;Seeing is believing&lt;/h2&gt;
&lt;p&gt;The Peakhour.IO summary now includes your edge CHR, your shield CHR and your overall CHR so that you can see the effect
in action.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Some of our clients have seen typical increases of 10-20% of their overall Cache Hit Rate, and greater than 40% when
  specifically looking at often flushed dynamic content.&lt;/li&gt;
&lt;li&gt;Quicker cache convergence&lt;/li&gt;
&lt;li&gt;Fewer hits to origin&lt;/li&gt;
&lt;li&gt;Better end-user experience&lt;/li&gt;
&lt;li&gt;Higher conversions&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Final Thoughts&lt;/h2&gt;
&lt;p&gt;Origin Shield is an important feature for certain types of site, or when you're looking to maximise your cache hit rate.
CMSs that offer built in full page caching, like Magento and
Drupal, flush content often, and are susceptible to performance degradation as load increases. Minimising hits to the origin
in these cases is vital.&lt;/p&gt;
&lt;p&gt;If you are interested in getting more out of your CDN, need a bespoke CDN solution, or need a provider that
offers performance, optimisation and security services, reach out to discuss the right setup.&lt;/p&gt;
&lt;p&gt;Origin shield with &lt;a href="/blog/request-collapsing/"&gt;request collapsing&lt;/a&gt; helps minimise
origin hits, improve CHR and maintain user experience for your web application.&lt;/p&gt;</content><category term="Caching"></category><category term="CDN"></category><category term="DDoS"></category><category term="Residential Proxies"></category><category term="DNS"></category></entry><entry><title>CDN Cache Keys</title><link href="https://www.peakhour.io/blog/cdn-cache-keys/" rel="alternate"></link><published>2022-05-16T13:00:00+10:00</published><updated>2022-05-16T13:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2022-05-16:/blog/cdn-cache-keys/</id><summary type="html">&lt;p&gt;Cache keys allows the segmenting of the Peakhour.IO cache by elements of both the request and response, enabling effective and flexible caching of content.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Content Delivery Networks (CDNs) are common on business websites. CDNs speed up websites by storing website content
and assets in caches on servers spread around the world. These caches are typically key/value stores. For example,
let's say we are requesting an image found at:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;https://www.example.com/someimage.jpg
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Depending on how the &lt;a href="/learning/cdn/"&gt;CDN&lt;/a&gt; works internally, it may use &lt;strong&gt;/someimage.jpg&lt;/strong&gt; (the key) to retrieve the image (the value)
from its cache. Most CDNs are fairly rigid in what they use as keys, complicated to configure (eg requiring programming
skills), or charge more for flexibility.&lt;/p&gt;
&lt;p&gt;The Peakhour.io CDN cache keeps configuration flexible while still supporting fine-grained control of caching
behaviour for your application.&lt;/p&gt;
&lt;p&gt;The Peakhour.IO cache key consists of a primary key, sub key, and secondary key. Both the primary and secondary key must
match to constitute a cache hit.&lt;/p&gt;
&lt;h2&gt;Primary key&lt;/h2&gt;
&lt;p&gt;The primary key is the key from the client request that uniquely identifies a resource. It consists of the
scheme, host, path and query string from the request. Within our cache, the primary key may be augmented from other
elements of the request, such as the presence of a particular header, or a header value such as a cookie value. At
Peakhour.IO, we call these augmented keys &lt;a href="/docs/reference/rules/vconf-set/#cache-subkey-vars"&gt;cache subkey vars&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/url-cache-key-composition.png" class="img-responsive"&gt;&lt;/p&gt;
&lt;p&gt;The following options can further manipulate the primary key by specifying how the query string is handled. These
options include &lt;a href="/docs/reference/rules/vconf-set/#cdn-query-mode"&gt;ignore query string&lt;/a&gt; (useful for defeating cache-busting techniques)
or &lt;a href="/docs/reference/rules/vconf-set/#cdn-remove-query-args"&gt;stripping certain tags&lt;/a&gt; (commonly UTM tags).&lt;/p&gt;
&lt;h2&gt;Secondary key&lt;/h2&gt;
&lt;p&gt;The secondary key describes parts of the request message that influenced the content of the response from the origin.
This information is stored in the secondary key and the following headers are used:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Vary&lt;/li&gt;
&lt;li&gt;Content-Encoding&lt;/li&gt;
&lt;li&gt;User-Agent: (browser/mobile)&lt;/li&gt;
&lt;li&gt;Accept-Language&lt;/li&gt;
&lt;li&gt;Variant-06&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Servers are commonly misconfigured and can send back headers that don't match the behaviour of the content.
For example, it is very common for a server to send back a Vary header with &lt;em&gt;Vary: user-agent&lt;/em&gt;. When you check the behaviour
by sending different user agents, though, the content doesn't actually change. This can cause unnecessary cache fragmentation and lower hit rates. Peakhour allows
you to override/ignore origin behaviour to correct this.&lt;/p&gt;
&lt;p&gt;If you prefer a visual view, the diagram below shows all the elements of a request/response that could make up a cache key.&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/cache-keys.png" class="img-responsive"&gt;&lt;/p&gt;
&lt;p&gt;For more flexibility, Peakhour.io can use specific Cookie values in the secondary key. This is useful for Content Management
Systems like Magento, which set a special cookie, &lt;em&gt;X-Magento-Vary&lt;/em&gt;, to enable special caching behaviour that wouldn't normally
be achievable; for example, whether the user is logged in, is part of a special group, or has chosen a different currency.&lt;/p&gt;
&lt;h2&gt;How can I see my keys?&lt;/h2&gt;
&lt;p&gt;Cache keys are generated on the fly based on the client's request and the origin's response. To see a cache key,
enable Debug headers in the Peakhour.IO dashboard. As an example, for the given request/response pair:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="nf"&gt;GET&lt;/span&gt; &lt;span class="nn"&gt;/&lt;/span&gt; &lt;span class="kr"&gt;HTTP&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="m"&gt;1.1&lt;/span&gt;
&lt;span class="na"&gt;Accept-Encoding&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="l"&gt;gzip, deflate, br&lt;/span&gt;

HTTP/1.1 200
Vary: accept-encoding
content-encoding: br
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Peakhour.IO would generate the following cache-status header:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="nt"&gt;cache-status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;peakhour&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;io&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;fwd&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;uri-miss&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;key&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;https://example.com/what-is-new.html&amp;quot;&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;secondary-key&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;encoding::br&amp;quot;&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;stored&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ttl&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;31536000&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Here, the key is the scheme://host/path and the secondary-key is the encoding served by the origin.&lt;/p&gt;
&lt;h2&gt;What's in it for me?&lt;/h2&gt;
&lt;p&gt;By understanding cache keys and how they are constructed, a web application can tailor its responses to better utilise
a cache. The configuration options give you direct control for fine-tuning cache-key handling, improving user experience
and cache hit rates.&lt;/p&gt;</content><category term="Caching"></category><category term="CDN"></category><category term="Caching"></category><category term="Drupal"></category><category term="Web Performance"></category></entry><entry><title>Request collapsing</title><link href="https://www.peakhour.io/blog/request-collapsing/" rel="alternate"></link><published>2022-05-16T11:00:00+10:00</published><updated>2022-05-16T11:00:00+10:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2022-05-16:/blog/request-collapsing/</id><summary type="html">&lt;p&gt;Request collapsing - saving your origin by reducing concurrent requests and re-using responses for resources.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Request collapsing protects busy origin servers that serve changing content. On a high traffic site, a cache miss
after content expires can amplify one expired resource into many simultaneous origin requests. This behaviour is commonly
called a cache stampede or dog-piling.&lt;/p&gt;
&lt;p&gt;When request collapsing is enabled, only a single request is sent to an origin server for a given resource, then the
resulting body is used to satisfy pending requests.&lt;/p&gt;
&lt;p&gt;This can stop a popular cached resource from causing a flood of requests to an origin server when it expires.
On high traffic sites, enabling the feature for the right resources can smooth request volume and traffic to origin servers.&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/request-collapsing.png" class="img-responsive"&gt;&lt;/p&gt;
&lt;h1&gt;How it works&lt;/h1&gt;
&lt;p&gt;Request collapsing is implemented internally using &lt;a href="/blog/cache-keys/"&gt;cache keys&lt;/a&gt; and queues.
Cache keys are used as keys to a map, with client requests tracked using a queue. Secondary response keys
are then used to match waiting client requests to origin responses. Matching requests can then be fulfilled using the
same response.&lt;/p&gt;
&lt;p&gt;Failed requests are retried in the same manner.&lt;/p&gt;
&lt;p&gt;If a response to an active request is marked as private with &lt;code&gt;Cache-Control: private&lt;/code&gt; or &lt;code&gt;Set-Cookie&lt;/code&gt;, then all queued
and future matching requests will go directly to the origin without trying to match them.&lt;/p&gt;
&lt;p&gt;This implementation allows Peakhour to serialise requests to an origin, so it's important to enable the feature only on
resources that you know will be cacheable, either through cache-control headers or Peakhour configuration.&lt;/p&gt;
&lt;h1&gt;How do you know its working?&lt;/h1&gt;
&lt;p&gt;Request collapsing can be verified with Debug enabled and the cache-status header in the response. A collapsed request
looks like the example below, with 'collapsed' at the end.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="nt"&gt;cache-status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;peakhour&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;io&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;fwd&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;uri-miss&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;key&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;https://website.com/home-eco.jpg&amp;quot;&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ttl&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;86400&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;collapsed&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;h1&gt;How its used in practice?&lt;/h1&gt;
&lt;h2&gt;Image optimisation&lt;/h2&gt;
&lt;p&gt;Peakhour.IO uses request collapsing internally for image transforms. The feature ensures we only transform a single image
when a resource expires on the edge, reducing latency sensitive image transformation work, client transform costs and
avoidable delays for end users.&lt;/p&gt;
&lt;h2&gt;Dynamic page caching&lt;/h2&gt;
&lt;p&gt;Request collapsing is a good fit when enabling caching of expensive dynamically written pages. Peakhour.IO
can cache server heavy WordPress, Magento, PrestaShop, Drupal and other platforms via our caching plugin. The plugin
keeps the CDN in sync by notifying us when content changes.&lt;/p&gt;
&lt;p&gt;Content still needs to change during busy periods such as sales or item purchases. During these periods
servers can be overwhelmed when pages incur a cache miss. Request collapsing can help smooth out this traffic and maintain
response times for users.&lt;/p&gt;</content><category term="Caching"></category><category term="Caching"></category><category term="CDN"></category><category term="Rate Limiting"></category><category term="Drupal"></category></entry><entry><title>Opencart 3 Full Page Caching Plugin Released</title><link href="https://www.peakhour.io/blog/opencart-3-plugin/" rel="alternate"></link><published>2022-03-25T13:00:00+11:00</published><updated>2022-03-25T13:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2022-03-25:/blog/opencart-3-plugin/</id><summary type="html">&lt;p&gt;Elevate your Opencart 3 store's performance with Peakhour's full page caching plugin. Learn how our features outperform LiteSpeed and Varnish Cache.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Peakhour's Opencart plugin includes features that are usually reserved for enterprise plans with other providers. It follows our 'Enterprise for Everyone' approach in a practical way:&lt;/p&gt;
&lt;h3&gt;Tag-Based Flushing&lt;/h3&gt;
&lt;p&gt;Peakhour's plugin records metadata for each Opencart page in the cache. When you update a product or category, only the relevant pages are refreshed. That keeps cache flushing targeted instead of clearing more content than necessary.&lt;/p&gt;
&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/blog/opencart-3-full-page-caching-headers.jpg" width="100%" alt="Opencart 3 [full page](/blog/drupal/drupal-purge-module/) caching headers"/&gt;
&lt;em&gt;Headers returned by caching plugin.&lt;/em&gt;
&lt;/div&gt;

&lt;h3&gt;Custom TTL&lt;/h3&gt;
&lt;p&gt;Control how long a resource stays in the cache before it checks for a new version. This gives you a direct way to manage cache freshness.&lt;/p&gt;
&lt;h3&gt;Ajax Mini Cart and Wishlist&lt;/h3&gt;
&lt;p&gt;Dynamic sections like mini carts and wishlists usually prevent caching. The plugin loads these sections via Ajax, which makes more pages cacheable.&lt;/p&gt;
&lt;h3&gt;Cache Vary&lt;/h3&gt;
&lt;p&gt;The plugin adapts to different user states, currencies, and languages. It changes a cookie value to create separate cache regions for these variables.&lt;/p&gt;
&lt;h2&gt;Peakhour vs. LiteSpeed and Varnish Cache&lt;/h2&gt;
&lt;p&gt;LiteSpeed and Varnish Cache are good options, but Peakhour offers a more flexible and efficient caching solution for Opencart. The plugin makes Opencart as cache-friendly as Magento 2 or Drupal 8, if not more so.&lt;/p&gt;
&lt;h2&gt;The Results Speak for Themselves&lt;/h2&gt;
&lt;p&gt;Our client saw a clear improvement in their web vitals scores and website scalability. Full &lt;a href="/blog/prestashop-plugin/"&gt;page caching&lt;/a&gt; was enabled in October, with the gains shown below.&lt;/p&gt;
&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/blog/opencart-3-web-vitals-lcp-improvement.jpg" width="100%" alt="Opencart 3 web vitals improvement"/&gt;
&lt;em&gt;Full page caching was enabled in October. Note a significant amount of pages, eg checkout, admin etc cannot be cached which affects these stats&lt;/em&gt;
&lt;/div&gt;

&lt;p&gt;&lt;em&gt;For more information, visit our &lt;a href="/docs/how-to-guides/integrations/opencart-3/"&gt;plugin page&lt;/a&gt; or &lt;a href="/contact-us/"&gt;contact us&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;</content><category term="CMS"></category><category term="Caching"></category><category term="CDN"></category><category term="Drupal"></category><category term="Web Performance"></category><category term="WordPress"></category><category term="Magento"></category></entry><entry><title>Cdn-Cache-Control</title><link href="https://www.peakhour.io/blog/cdn-cache-control-header/" rel="alternate"></link><published>2022-02-28T13:00:00+11:00</published><updated>2022-02-28T13:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2022-02-28:/blog/cdn-cache-control-header/</id><summary type="html">&lt;p&gt;CDN-Cache-Control is a proposed new header to augment the venerable Cache-Control. Its aim is to make controlling caching easier as CDNs become ubiquitous.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Caching headers are easy to get wrong. Public resources may be cached in one layer, while the server
configuration prevents an otherwise cacheable resource from being stored where you expect.&lt;/p&gt;
&lt;p&gt;Controlling caching without a service like Peakhour usually means working directly with Cache-Control headers.
This header has a wide range of fields and directives. Each one tells downstream clients (e.g., proxies, shared caches, and end browsers)
how to handle caching for a particular resource.&lt;/p&gt;
&lt;p&gt;Getting this right can be complicated, and it can become brittle when web server configuration also affects the response.&lt;/p&gt;
&lt;h2&gt;Enter CDN-Cache-Control&lt;/h2&gt;
&lt;p&gt;CDN-Cache-Control is a recently proposed header specified in
&lt;a href="https://datatracker.ietf.org/doc/html/draft-cdn-control-header-01"&gt;https://datatracker.ietf.org/doc/html/draft-cdn-control-header-01&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;The draft RFC states:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="nv"&gt;This&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;specification&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;defines&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;a&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;convention&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="k"&gt;for&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;HTTP&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;response&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;header&lt;/span&gt;
&lt;span class="nv"&gt;fields&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;that&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;allow&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;directives&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;controlling&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;caching&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;to&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;be&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;targeted&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;at&lt;/span&gt;
&lt;span class="nv"&gt;specific&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;caches&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;or&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;classes&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;of&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;caches&lt;/span&gt;.&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="nv"&gt;It&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;also&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;defines&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;one&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;such&lt;/span&gt;
&lt;span class="nv"&gt;header&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;field&lt;/span&gt;,&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;targeted&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;at&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;[&lt;span class="nv"&gt;Content&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;Delivery&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;Network&lt;/span&gt;]&lt;span class="ss"&gt;(&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="nv"&gt;learning&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="nv"&gt;cdn&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="ss"&gt;)&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="ss"&gt;(&lt;/span&gt;&lt;span class="nv"&gt;CDN&lt;/span&gt;&lt;span class="ss"&gt;)&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nv"&gt;caches&lt;/span&gt;.
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;What does this mean in practice? Imagine a Magento application where pages should be cacheable by a shared cache
but not by a browser. A Cache-Control header could look like:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;Cache-Control: max-age=0, s-max-age=600
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;This tells browser caches not to reuse the response, while shared caches may cache it for 600 seconds.&lt;/p&gt;
&lt;p&gt;What if the application does not want every shared cache to store the resource, because the application already sends purges
to the cache when content changes?&lt;/p&gt;
&lt;p&gt;Cache-Control does not give you that separation. The header above enables any shared cache to store the resource
for the specified time. With CDN-Cache-Control, the application could instead send:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;Cache-Control: max-age=0, s-max-age=60
CDN-Cache-Control: max-age=3600
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;This tells the browser not to cache the page, allows a shared cache to keep the page for 60s,
and allows the CDN to keep it for one hour.&lt;/p&gt;
&lt;h2&gt;Targeted CDN-Cache-Control&lt;/h2&gt;
&lt;p&gt;What if you need to target a specific CDN only? Use the provider's targeted CDN-Cache-Control header.&lt;/p&gt;
&lt;p&gt;For example, Peakhour-CDN-Cache-Control instructs Peakhour only to cache the resource.
Other CDNs in the request path will not honour this header.&lt;/p&gt;
&lt;h2&gt;Header format&lt;/h2&gt;
&lt;h3&gt;Examples&lt;/h3&gt;
&lt;p&gt;The following header fields instruct a CDN cache
to consider the response fresh for 600 seconds, other shared caches
for 120 seconds, and any remaining caches for 60 seconds:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;Cache-Control: max-age=60, s-maxage=120
CDN-Cache-Control: max-age=600
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;These header fields instruct a CDN cache to consider the
response fresh for 600 seconds, while all other caches are
prevented from storing it:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;Cache-Control: no-store
CDN-Cache-Control: max-age=600
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Because CDN-Cache-Control is not present, this header field
prevent all caches from storing the response:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;Cache-Control: no-store
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Whereas these prevent all caches except CDN caches from
storing the response:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;Cache-Control: no-store
CDN-Cache-Control: none
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;(note that 'none' is not a registered cache directive; it is used here to
avoid sending a header field with an empty value, because such a
header might not be preserved in all cases).&lt;/p&gt;</content><category term="Learning"></category><category term="Caching"></category><category term="CDN"></category><category term="Rate Limiting"></category><category term="Drupal"></category><category term="Web Performance"></category></entry><entry><title>Cache-Status</title><link href="https://www.peakhour.io/blog/cdn-cache-status-header/" rel="alternate"></link><published>2022-02-25T13:00:00+11:00</published><updated>2022-02-25T13:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2022-02-25:/blog/cdn-cache-status-header/</id><summary type="html">&lt;p&gt;Cache-Status is a proposed standard header to provide visibility into how caching providers interact and handle a request.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Diagnosing &lt;a href="/learning/cdn/"&gt;CDN&lt;/a&gt; caching can be complex, with multiple cache layers, Origin Shielding, and local caching.
Understanding how these layers interact can mean spending weeks working through RFCs for the
finer details of ETag, Cache-Control, and Last-Modified headers - before you even account for advanced controls
that override them.&lt;/p&gt;
&lt;p&gt;When you have a problem, or are trying to optimise caching, the first thing you need is visibility into how a request was handled.&lt;/p&gt;
&lt;p&gt;This is where the new Cache-Status header helps. The new draft RFC, RFC draft-ietf-httpbis-cache-header-08, aims to:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="n"&gt;aide&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;debugging&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;by&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;standardising&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;the&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;format&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;of&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;various&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;non&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;standard&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;debug&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;headers&lt;/span&gt;
&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="n"&gt;used&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;by&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;major&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;CDN&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;providers&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;The&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;semantics&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;of&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;these&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;headers&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;are&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;often&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;unclear&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="ow"&gt;and&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;vary&lt;/span&gt;
&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="n"&gt;between&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="n"&gt;implementations&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;The draft RFC proposes a new header, Cache-Status, with a uniform format for showing how multiple
caching providers interact and handle a request. The Cache-Status header forms a list. Each member of the list
represents a cache that has handled the request, and the last member belongs to the cache that most recently
served the user. The header is only applicable to responses directly generated
by an origin server. Each member can add a parameter indicating how it handled the request.&lt;/p&gt;
&lt;p&gt;A Cache-Status header looks like this:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="nt"&gt;Cache-Status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;OriginCache&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;hit&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ttl&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;1100&lt;/span&gt;&lt;span class="o"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;CDN Company Here&amp;quot;&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;fwd&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;uri-miss&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;It is formatted and labelled, with each cache in the line separated in list format by a ','.&lt;/p&gt;
&lt;h6&gt;The format of the Cache-Status header is a list comprising of the following possible parameters:&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;hit&lt;/strong&gt;          = boolean&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;fwd&lt;/strong&gt;          = (bypass, method, uri-miss, vary-miss, request, stale, partial)&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;fwd-status&lt;/strong&gt;   = integer&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;ttl&lt;/strong&gt;          = integer&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;stored&lt;/strong&gt;       = boolean&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;collapsed&lt;/strong&gt;    = boolean&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;key&lt;/strong&gt;          = string&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;detail&lt;/strong&gt;       = token / string&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;What the parameters mean&lt;/h2&gt;
&lt;h3&gt;Hit&lt;/h3&gt;
&lt;p&gt;The hit parameter signifies that a request was satisfied by the cache. It is a boolean parameter meaning
that its presence indicates a cache hit.&lt;/p&gt;
&lt;p&gt;For example:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="nt"&gt;Cache-Status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;Peakhour&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;IO&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;hit&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;h3&gt;Fwd&lt;/h3&gt;
&lt;p&gt;The Fwd parameter indicates when a response was forwarded to an origin server - and why. The Fwd parameter
contains one of the following arguments:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;bypass&lt;/strong&gt; - The cache was configured to not handle this request&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;method&lt;/strong&gt; - The request method's semantics require the request to be
   forwarded&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;uri-miss&lt;/strong&gt; - The cache did not contain any responses that matched
   the request URI&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;vary-miss&lt;/strong&gt; - The cache contained a response that matched the
   request URI, but could not select a response based upon this
   request's headers and stored Vary headers.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;miss&lt;/strong&gt; - The cache did not contain any responses that could be used
   to satisfy this request (to be used when an implementation cannot
   distinguish between uri-miss and vary-miss)&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;request&lt;/strong&gt; - The cache was able to select a fresh response for the
   request, but the request's semantics (e.g., Cache-Control request
   directives) did not allow its use&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;stale&lt;/strong&gt; - The cache was able to select a response for the request,
   but it was stale&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;partial&lt;/strong&gt; - The cache was able to select a partial response for the
   request, but it did not contain all of the requested ranges (or
   the request was for the complete response)&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;For example:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="nt"&gt;Cache-Status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;Peakhour&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;IO&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;fwd&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;uri-miss&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;h3&gt;Fwd-status&lt;/h3&gt;
&lt;p&gt;The fwd-status parameter indicates the status code the next hop returned in response to the request. It is only
meaningful when "fwd" is present. For example, a complete miss would look like &lt;em&gt;fwd=uri-miss&lt;/em&gt;
and the HTTP status code of the downstream response would be supplied in the fwd-status:&lt;/p&gt;
&lt;p&gt;The following example shows that the cache did not satisfy the request and that the downstream server
indicated an HTTP 304 response - HTTP Not Modified.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="nt"&gt;Cache-Status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;Peakhour&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;IO&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;fwd&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;uri-miss&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;fwd-status&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;304&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;h3&gt;ttl&lt;/h3&gt;
&lt;p&gt;Each cache item is associated with a lifetime, referred to as the Time To Live (TTL). A TTL is in seconds
and indicates the remaining  &lt;em&gt;freshness&lt;/em&gt; of the resource. This value is calculated by the cache.&lt;/p&gt;
&lt;p&gt;For example, a cache hit showing that the resource has a &lt;em&gt;freshness&lt;/em&gt; of 376 seconds.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="nt"&gt;Cache-Status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ExampleCache&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;hit&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ttl&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;376&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Another example shows a cache hit with &lt;em&gt;negative freshness&lt;/em&gt;  - a stale resource.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="nt"&gt;Cache-Status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ExampleCache&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;hit&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ttl&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;-412&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;h3&gt;stored&lt;/h3&gt;
&lt;p&gt;Indicates whether the received response was stored by the cache. This example shows a cache miss and the
cache storing the response for the next hit.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="nt"&gt;Cache-Status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ExampleCache&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;fwd&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;uri-miss&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;stored&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;h3&gt;collapsed&lt;/h3&gt;
&lt;p&gt;Indicates whether the received response was collapsed with another request.&lt;/p&gt;
&lt;h3&gt;key&lt;/h3&gt;
&lt;p&gt;The key is the lookup index into a cache. Cache keys convey a representation of how the cache will
look up the resource used for the response. The cache key is implementation-specific.&lt;/p&gt;
&lt;p&gt;This example shows a cache hit, the cache key and secondary key, and the remaining TTL of the resource.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="nt"&gt;cache-status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;peakhour&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nc"&gt;io&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;hit&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;key&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;https://example.com/calendar.css&amp;quot;&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;secondary-key&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;encoding::gzip&amp;quot;&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ttl&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;30674859&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;h3&gt;detail&lt;/h3&gt;
&lt;p&gt;Allows additional implementation-specific information not captured by other parameters.&lt;/p&gt;
&lt;h3&gt;Multiple layers of caching&lt;/h3&gt;
&lt;p&gt;The header allows multiple layers of caching. For example, a global CDN may sit in front of a local varnish server.
Each cache appends its cache-status to the header, so the last item is the closest cache
to the actual application and the first item is the closest cache to the accessing user.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="w"&gt;  &lt;/span&gt;&lt;span class="nt"&gt;Cache-Status&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;OriginCache&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;hit&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ttl&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;1100&lt;/span&gt;&lt;span class="o"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;CDN Company Here&amp;quot;&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;hit&lt;/span&gt;&lt;span class="o"&gt;;&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nt"&gt;ttl&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="nt"&gt;545&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;h2&gt;Security&lt;/h2&gt;
&lt;p&gt;There are security implications to consider with this header. Making it public gives an attacker insight
into how the cache is configured, which may help them bypass a cache entirely and access an origin server directly.
Cache header security is provider-specific, but could involve enabling it only when required, restricting access to specific
IP addresses, or requiring a custom request header to trigger the cache-status header.&lt;/p&gt;
&lt;p&gt;Peakhour.IO regularly sees automated scans sending other providers' headers to trigger a cache-status header response.&lt;/p&gt;
&lt;h2&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;The Cache-Status header gives clear insight into how cache layers interact
on a website. It provides a standardised format for showing how a cache handled a request and
allows multiple caches to report their part of the request path.&lt;/p&gt;
&lt;p&gt;Peakhour fully supports this new header, and it can be enabled/disabled and secured in the dashboard.&lt;/p&gt;</content><category term="Learning"></category><category term="Caching"></category><category term="CDN"></category><category term="Drupal"></category><category term="HTTP"></category><category term="Rate Limiting"></category><category term="Web Performance"></category></entry><entry><title>Fastly Outage</title><link href="https://www.peakhour.io/blog/fastly-outage-how-to-have-a-plan-b/" rel="alternate"></link><published>2021-06-09T13:00:00+10:00</published><updated>2021-06-09T13:00:00+10:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2021-06-09:/blog/fastly-outage-how-to-have-a-plan-b/</id><summary type="html">&lt;p&gt;Fastly, a major CDN provider, had a global outage last night which affected some of the world's largest websites and internet services. Why didn't they have a backup plan?&lt;/p&gt;</summary><content type="html">&lt;p&gt;You may have heard that Fastly, one of the world’s largest providers of &lt;a href="/learning/cdn/"&gt;CDN&lt;/a&gt; services, had an outage of about 1 hour on
the 8th July. Some of the world's largest websites and services were down, including reddit, CNN, The Guardian,
Shopify Stores, Stripe and Spotify, to name a few.&lt;/p&gt;
&lt;p&gt;According to Fastly themselves, the outage was caused by a 'service misconfiguration' (Update: Bug triggered by a client
changing their configuration), which propagated globally and took websites offline. When users tried to access a website
using the Fastly service, they were presented with a Varnish 503 Guru Meditation error (for those of us old enough to
remember, Guru Meditation is a geek reference to the Commodore Amiga computer of the late 80s!). This generally occurs
when there is an issue contacting the server that the website is actually hosted on. There were also some reports on
twitter saying 'unknown domain'.&lt;/p&gt;
&lt;p&gt;Essentially, Fastly took down its own network with a bad software update. Similar problems have affected other online
platforms in the recent past, including Google, Amazon, and Cloudflare.&lt;/p&gt;
&lt;h2&gt;Why wasn’t there a Plan B?&lt;/h2&gt;
&lt;p&gt;Fastly is an excellent service, with an enviable reliability record. There is a reason why they're trusted by some of
the world's largest websites to improve reliability and load times. However, the vast majority of Fastly clients still
had to sit tight and wait for Fastly to fix the issue. Luckily this was &lt;strong&gt;only&lt;/strong&gt; an hour. It could have been much longer.&lt;/p&gt;
&lt;p&gt;Just like death and taxes, software outages are a certainty. The real story is not that Fastly had an outage. It is
&lt;strong&gt;why didn't these large websites have a contingency plan for a single point of failure&lt;/strong&gt;. For sites at that scale, this
is a major oversight in infrastructure planning.&lt;/p&gt;
&lt;h2&gt;How to handle a CDN failure&lt;/h2&gt;
&lt;p&gt;The simple solution is to have a backup CDN provider already configured and tested, ready to switch over to if your
primary provider fails. You can then utilise short expiry of DNS records to redirect users when the failure happens. This
needn't be very expensive or complicated, although individual circumstances vary.&lt;/p&gt;
&lt;h3&gt;A Quick Introduction To DNS (Domain Name System)&lt;/h3&gt;
&lt;p&gt;Modern CDNs, like Fastly, Cloudflare, and Peakhour, operate as ‘reverse proxies’. This means they sit between a website's
end users and the website server itself. They achieve this through DNS configuration.&lt;/p&gt;
&lt;p&gt;When someone types a domain url into a browser, eg fastly.com, a request is sent to a DNS server with the host name
(eg fastly.com) to find the IP address of the server to retrieve the content from. CDNs, like Fastly, get website admins
to list the address of the CDN on the DNS server. That means requests for a website go through the CDN first.
The process is analogous to listing someone else’s number in the phone book so they take calls for you.&lt;/p&gt;
&lt;p&gt;The DNS server has a TTL (Time To Live) associated with its records. This TTL tells whoever asked for an IP address,
for a given hostname, to remember the answer and not ask again until after the TTL has passed. Typically DNS record
TTLs will be 1 hour, but they can be shorter, eg 1 minute.&lt;/p&gt;
&lt;h3&gt;Switching providers in case of an outage&lt;/h3&gt;
&lt;p&gt;By keeping a short TTL in DNS, webmasters can switch the answer for a DNS request to that of another provider, meaning
users can quickly be directed to an alternative Cloud Provider. Once service has resumed on the primary provider, DNS can
be switched again so normal traffic is resumed. The key is that the alternative provider is configured, tested, and ready
to go.&lt;/p&gt;
&lt;p&gt;This switch can even be automated to minimise outages. Premium DNS services, like Amazon’s Route 53, have optional health
checking of DNS answers. This allows a switch to happen nearly instantly. The only downtime would be for people already
on the site who have to wait for the TTL to expire before being directed to the backup Cloud Provider. In fact this is
exactly what Peakhour.io does. In the event of a catastrophic outage we use DNS to switch to backup infrastructure so our
clients are minimally affected.&lt;/p&gt;
&lt;h3&gt;Backup provider options&lt;/h3&gt;
&lt;p&gt;Now we've shown how switching CDN providers can be done, let's compare the major players and how they might serve as a
backup CDN for Fastly. The three things we'll look at are Cost, Features, Integration.&lt;/p&gt;
&lt;h4&gt;Simply route traffic to the origin&lt;/h4&gt;
&lt;p&gt;This would be the simplest and most cost effective option, &lt;strong&gt;Assuming&lt;/strong&gt; your origin server can handle the increased load
that removing its CDN would entail. It also assumes that it's ok to lose any features that you may have been relying on,
eg load balancing, WAF, edge scripting, image optimisation etc.&lt;/p&gt;
&lt;h4&gt;Cloudflare&lt;/h4&gt;
&lt;p&gt;Many people use Fastly because it uses Varnish, a richly featured, programmable cache with several advanced features.
If you rely on those features, eg cache tags, cache on cookie value, custom cache tags, then you have to be on Cloudflare's
top plan, which is not cheap.&lt;/p&gt;
&lt;p&gt;The other major drawback of Cloudflare is that, unless you are on the most expensive plans, you have to cede control of
DNS to them by delegating your domain. Cloudflare DNS is a great service, however it has the major drawback of caching
negative DNS requests for an hour. If you were switching from an A record to a CNAME record or vice versa, you could be
down for an hour regardless. Not ideal.&lt;/p&gt;
&lt;h4&gt;Akamai&lt;/h4&gt;
&lt;p&gt;Akamai has a highly respected, fully featured, and very expensive product. Maintaining a backup option with them will run
into the $1000s a month. Only you can decide whether it’s worth it.&lt;/p&gt;
&lt;h4&gt;Cloudfront&lt;/h4&gt;
&lt;p&gt;Amazon's CDN offering is the third of the big three alternatives. Since it uses volume based billing, it could be an
attractive CDN option as a standby, as long as you don't mind missing out on cache by tag (sorry Magento and Drupal). It
is also complicated to configure for dynamic content and could miss features that you need. In fact most people use
Cloudfront for static content, eg images, CSS, etc and run a Varnish instance within AWS to provide easier to configure
full page caching.&lt;/p&gt;
&lt;p&gt;This is what the BBC did with the Fastly outage. They had their backup infrastructure on Cloudfront and, as of time of
writing, hadn't switched back to Fastly.&lt;/p&gt;
&lt;h4&gt;Peakhour.io&lt;/h4&gt;
&lt;p&gt;Peakhour is also volume based billing with a minimum monthly charge of $20. We provide all the advanced caching features
that Fastly does, as well as WAF and image optimisation as standard, all in the one service fee. We don't require you
to cede control of DNS to us and we're Australian owned and based.&lt;/p&gt;
&lt;h2&gt;Final Thoughts&lt;/h2&gt;
&lt;p&gt;CDNs, no matter how big, can fail. If your website is important then it needs a Plan B. This is how that Plan B works,
and it doesn't have to be expensive when using a provider like Peakhour.io.&lt;/p&gt;
&lt;p&gt;The important part is having it configured and tested before you need it.&lt;/p&gt;</content><category term="Interest"></category><category term="CDN"></category><category term="DDoS"></category><category term="DNS"></category><category term="Residential Proxies"></category></entry><entry><title>Setting Up A Chia Hobby Farm</title><link href="https://www.peakhour.io/blog/setting-up-a-chia-hobby-farm/" rel="alternate"></link><published>2021-04-30T13:00:00+10:00</published><updated>2021-04-30T13:00:00+10:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2021-04-30:/blog/setting-up-a-chia-hobby-farm/</id><summary type="html">&lt;p&gt;Chia is a new blockchain aiming to one up Bitcoin that's taking the crypto world by storm. We decided to jump on the bandwagon.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Here at Peakhour, when we're not making websites faster and more secure, we like new tech and we like a good scheme. We ran Seti@home while at uni,
and mined some bitcoin back in its early days (unfortunately we don’t have them anymore). Just recently we
decided to set up a Chia farm, not the super-food Chia, but the new crypto coin Chia!&lt;/p&gt;
&lt;h2&gt;What is Chia?&lt;/h2&gt;
&lt;p&gt;Chia is not just a cryptocurrency; it is a brand new blockchain and smart transaction platform that implements the first new
&lt;a href="https://coinmarketcap.com/alexandria/article/what-is-the-nakamoto-consensus" target="new"&gt;Nakamoto consensus&lt;/a&gt; algorithm since Bitcoin.
It was invented by the engineer behind BitTorrent, Bram Cohen, who set out to address the shortcomings of Bitcoin.&lt;/p&gt;
&lt;p&gt;The &lt;a href="https://www.chia.net" target="new"&gt;Chia network&lt;/a&gt; is set to officially launch on May 3rd, and the crypto world is going crazy getting ready.&lt;/p&gt;
&lt;h2&gt;I thought Bitcoin was great, what’s wrong with it?&lt;/h2&gt;
&lt;p&gt;The major flaws that Chia sets out to address are:&lt;/p&gt;
&lt;h3&gt;The environmental impact&lt;/h3&gt;
&lt;p&gt;Without getting too technical, Bitcoin relies on very intensive computations to verify transactions (Proof of work).
These computations are carried out by 'miners' who are rewarded for their efforts from an ever decreasing pool of
possible bitcoin. As the blockchain gets older, the verification gets harder, and as a result the Bitcoin network is now
consuming as much electricity as a &lt;a href="https://www.bloomberg.com/news/articles/2021-04-13/bitcoin-power-consumption-jumped-66-fold-since-2015-citi-says" target="new"&gt;mid-sized country like Argentina&lt;/a&gt;.
Huge mining operations have been set up in China,
and some even have dedicated power plants. One poster child for the environmental impacts of bitcoin is an Australian
startup looking to &lt;a href="https://www.cnet.com/news/blockchain-coal-power-plant-mining-bitcoin-cryptocurrency/" target="new"&gt;reopen a decommissioned coal power plant to power its mining operations&lt;/a&gt;.&lt;/p&gt;
&lt;h3&gt;Possibility of manipulation&lt;/h3&gt;
&lt;p&gt;The huge energy requirements have led to massive server farms in cool regions near cheap electricity, concentrating
mining in the hands of a few large players. This centralisation opens up Bitcoin to the possibility of manipulation
as anyone with 50% of the network can effectively change the blockchain.&lt;/p&gt;
&lt;h2&gt;How does Chia address these issues with Bitcoin?&lt;/h2&gt;
&lt;p&gt;Chia has implemented a new consensus algorithm called proof of space and time. It relies on unused hard disk space,
which lots of people have and can use free of charge. Again, without getting too technical, 'Farmers' seed unused
space on their hard drive/SSD with 'plots' of cryptographic numbers. When verifying transactions, the network issues a
challenge to the farmers, who then scan their plots for the closest answer. The farmer passes this answer back to a server on
the network known as a 'timelord'. The farmer with the closest answer is rewarded with a coin.&lt;/p&gt;
&lt;p&gt;The more 'plots' a farmer has, the higher the chance of winning a coin.&lt;/p&gt;
&lt;h2&gt;Setting up the Farm&lt;/h2&gt;
&lt;p&gt;We got excited about the idea of Chia being the next big thing and decided to hitch a ride on the bandwagon. We had a spare old
computer lying around, so we decided to fill it up with as much storage as we could find and farm some Chia!&lt;/p&gt;
&lt;p&gt;To set up a farm you need as much space for plots as you can get your hands on. The speed of this space
is not critical, so you can use spinning drives. We found 12-terabyte NAS drives to be the sweet spot for bang for buck,
and opted for 4x Seagate Ironwolf NAS drives from Scorptec. (Note: they’ve gone up $40 since we bought them!)&lt;/p&gt;
&lt;p&gt;Seeding the plots, however, is VERY disk intensive, so you need speedy and reliable SSDs. Since they don't have moving
parts you'd think that SSDs would be very reliable, but just like spinning drives, they wear out and eventually die.
SSDs come with a TBW (Terabytes Written) rating which estimates the amount of writes you can do before the drive will die.
Popular consumer SSDs like a 500GB Samsung EVO 870 have a TBW rating of 300. Chia recommends getting server-grade SSDs
that have ratings into the Petabytes, but of course they come with a price to match.&lt;/p&gt;
&lt;p&gt;We were limited by the age of our available motherboard, so we could only choose from SATA3-compatible drives. Appropriate enterprise
SSDs were also unavailable, so in the end we settled on 500GB Seagate Firecuda 120s that are rated at 700 TBW (also
from Scorptec). We decided on two so we could double the plotting rate.&lt;/p&gt;
&lt;p&gt;Now we had our hands on the drives, we just had to install everything. Within a few hours of transferring components and
wiring it up we were good to go and started plotting.&lt;/p&gt;
&lt;div class="text-center"&gt;
&lt;img src="/static/images/blog/chia-farm.jpg" alt="HTTP Request Detail" style="width: 60%;" /&gt;&lt;br/&gt;
&lt;em&gt;Our Chia Farm!&lt;/em&gt;
&lt;/div&gt;

&lt;h2&gt;Final Thoughts&lt;/h2&gt;
&lt;p&gt;Our old hardware limits the speed of the SSDs and therefore the number of plots we generate. We're managing around 10 plots a day and will need close to 500 before we’ve filled the available storage.&lt;/p&gt;
&lt;p&gt;When we bought our equipment (28th April) the &lt;a href="https://chiacalculator.com/" target="new"&gt;chia calculator&lt;/a&gt; showed
that we’d be earning around a coin a day when fully plotted. However, with the official launch of Chia imminent, the network has exploded in growth, passing 1 Exabyte (1000 Terabytes) just one day ago. It's now up to 1.68 Exabytes! So unfortunately our estimated time to a coin is down to one every 7 days. That’s still pretty good though, and if Chia does end up supplanting Bitcoin we might just make back the setup costs.
It has been a fun exercise, even if we did spend too long on it, and if it does end up being a flash in the pan we can always use the drives for something else….&lt;/p&gt;</content><category term="Interest"></category><category term="Features"></category><category term="Machine Learning"></category><category term="Networking"></category><category term="Residential Proxies"></category><category term="TLS"></category><category term="CDN"></category></entry><entry><title>The CDN is Dead, Long Live the CDN!</title><link href="https://www.peakhour.io/blog/cache-partitioning-firefox-chrome/" rel="alternate"></link><published>2021-02-17T13:00:00+11:00</published><updated>2021-02-17T13:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2021-02-17:/blog/cache-partitioning-firefox-chrome/</id><summary type="html">&lt;p&gt;Firefox and Chrome are introducing cache partitioning to improve your privacy, from everyone except Google.&lt;/p&gt;</summary><content type="html">&lt;p&gt;It has long been conventional wisdom that if your website uses a third-party library, such as jQuery or Bootstrap,
you should load it from the library's high-performance &lt;a href="/learning/cdn/"&gt;CDN&lt;/a&gt;. For example, jQuery has&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;code.jquery.com
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;from which you can include any version of jQuery on your website, e.g.:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;&lt;span class="nt"&gt;&amp;lt;script&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="na"&gt;src=&lt;/span&gt;&lt;span class="s"&gt;&amp;quot;https://code.jquery.com/jquery-3.3.1.min.js&amp;quot;&lt;/span&gt;
&lt;span class="w"&gt;          &lt;/span&gt;&lt;span class="na"&gt;integrity=&lt;/span&gt;&lt;span class="s"&gt;&amp;quot;sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=&amp;quot;&lt;/span&gt;
&lt;span class="w"&gt;          &lt;/span&gt;&lt;span class="na"&gt;crossorigin=&lt;/span&gt;&lt;span class="s"&gt;&amp;quot;anonymous&amp;quot;&lt;/span&gt;&lt;span class="nt"&gt;&amp;gt;&amp;lt;/script&amp;gt;&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;This was meant to give you two performance benefits: the browser could load jQuery from a global CDN, &lt;strong&gt;AND&lt;/strong&gt; if another site
the visitor had already opened included the same jQuery file in the same way, the file might already be in their
browser cache. In that case the browser could reuse the cached copy and the page would load faster.&lt;/p&gt;
&lt;p&gt;In practice, website visitors rarely see much benefit. The browser still has to open a separate connection
to the third-party CDN, which can cancel out any latency advantage the CDN provides. There are also so many versions
of major libraries in use that the chance of two websites using the same version,
AND both loading it from the CDN in the same way, is small.&lt;/p&gt;
&lt;h2&gt;Cache Partitioning in Chrome and Firefox&lt;/h2&gt;
&lt;p&gt;Until recently, Chrome and Firefox used a shared browser cache for all websites that a user visited. This means that if
you visited a website and it loaded this resource:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;https://www.somesite.com/foo.js
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;and you then visited a second website that included the same resource, the resource would be loaded from the
shared cache rather than being downloaded from the internet a second time. Cookies set by these resources would also be shared.&lt;/p&gt;
&lt;p&gt;As of Firefox v85 and Chrome v86, the browser cache will be partitioned. This means that the same resource included
on two sites will have to be downloaded from the internet twice and stored separately.&lt;/p&gt;
&lt;h2&gt;Why are they doing this?&lt;/h2&gt;
&lt;p&gt;The main reason is privacy. Shared browser caches have been used by unscrupulous operators
to track users across different websites without consent. They do this by utilising cache
side-channel attacks.&lt;/p&gt;
&lt;h2&gt;What Are Side Channel Attacks?&lt;/h2&gt;
&lt;p&gt;In computer systems, a program or algorithm can be correct and secure in itself, while its interaction with the computer still leaves
information that an attacker can exploit. A useful analogy from the spy world is using a laser beam to measure the vibrations
on a pane of glass, so you can hear a conversation inside a room that you otherwise could not hear.&lt;/p&gt;
&lt;p&gt;Side-channel attacks can be ingenious, utilising techniques such as:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;observing power consumption/electromagnetic radiation;&lt;/li&gt;
&lt;li&gt;timing data moving in and out of memory;&lt;/li&gt;
&lt;li&gt;timing how long a CPU takes to execute an instruction;&lt;/li&gt;
&lt;li&gt;measuring sounds emitted by a hard drive.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;For the browser cache, a simple attack starts with the user opening a malicious website. That website
then requests resources (e.g., an image) from another site. By timing how long the browser takes to load that image,
it can determine whether it was fetched from the browser cache or had to be downloaded
over the internet. According to Google, this technique can be used to:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Detect if a user has visited a specific site.&lt;/li&gt;
&lt;li&gt;Detect if an arbitrary string is in the user's search results by checking for 'no search result' images used by particular
  sites.&lt;/li&gt;
&lt;li&gt;Track users across sites using the cache.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;GitHub user terjanq has published a &lt;a href="https://terjanq.github.io/Bug-Bounty/Google/cache-attack-06jd2d2mz2r0/index.html_"&gt;cache side channel attack&lt;/a&gt;
that can gather all sorts of information from Google services. He states that a regular Google user could have the following
information leaked:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;search history&lt;/li&gt;
&lt;li&gt;videos watched&lt;/li&gt;
&lt;li&gt;the exact URLs visited&lt;/li&gt;
&lt;li&gt;time frames of the activities&lt;/li&gt;
&lt;li&gt;private book collection&lt;/li&gt;
&lt;li&gt;books read / purchased / bookmarked / favourite / etc.&lt;/li&gt;
&lt;li&gt;private emails&lt;/li&gt;
&lt;li&gt;tokens / credit card numbers / phone numbers / etc.&lt;/li&gt;
&lt;li&gt;contacts (including email addresses, names, phone numbers)&lt;/li&gt;
&lt;li&gt;bookmarked websites&lt;/li&gt;
&lt;li&gt;and more.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Perhaps it was simpler to implement cache partitioning in Chrome than to keep patching these vulnerabilities...&lt;/p&gt;
&lt;h2&gt;What you should do&lt;/h2&gt;
&lt;p&gt;Google estimates that the changes in browser caching will have minimal impact, as little as a 0.3% difference in
FCP (First Contentful Paint). However, since there will no longer be any shared-cache benefit from hosting on a third-party CDN, you should:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Host all third-party libraries on your own domain&lt;/strong&gt; to eliminate the need for the browser to establish a second connection.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Use a delivery layer such as Peakhour Edge,&lt;/strong&gt; which transparently caches and serves your website assets close to users.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;Some third-party resources really are shared across millions of websites. Google Fonts is the obvious example.
Under the new cache partitioning implementations, these fonts will have to be downloaded for every site
that uses them. That has a cost for site speed and data usage. It also has the side effect of
&lt;strong&gt;improving&lt;/strong&gt; Google's ability to track users, because each font request tells Google another site the user has visited.&lt;/p&gt;
&lt;p&gt;Safari has been partitioning the HTTP cache since 2013, leaving Microsoft's Edge as the last major browser with global HTTP caches.
However, future versions will be based on Chromium (the open-source version of Chrome) so should get cache partitioning by default.&lt;/p&gt;</content><category term="Learning"></category><category term="CDN"></category><category term="Caching"></category><category term="Drupal"></category><category term="Web Performance"></category></entry><entry><title>Secure Dynamic Content Caching</title><link href="https://www.peakhour.io/blog/caching-dynamic-content-with-a-cdn/" rel="alternate"></link><published>2021-02-09T13:00:00+11:00</published><updated>2021-02-09T13:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2021-02-09:/blog/caching-dynamic-content-with-a-cdn/</id><summary type="html">&lt;p&gt;Comprehensive guide to secure dynamic content caching that improves server performance whilst maintaining security controls. Learn how modern application security platforms integrate caching with threat protection for optimal performance-security balance.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Last time we covered how &lt;a href="/blog/common-issues-that-impact-site-speed/#slow" target="issues"&gt;slow server performance&lt;/a&gt; can
have a negative, sometimes &lt;strong&gt;very&lt;/strong&gt; negative, effect on your website load times. The causes of slow server responses
are many and varied, and not necessarily tied to the server specification. Diagnosing and dealing with them can be difficult,
time-consuming, and costly. One practical way to reduce the impact is to look for opportunities to cache
&lt;a href="/learning/dynamic-content-caching/"&gt;dynamic content&lt;/a&gt;.&lt;/p&gt;
&lt;h2&gt;What is Dynamic Content?&lt;/h2&gt;
&lt;p&gt;Content delivered by a web server is categorised as either static or dynamic. Static content is the same for every user
and is delivered without being generated or processed by the server. Static content is fast to deliver
and does not tax a server's resources.&lt;/p&gt;
&lt;p&gt;Dynamic content is generated by the server for every request. That can involve querying a database several times and executing
a large amount of code. Depending on the work required to generate the result, dynamic content can be resource-heavy.&lt;/p&gt;
&lt;p&gt;Traditionally CDNs have only cached and served the static content of websites, usually the images, CSS files,
Javascript files, etc. They required the webmaster to upload these resources to the CDN's servers and to modify their website
source HTML to access the resources from the CDN. For example,&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;https://www.yourdomain.com/image1.jpg
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;would be changed to be something like&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;code&gt;https://cdn.yourdomain.com/image1.jpg
&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;

&lt;p&gt;Modern CDNs, like Peakhour, act as a reverse proxy{:target="learning"}, which means they sit between the
end user and the website's origin server. This enables them to &lt;em&gt;transparently&lt;/em&gt; cache a copy of &lt;em&gt;anything cacheable&lt;/em&gt; being returned by the
origin server. By transparently caching, we mean the caching happens without changes to the original website.&lt;/p&gt;
&lt;h3&gt;Full Page Caching&lt;/h3&gt;
&lt;p&gt;Full Page Caching (FPC) is where the actual HTML document of a web page is cached.&lt;/p&gt;
&lt;p&gt;Most websites are built using a Content Management System (CMS). Widely used CMS platforms are Wordpress,
Drupal, Magento, etc. By default, every time a page is viewed the CMS has to generate the content
from its database. Most of the time this generation is unnecessary. The content is either the
same for every user, changes very rarely, or only differs by a small amount of personalisation. In each case it
is possible to perform Full Page Caching to improve page load times and to cut server load. Let's have a look at the
difference full page caching makes to one of our clients, Magento 2 store &lt;a href="/case-studies/savvysupporter/"&gt;savvysupporter.com.au&lt;/a&gt;.&lt;/p&gt;
&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/savvy-before.jpg" width="100%" alt="Savvysupporter before"/&gt;
&lt;em&gt;Main document load &lt;strong&gt;before&lt;/strong&gt; caching: &lt;strong&gt;2.07s&lt;/strong&gt;&lt;/em&gt;
&lt;/div&gt;

&lt;div class="text-center" style="padding: 20px 0px"&gt;
&lt;img src="/static/images/savvy-after.jpg" width="100%" alt="Savvysupporter after"/&gt;
&lt;em&gt;Main document load &lt;strong&gt;after&lt;/strong&gt; caching: &lt;strong&gt;82ms!!&lt;/strong&gt;&lt;/em&gt;
&lt;/div&gt;

&lt;p&gt;Caching the page has cut nearly &lt;strong&gt;2 whole seconds&lt;/strong&gt; from the download time. That matters: load differences
as small as 100 milliseconds have measurable impacts on website conversion rates. With a Magento 2
website, it's possible to cache all full pages outside the checkout process and the customer/admin area. This can reduce load
on the origin in the order of &lt;strong&gt;60-70%&lt;/strong&gt; and make the customer experience much better.&lt;/p&gt;
&lt;h3&gt;API (Application Programming Interface) Caching&lt;/h3&gt;
&lt;p&gt;Many API calls used by web applications are for the retrieval of information to be displayed to the end user. Examples
 include:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Pricing and product information&lt;/li&gt;
&lt;li&gt;Form auto completion&lt;/li&gt;
&lt;li&gt;Product catalogue searches&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;These are all strong candidates for caching, reducing load on your server and making websites faster.&lt;/p&gt;
&lt;h2&gt;Handling Stale Information&lt;/h2&gt;
&lt;p&gt;The one potential drawback of caching dynamic content is the possibility of returning out of date information to the
end user. There are two strategies to deal with this risk.&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Setting a short Time To Live (TTL) with the caching provider&lt;/strong&gt;. By only keeping content cached for a short time, e.g. 5
   minutes, the cache will never be without up to date information for very long. Cached content will expire and the new
   version fetched from the origin server. The drawback with this method is that, unless your site is very busy, cache hit
   rates can be low, users can frequently get slow loading pages, and stale content is still possible. However, for very
   busy sites this can be an effective, low-overhead strategy.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Flushing content when it changes&lt;/strong&gt;. This strategy sets very long time to live in the cache, months or even years. When
   content is updated the cache is informed and the new version fetched. This notification of new content could happen
   manually or, in the case of some CMSs, automatically. For example, Magento 2 and Drupal 8 have a built in framework
   for integrating caching providers to handle flushing when content/stock changes. This strategy ensures very high hit
   rates, but unless the flushing is accurate and fast it can result in stale content.&lt;/p&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;Security-Performance Integration&lt;/h2&gt;
&lt;p&gt;Modern &lt;a href="/learning/application-security/what-is-application-security-platform/"&gt;Application Security&lt;/a&gt; platforms like Peakhour combine caching with comprehensive security controls so performance optimisation does not weaken application protection:&lt;/p&gt;
&lt;h3&gt;Edge Security Processing&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;WAF/WAAP Integration&lt;/strong&gt;: Security rules are processed at the edge before content is cached, ensuring malicious requests never reach your origin&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Bot Management&lt;/strong&gt;: Caching adapts based on traffic classification - legitimate users benefit from cached content whilst malicious bots are filtered out&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;API Protection&lt;/strong&gt;: Secure caching of API responses with appropriate security headers and access controls&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;Cache Security Controls&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Secure Purging&lt;/strong&gt;: Authorised cache invalidation through secure API endpoints with proper authentication&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Content Classification&lt;/strong&gt;: Different caching policies for public, authenticated, and sensitive content&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Header Security&lt;/strong&gt;: Automatic injection of security headers (CSP, HSTS, etc.) into cached responses&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;Secure dynamic &lt;a href="/products/advanced-caching/"&gt;content caching&lt;/a&gt; works best when performance optimisation and application security are handled together. By implementing caching within an Application Security Platform, organisations can achieve:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Superior Performance&lt;/strong&gt;: Dramatic improvements in load times and server capacity&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Enhanced Security&lt;/strong&gt;: Protection against threats at the edge before they impact cached content&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Operational Efficiency&lt;/strong&gt;: Reduced origin server load whilst maintaining security posture&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Cost Optimisation&lt;/strong&gt;: Lower infrastructure costs through intelligent caching and edge processing&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;For modern applications and APIs, secure dynamic caching should form part of the performance and security strategy, improving the user experience whilst maintaining threat protection.&lt;/p&gt;</content><category term="Performance"></category><category term="Drupal"></category><category term="Caching"></category><category term="WordPress"></category><category term="Web Performance"></category><category term="CDN"></category><category term="Rate Limiting"></category></entry><entry><title>Common Issues That Affect Website Performance</title><link href="https://www.peakhour.io/blog/common-issues-that-impact-site-speed/" rel="alternate"></link><published>2020-11-30T13:00:00+11:00</published><updated>2020-11-30T13:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2020-11-30:/blog/common-issues-that-impact-site-speed/</id><summary type="html">&lt;p&gt;After covering testing we're going to get an overview of the common issues that impact website load times and how to check for them.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Our last three website performance articles covered the why and how of
&lt;a href="/blog/introduction-to-website-performance-testing/"&gt;testing website performance&lt;/a&gt;,
and introduced our two favourite performance testing tools, &lt;a href="/blog/testing-website-speed-webpagetest/"&gt;WebPageTest.org&lt;/a&gt;, and
&lt;a href="https://www.peakhour.io/blog/testing-sitespeed-lighthouse/"&gt;Lighthouse&lt;/a&gt;. This article covers the common causes of slow
loading times, and how to spot them using the same testing tools.&lt;/p&gt;
&lt;h2&gt;1. Latency&lt;/h2&gt;
&lt;p&gt;Latency is the time it takes for a request from a client's browser to traverse the internet to reach the website server.
A number of factors affect latency, with physical distance usually the main one.
Data on the internet travels at the speed of light, so distance may not sound like a major concern.
In practice, small delays compound quickly. Here are some realistic examples of request
latency:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Sydney to Melbourne: 5ms&lt;/li&gt;
&lt;li&gt;Sydney to Perth: 25ms&lt;/li&gt;
&lt;li&gt;Sydney to San Francisco: 75ms&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong&gt;NOTE&lt;/strong&gt;: Common tools used to determine latency between servers are Ping and Traceroute, they will provide you with
&lt;strong&gt;Request Round Trip (RTT)&lt;/strong&gt; latency, ie the time it takes for a request to get to the server and back. So 2 times the numbers above.&lt;/p&gt;
&lt;p&gt;Here is an example of latency during a webpage load. We'll ignore internet speed and any potential
network congestion, and focus only on latency. We'll request a website hosted in San Francisco from a
browser located in Sydney.&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Browser establishes a TLS (Secure) connection with server, &lt;em&gt;6 * 75ms&lt;/em&gt; = &lt;strong&gt;450ms&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;Browser sends HTTP Request for the main page = &lt;strong&gt;75ms&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;Server sends HTTP Response containing page which specifies 10 assets = &lt;strong&gt;75ms&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;Browser requests the 10 additional assets = &lt;strong&gt;75ms&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;Server responds with 10 assets &lt;em&gt;10 * 75&lt;/em&gt; = &lt;strong&gt;750ms&lt;/strong&gt;&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;In this example, a website with 10 assets, which is a fairly simple page, has nearly &lt;strong&gt;1.5s&lt;/strong&gt; added to
the page load time through latency alone. If the same site was hosted in Melbourne, the time due to latency would be just
&lt;strong&gt;95ms&lt;/strong&gt;. To solve this problem you would either move your website server closer to your customers, or use Peakhour Edge caching.&lt;/p&gt;
&lt;h3&gt;How do I check for latency problems?&lt;/h3&gt;
&lt;p&gt;If there is a long distance between your server and your customers, eg your website is hosted in the US and your customers
are in Australia, page load times will be significantly affected by latency. A good tool for indicative RTT times between cities is
provided by &lt;a href="https://wondernetwork.com/pings"&gt;wonder network&lt;/a&gt;. Webpagetest.org also provides a Traceroute tool which
can give you indicative RTT times between its testing locations and your website.&lt;/p&gt;
&lt;h2&gt;2. Old version of HTTP&lt;/h2&gt;
&lt;p&gt;Browsers communicate with websites using a protocol called HTTP. The protocol formalises the steps needed to connect a
browser and server so a webpage can be downloaded. Since the introduction of the web, HTTP has gone through
a number of revisions. The currently widely adopted version is HTTP/2.&lt;/p&gt;
&lt;p&gt;Even though HTTP/2 was introduced over 5 years ago, over &lt;a href="https://w3techs.com/technologies/details/ce-http2" target="trends"&gt;50% of websites&lt;/a&gt;
are still only served over HTTP/1.1. Without getting too technical, HTTP/2 has significant advantages over older versions
because it reduces the number of connections between a browser and server, and transfers information more efficiently.&lt;/p&gt;
&lt;p&gt;Serving your website over HTTP/2 can improve page load times by &lt;strong&gt;10-15%&lt;/strong&gt;.&lt;/p&gt;
&lt;h3&gt;How do I identify the version of HTTP my website is served over?&lt;/h3&gt;
&lt;p&gt;&lt;a href="/blog/testing-website-speed-webpagetest/" target="testing"&gt;Run a performance test of your website&lt;/a&gt; using WebPageTest.org, once complete
click on the 'Details' link in the report navigation. You will see the Waterfall View. Click on the first request, circled
below in this image:&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/http2-waterfall.jpg" alt="Webpagetest waterfall view" style="width: 100%;margin-bottom: 20px"/&gt;&lt;/p&gt;
&lt;p&gt;It will bring up the request details including the Protocol used, circled below:&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/request-detail-http2.jpg" alt="HTTP Request Detail" style="width: 100%;margin-top: 20px"/&gt;&lt;/p&gt;
&lt;h2&gt;3. &lt;a name="slow"&gt;&lt;/a&gt; Slow Server Performance&lt;/h2&gt;
&lt;p&gt;A slow initial response from the server is a common cause of poor page load
performance. The majority of websites are built using some sort of Content Management System (CMS), eg Wordpress, Magento,
Drupal, Shopify, to name a few. By default, a CMS has to construct a page each time a browser requests it, even when the
content has not changed. That process can involve executing a lot of code and querying a database several times
before returning the HTML that forms the page.&lt;/p&gt;
&lt;p&gt;The specification of your server, the number of CMS plugins, the state of your database, and the number of simultaneous
users can all affect the response time. A slow server may take 10s or more to respond, while even a fast server can still take over
a second to generate a page. That is enough to pretty much make you fail the new Core Web Vitals guidelines before you even
get started.&lt;/p&gt;
&lt;h3&gt;How do I check for slow server performance?&lt;/h3&gt;
&lt;p&gt;Server performance can be checked from the waterfall view in WebPageTest.org. The time taken to download the main document
indicates whether server performance is affecting your page load. Here's an example:&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/server-performance-waterfall.jpg" alt="Server Performance Waterfall" style="width: 100%"/&gt;&lt;/p&gt;
&lt;p&gt;The total time taken to download the main document here is over 1.3s. That is not too bad, but it has already used up over half
the 2.5s required to achieve 'Good' for the Largest Contentful Paint (LCP) metric in &lt;a href="/blog/web-vitals/" target="webvitals"&gt;web vitals&lt;/a&gt;&lt;/p&gt;
&lt;h2&gt;4. Page Weight&lt;/h2&gt;
&lt;p&gt;Even though internet speeds are getting faster, they are still a limiting factor to how fast a browser can download a page.
If the requested page and the associated resources, eg images, javascript, CSS, are large files, it will take longer
for the browser to download all the required information to display a page. Unoptimised images are a common culprit
for inflating page weight. Unoptimised CMS themes and third party javascript libraries are another.&lt;/p&gt;
&lt;h3&gt;How do I check my page weight?&lt;/h3&gt;
&lt;p&gt;WebPageTest.org reports the page weight in the far right of its summary, circled here:&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/page-weight.jpg" alt="Page Weight" style="width: 100%"/&gt;&lt;/p&gt;
&lt;p&gt;You should be aiming for 2mb or less. This particular website is more than a little obese, coming in at around 30mb...
WebPageTest also has a section called 'Content Breakdown' which shows where the weight is, ie in images, javascript, etc.&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/content-breakdown.jpg" alt="Content Breakdown" style="width: 100%"/&gt;&lt;/p&gt;
&lt;p&gt;Over 27mb in images is what's weighing down this page.&lt;/p&gt;
&lt;p&gt;Peakhour also has a &lt;a href="https://www.peakhour.io/pages/page-weight" target="pageweight:"&gt;pageweight tool&lt;/a&gt; that you
can run for a page on your website and receive a full optimisation report for the images on the page, along with downloadable
optimised images.&lt;/p&gt;
&lt;h2&gt;5. &lt;a name="blocking"&gt;&lt;/a&gt;Blocking Resources&lt;/h2&gt;
&lt;p&gt;Resources that can block a page include CSS and javascript. When the main HTML page is downloaded and parsed, the browser
will not render anything to the screen until the CSS and javascript files that are referenced are downloaded and parsed.
If your website includes a lot of CSS and javascript, which is not uncommon for pre built themes for CMS's like Wordpress
and Magento, the downloading and parsing of these files can delay the browser from showing any content for several
seconds.&lt;/p&gt;
&lt;h3&gt;How do I identify blocking resources?&lt;/h3&gt;
&lt;p&gt;The easiest way to check is to use &lt;a href="/blog/testing-sitespeed-lighthouse/"&gt;Google Lighthouse&lt;/a&gt;) to identify them for you.
After running the report, go to the opportunities section and expand the 'Eliminate render-blocking resources' section
to see what it finds.&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/lighthouse-opportunities.jpg" alt="Lighthouse Opportunities" style="max-width: 100%"/&gt;&lt;/p&gt;
&lt;h2&gt;6. Third Party Resources&lt;/h2&gt;
&lt;p&gt;It is very common for websites to include third party resources. These are files that have to be fetched
from a domain/url other than the one that the page is being requested on. Eg if you are requesting www.domain.com.au,
it might include a resource from a third party, eg www.anotherdomain.com.au. Common third party resources might be
analytics scripts (eg Google analytics), marketing tools (eg Mailchimp)&lt;/p&gt;
&lt;p&gt;This forces the browser to open another connection to the third party. The time taken to do this, combined with the possibility
that the third party might be slow to respond (see latency and server performance above), can often ruin load times. If the
resource in question is also a blocking resource the problem is compounded.&lt;/p&gt;
&lt;h3&gt;Spotting a problem with third party resources&lt;/h3&gt;
&lt;p&gt;WebPageTest has a section 'Domains' which displays all the individual domains that the browser connected to when loading
the page:&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/third-party.jpg" alt="Lighthouse Opportunities" style="max-width: 100%"/&gt;&lt;/p&gt;
&lt;p&gt;If your website is requesting resources from more than 10 separate domains then you should consider why that is happening
and whether they are necessary. If you are using external CDNs to load javascript or CSS then you should probably
move them onto your domain.&lt;/p&gt;
&lt;p&gt;Social sharing plugins are notorious for pulling in a lot of resources from external domains. You should replace any share
buttons using external scripts with simple static buttons. It is simple to do, and your website will be much smaller and
faster. By using the javascript shares that social sites prescribe, you are slowing down your website
and allowing third parties to track your clients across the internet.&lt;/p&gt;
&lt;h2&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;There are many factors that can slow down your website, drive away customers, and cost you money. You have to regularly
&lt;a href="/blog/introduction-to-website-performance-testing/"&gt;test your website&lt;/a&gt; to check for issues and address them when you find
them. Next we'll cover what you can do to fix the issues we've mentioned here.&lt;/p&gt;</content><category term="Performance"></category><category term="Web Performance"></category><category term="CDN"></category><category term="Caching"></category><category term="Core Web Vitals"></category><category term="WordPress"></category><category term="Rate Limiting"></category></entry><entry><title>Are Australian Magento Stores Ready For Web Vitals?</title><link href="https://www.peakhour.io/blog/web-vitals-magento-australia/" rel="alternate"></link><published>2020-11-19T13:00:00+11:00</published><updated>2020-11-19T13:00:00+11:00</updated><author><name>AC</name></author><id>tag:www.peakhour.io,2020-11-19:/blog/web-vitals-magento-australia/</id><summary type="html">&lt;p&gt;Are Australian Magento stores prepared for the introduction of Core Web Vitals as a search signal? Read on to find out.&lt;/p&gt;</summary><content type="html">&lt;p&gt;Google recently confirmed that the &lt;a href="/blog/web-vitals/"&gt;Core Web Vitals&lt;/a&gt; will be included as search signals from May 2021. This
means that, all else being equal, sites that score well on the Core Web Vitals are likely to rank ahead of those that don&amp;apos;t.&lt;/p&gt;
&lt;h2&gt;A quick refresher of Web Vitals&lt;/h2&gt;
&lt;p&gt;The Core Web Vitals consist of three metrics, chosen to measure the experience of browsing a website. Here they are, along
with the current thresholds for a 'Good', 'Needs Improvement', or 'Poor' rating:&lt;/p&gt;
&lt;div class="row" style="margin-bottom: 30px"&gt;
    &lt;div class="col-sm-4 text-center"&gt;
        &lt;img src="/static/images/blog/lcp.svg" alt="Largest Contenful Paint" style="max-width: 300px"/&gt;
    &lt;/div&gt;
    &lt;div class="col-sm-4 text-center"&gt;
        &lt;img src="/static/images/blog/fid.svg" alt="[First Input Delay](/solutions/use-case/improve-web-vitals/)" style="max-width: 300px"/&gt;
    &lt;/div&gt;
    &lt;div class="col-sm-4 text-center"&gt;
        &lt;img src="/static/images/blog/cls.svg" alt="Cumulative Layout Shift" style="max-width: 300px"/&gt;
    &lt;/div&gt;
&lt;/div&gt;

&lt;p&gt;Web Vitals also defines several other metrics, including Time to First Byte (TTFB), and First Contentful Paint (FCP). While these
aren't 'core' metrics, they are useful for diagnosing where performance problems come from. The target TTFB
in the current version of &lt;a href="/blog/testing-sitespeed-lighthouse/"&gt;Google Lighthouse&lt;/a&gt; is listed as 100ms, while poor is 600ms.
FCP is good under 2s and poor over 4s.&lt;/p&gt;
&lt;h2&gt;How will Australian sites fare?&lt;/h2&gt;
&lt;p&gt;We asked a simple question: what percentage of Australian websites are ready for
Web Vitals as a search signal, and what percentage could lose ground? To answer it, we ran them through
our recently released &lt;a href="/pages/website-competitor-speed-test/"&gt;Website Speed Comparison&lt;/a&gt; tool, which gathers Web Vitals metrics
as part of its report.&lt;/p&gt;
&lt;h2&gt;Methodology&lt;/h2&gt;
&lt;p&gt;There are a lot of Australian websites, so we broke the analysis down by technology platform. We started with
online stores running Magento.&lt;/p&gt;
&lt;p&gt;We started with an initial list from BuiltWith of around 4000 domains. We then trimmed it down by removing development
and demo sites, and sites returning an error, leaving a total of 2998. The list includes some of the largest retailers in Australia,
including Harvey Norman, Sportsgirl, Philips and Dyson.&lt;/p&gt;
&lt;p&gt;We then ran our competitor report for &lt;strong&gt;&lt;em&gt;every one of them&lt;/em&gt;&lt;/strong&gt;. The report was run from our Sydney office over a business-class
internet connection. The test throttles the connection to simulate typical 4G mobile phone
speeds, and uses a mobile phone user agent/screen size to view the mobile version of the site. We did not throttle
CPU performance like Lighthouse does.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;NOTE&lt;/strong&gt; We're excluding First Input Delay in our results as Google defines First Input Delay (FID)
as a real user measurement (RUM). FID measures the time taken for the website to respond to the first
user interaction, such as clicking a link or button. Technically this interaction can happen any time after the first content
appears in the browser; in practice, most people won't click something until after a page is visually complete,
and this timing is highly variable. We do measure First Input Delay by simulating a click, but our interaction
happens soon after the FCP, while content is still loading. That would cause more sites to fail the metric
than would fail in real life, so we're excluding it from our calculations.&lt;/p&gt;
&lt;p&gt;On to the results. We did not expect strong numbers, but the results were still worse than expected.&lt;/p&gt;
&lt;h2&gt;The results&lt;/h2&gt;
&lt;p&gt;The first check was for the number of websites that achieve a good rating in any of the Web Vitals metrics.&lt;/p&gt;
&lt;table class="table"&gt;
    &lt;td colspan="5" style="text-align: center"&gt;
        &lt;em&gt;Percentage of sites that are 'Good'&lt;/em&gt;
    &lt;/td&gt;
&lt;tr&gt;
    &lt;th&gt;&lt;/th&gt;
    &lt;th&gt;TTFB (&lt; 0.1s)&lt;/th&gt;
    &lt;th&gt;FCP (&lt; 1s)&lt;/th&gt;
    &lt;th&gt;LCP (&lt; 2.5s)&lt;/th&gt;
    &lt;th&gt;CLS (&lt;.1)&lt;/th&gt;
&lt;/tr&gt;
&lt;tr&gt;
    &lt;th&gt;Result&lt;/th&gt;
    &lt;td&gt;99 (3.3%)&lt;/td&gt;
    &lt;td&gt;71 (2.37%)&lt;/td&gt;
    &lt;td&gt;254 (8.47%)&lt;/td&gt;
    &lt;td&gt;1074 (35.8%)&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;

&lt;p&gt;CLS was the strongest result, which isn't a surprise. The remaining results are not encouraging: only 8.5% pass LCP. Let's
see how many need improvement.&lt;/p&gt;
&lt;table class="table"&gt;
&lt;tr&gt;
    &lt;td colspan="5" style="text-align: center;"&gt;
        &lt;em&gt;Percentage of sites that 'Needs Improvement'&lt;/em&gt;
    &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
    &lt;th&gt;&lt;/th&gt;
    &lt;th&gt;TTFB (&lt; 0.6s)&lt;/th&gt;
    &lt;th&gt;FCP (&lt; 2s)&lt;/th&gt;
    &lt;th&gt;LCP (&lt; 4s)&lt;/th&gt;
    &lt;th&gt;CLS (&lt; .25)&lt;/th&gt;
&lt;/tr&gt;
&lt;tr&gt;
    &lt;th&gt;Result&lt;/th&gt;
    &lt;td&gt;383 (12.7%)&lt;/td&gt;
    &lt;td&gt;728 (24.3%)&lt;/td&gt;
    &lt;td&gt;470 (15.7%)&lt;/td&gt;
    &lt;td&gt;625 (20.8%)&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;

&lt;p&gt;An additional 15.7% beat the 4s cut-off for LCP. That still means that 3/4 of Australian Magento
stores take longer than 4s to visually load on a mobile device. Visualised, the numbers are not pretty.&lt;/p&gt;
&lt;p&gt;&lt;img src="/static/images/blog/magento-web-vitals.svg" style="width: 100%"/&gt;&lt;/p&gt;
&lt;p&gt;Australian Magento sites are likely missing potential sales. Recent performance studies show:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;The probability of a customer bouncing increases 90% if the page load time increases from 1s to 5s. &lt;em&gt;(source Google)&lt;/em&gt;&lt;/li&gt;
&lt;li&gt;A 100 millisecond delay in load time can hurt conversion rates by 7%. &lt;em&gt;(source Akamai)&lt;/em&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;The experience of our own &lt;a href="/case-studies/ecsso/"&gt;Magento 1 clients&lt;/a&gt; and &lt;a href="/case-studies/savvysupporter/"&gt;Magento 2 clients&lt;/a&gt;
backs this up: improving website speed affects conversions and revenue.&lt;/p&gt;
&lt;h2&gt;Sites that pass all criteria&lt;/h2&gt;
&lt;p&gt;Of our 2998 websites, we only found &lt;strong&gt;163&lt;/strong&gt; that &lt;a href="/learning/performance/how-to-pass-core-web-vitals/"&gt;pass Core&lt;/a&gt; Web Vital &lt;em&gt;'good'&lt;/em&gt; criteria. That's only &lt;strong&gt;5.5%&lt;/strong&gt;.&lt;/p&gt;
&lt;p&gt;If we again relax to include &lt;em&gt;'needs improvement'&lt;/em&gt; that list grows to &lt;strong&gt;520&lt;/strong&gt;, or &lt;strong&gt;17.3%&lt;/strong&gt; of sites tested.&lt;/p&gt;
&lt;h2&gt;How you can test your site&lt;/h2&gt;
&lt;p&gt;Google provides online analytics that you can query via BigQuery. If you want to reproduce the report this analysis
is based on and compare your website to your competitors, you can use the Peakhour.IO &lt;a href="/pages/website-competitor-speed-test/"&gt;Website Speed Comparison report&lt;/a&gt;.
We automatically discover your competitors, run them through Web Vitals, and graph the results.&lt;/p&gt;
&lt;h2&gt;Conclusion&lt;/h2&gt;
&lt;p&gt;If nothing changes, quite a few Australian Magento stores could lose search visibility in May 2021. The majority of sites don't
use Magento 2's ability to &lt;a href="/dynamic-content-caching/"&gt;cache dynamic pages&lt;/a&gt;, and if they do, they're often not
&lt;a href="/image-optimisation/"&gt;serving optimal images&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;Core Web Vitals becomes a search signal next year. For Magento teams, it is time to get ready.&lt;/p&gt;</content><category term="Performance"></category><category term="Core Web Vitals"></category><category term="Magento"></category><category term="Web Performance"></category><category term="CDN"></category><category term="Drupal"></category></entry><entry><title>Instant Alerts</title><link href="https://www.peakhour.io/blog/instant-alerts/" rel="alternate"></link><published>2019-05-31T13:00:00+10:00</published><updated>2019-05-31T13:00:00+10:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2019-05-31:/blog/instant-alerts/</id><summary type="html">&lt;p&gt;Introducing Instant Alerts, a new feature for receiving emails or SMS alerts when events happen on your site.&lt;/p&gt;</summary><content type="html">&lt;p&gt;We've introduced Instant Alerts, an optional service that notifies you when there is a problem with your site. You can specify the email addresses and/or mobile numbers that should receive the alerts.&lt;/p&gt;
&lt;p&gt;At the moment you can receive alerts when your origin server:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Times out&lt;/li&gt;
&lt;li&gt;Cannot be reached at all&lt;/li&gt;
&lt;li&gt;Returns an error&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;To avoid repeated messages, each alert has a cooldown limit you can set from 30 minutes to 24 hours.&lt;/p&gt;
&lt;p&gt;If you're using a service like Pingdom to check that your site is up, you probably will want to enable Instant Alerts.
Services like Pingdom might be served pages from our cache while your origin server is actually down.&lt;/p&gt;</content><category term="Features"></category><category term="DDoS"></category><category term="Threat Detection"></category><category term="DNS"></category><category term="CDN"></category><category term="Web Performance"></category></entry><entry><title>Boost Your Website Speed with Full Page Caching</title><link href="https://www.peakhour.io/blog/magento-1-plugin/" rel="alternate"></link><published>2019-05-10T13:00:00+10:00</published><updated>2023-11-02T13:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2019-05-10:/blog/magento-1-plugin/</id><summary type="html">&lt;p&gt;Our Magento 1 plugin is now available in the Magento Store. Discover how it improves website performance and capability.&lt;/p&gt;</summary><content type="html">&lt;p&gt;&lt;a href="/blog/opencart/opencart-3-caching-plugin/"&gt;Full page&lt;/a&gt; caching is not a cosmetic optimisation. Users expect quick load times, and search engines reward fast websites with higher rankings. Full page caching supports both by storing fully rendered HTML pages, so the server does not have to rebuild the page from scratch for each visitor.&lt;/p&gt;
&lt;h2&gt;How Full Page Caching Enhances Performance and Capability&lt;/h2&gt;
&lt;p&gt;By caching full HTML pages, you create a snapshot of a page at a particular moment. When a user requests that page, the server can deliver the snapshot instead of generating the page again. This saves compute and database resources, allowing your server to handle more users simultaneously. The result is straightforward: faster load times for users and less strain on the server.&lt;/p&gt;
&lt;h3&gt;Real-World Impact&lt;/h3&gt;
&lt;p&gt;Our early adopters have reported clear improvements in &lt;a href="/blog/wordpress-plugin/"&gt;website speed&lt;/a&gt; and server performance. One client saw a 40% reduction in server load and a 20% increase in page load speed. Those results point to a better user experience and potentially higher conversion rates.&lt;/p&gt;
&lt;h2&gt;Challenges with Magento 1 and How We Solved Them&lt;/h2&gt;
&lt;p&gt;Magento 1 presents specific challenges for full &lt;a href="/blog/opencart-3-plugin/"&gt;page caching&lt;/a&gt;, and our plugin handles them directly.&lt;/p&gt;
&lt;h3&gt;Mini Cart Issue&lt;/h3&gt;
&lt;p&gt;The mini cart needs to show real-time data, which makes it a barrier to full page caching. Our plugin uses targeted AJAX calls to fetch this data only when required, reducing unnecessary load on the server.&lt;/p&gt;
&lt;h3&gt;Form Key Problem&lt;/h3&gt;
&lt;p&gt;Magento 1 uses form keys to prevent CSRF attacks, but those keys make caching difficult. Our plugin replaces form keys with a strict referrer check, which is secure and cache-friendly.&lt;/p&gt;
&lt;h3&gt;Additional Features&lt;/h3&gt;
&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Automatic Expires Headers&lt;/strong&gt;: You do not need to manually set expiration times for your cache; our plugin does it for you.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Cache Tagging&lt;/strong&gt;: This allows for precise cache management. When you update a product, only the relevant cached pages are flushed, keeping the process efficient.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;The plugin is available for download, with the aim of improving performance and increasing server capability on Magento 1 stores.&lt;/p&gt;</content><category term="CMS"></category><category term="Caching"></category><category term="Web Performance"></category><category term="Drupal"></category><category term="WordPress"></category><category term="CDN"></category><category term="Core Web Vitals"></category></entry><entry><title>Boost Your Website Speed with Peakhour's Full Page Caching</title><link href="https://www.peakhour.io/blog/wordpress-plugin/" rel="alternate"></link><published>2019-04-02T13:00:00+11:00</published><updated>2019-04-02T13:00:00+11:00</updated><author><name>Dan</name></author><id>tag:www.peakhour.io,2019-04-02:/blog/wordpress-plugin/</id><summary type="html">&lt;p&gt;Experience a significant boost in website speed and performance with Peakhour's Full Page Caching feature, now easily accessible through our Wordpress plugin.&lt;/p&gt;</summary><content type="html">&lt;h2&gt;Why Full Page Caching Matters&lt;/h2&gt;
&lt;p&gt;Site speed affects user experience, conversion, and server load. Slow pages can increase bounce rates and cost revenue. &lt;a href="/blog/opencart/opencart-3-caching-plugin/"&gt;Full Page&lt;/a&gt; Caching improves response times by storing and serving static versions of dynamic pages. This reduces load on your server and gives visitors quicker page loads.&lt;/p&gt;
&lt;h2&gt;How Peakhour Optimises Your Site&lt;/h2&gt;
&lt;p&gt;Peakhour helps speed up and secure your website with a DNS change. Unlike basic caching solutions, Peakhour serves these static pages from its global ANYCast network. Your site's visitors download content from a server close to them, reducing latency and speeding up downloads.&lt;/p&gt;
&lt;h2&gt;Peakhour's Transparent Caching and Delivery&lt;/h2&gt;
&lt;p&gt;In addition to Full Page Caching, Peakhour can act as a transparent delivery and cache layer. It caches and optimises static assets like CSS, JavaScript, and images. You don't need to make any other changes to your site; a DNS change is all it takes.&lt;/p&gt;
&lt;h2&gt;Wordpress Plugin for Easy Integration&lt;/h2&gt;
&lt;p&gt;During our beta phase, many clients used early versions of our WordPress plugin. The plugin integrates with Peakhour's API to automate content flushing when you make edits in the WordPress admin panel. This simplifies publishing and allows you to set longer lifetimes for your dynamic content in our global cache.&lt;/p&gt;
&lt;h2&gt;Improved Performance Metrics&lt;/h2&gt;
&lt;p&gt;With Peakhour, sites can see faster download times, a higher cache hit rate, and reduced load on the origin server. Site owners get lower origin demand; visitors get faster pages.&lt;/p&gt;</content><category term="CMS"></category><category term="Caching"></category><category term="Web Performance"></category><category term="WordPress"></category><category term="Drupal"></category><category term="CDN"></category><category term="Rate Limiting"></category></entry></feed>