network background popup

How To Secure Your Website and Increase its Performance

Jan 6th 2014

Do you want your website to be fast? Are you potentially losing sales due to a slow site load time? One of the best ways to increase your website’s performance is to take advantage of caching to accelerate the delivery of your site’s content.

Websites are of course made up of individual elements. Many websites contain more then 50 elements per page, which are downloaded by the browser and displayed for the visitor to see and are structured according to your website layout. Each element request increases the time it takes for that website to be loaded, and depending on how far away your visitors are from your webserver, the more network latency will effect the overall time involved.

Graphic 1

Not everyone has a fast internet connection, Look at the above screenshot taken from a common 3G cellular network. 112 Requests, 26.31 seconds to load the initial page.

Any steps you can take to decrease the overall site load time will benefit your visitor’s experience, and increase the profit potential of your business. Off-loading as many elements as possible onto a CDN or DDOS Protection service which employs caching will reduce the load on your server, and decrease the network latency involved in serving your visitors.

This brings us to a very important question. What elements should be cached, and what elements should not be cached? Some of the elements are referred to as “Static” , In other words content which does not change regularly. Other Elements may be “Dynamic” this content changes regularly or is different for each individual visitor.

For most websites, some content will be dynamic, however the vast majority should be static, and thus cacheable for at least a few minutes. Here is a breakdown of the types of files that are normally cacheable, and the types that are not. Ultimately which elements should be cached will depend on individual usage, but this is a general rule of thumb :

Static File Types : JPG, PNG, GIF, BMP, SWF ,CSS ,JS , ICO , TXT
Dynamic File Types : PHP, ASPX, ASP, HTML

Graphic 2

There are special cases where entire websites are Static, and cacheable. You want to consider some of the following scenarios :

Do you have a HTML based site which does not have any content which changes, or if it changes, you can afford to wait several minutes for the new content to show?

If so you can likely cache your entire website. There are great advantages to this scenario, because you can technically off-load 99% or your traffic from your server, to your CDN or DDOS mitigation provider, enabling your server to function as the master copy, without having to worry about capacity of your server or upstream connection.

Does your Website display the visitor’s name or other personal details when logged in on each page? Do you have a shopping cart tally or items visible on every page?

You will not want to cache the pages themselves in these scenarios, As this would likely result in confidential information being displayed to random visitors. Along with vulnerability testing, make sure your website is tested to ensure personal information is not being leaked via a mis-configured caching system.

Configuring your website to use caching is more involved then simply enabling the feature. Each type of element, or individual element can be configured with many parameters.

Although many content management systems (CMS) handle setting cache-control and/or expires headers automatically, you will want to be sure that your content is being cached optimally. We recommend that you look over various pages of your site using commonly available tools such as Firebug, or Chrome Developer Tools.

Graphic 3

Above you can see the response headers from the webserver indicating that a particular element , in this case a product image, is cachable for 8 Days. The 8 day caching setting is being set in this case by two different methods for compatibility reasons. The “Cache-Control: max-age” , and “Expires:” header directives equals the same value. By using this method to check the various elements you can ensure caching is applied to static content, but is not applied to dynamic content.

The following are examples of Header values that are appropriate for each type of content :

Dynamic Content

Cache-Control: private
Cache-Control: no-cache
Expires: Sat, 22 Dec 1979 05:30:00 GMT (Any date in the past)

Static Content :

Cache-Control: public
Cache-Control: max-age 3600
Expires: Wed, 05 Mar 2014 21:25:41 GMT (Any date in the future)

You can control the “Cache-Control” and “Expires” headers through your webserver’s configuration files, or even within the website code itself (for example using PHP).

Configuring your website optimally can be a challenge, but once you understand the benefits of caching it is something that you will always take into consideration. At DOSarrest we work with you to ensure our caching system is off-loading as much of your static content as possible, improving your sites performance. Ask how our DDoS Protection service can increase your website’s security and performance.

If you would like some general information on how caching works, Please take a look at the following Links.

Google’s excellent article on optimizing caching :
The original RFC specification on caching :

DDoS Article Categories