Skip to main content


Recently a friend of mine spoke to me about an amazing web development tool from Yahoo called "YSLOW"

YSlow analyzes web pages and suggests ways to improve their performance based on a set of rules for high performance web pages.

The tool runs tests & gives an overall performance score for websites. It categorises different problems on a scale of A to F with F being by-far the most urgent problems that need fixing.

For example, a test run on the website gave an overall score of 68 & the most critical recommendations included making fewer HTTP requests, a CDN Network, Minify Javascripts, configure E-Tags etc.
 Some general rules to follow recommended by YSlow are listed below:
1.     Minimize HTTP Requests

2.     Use a Content Delivery Network
3.     Avoid empty src or href
4.     Add an Expires or a Cache-Control Header
5.     Gzip Components
6.     Put StyleSheets at the Top
7.     Put Scripts at the Bottom
8.     Avoid CSS Expressions
9.     Make JavaScript and CSS External
10.  Reduce DNS Lookups
11.  Minify JavaScript and CSS
12.  Avoid Redirects 
13.  Remove Duplicate Scripts
14.  Configure ETags
15.  Make AJAX Cacheable
16.  Use GET for AJAX Requests
17.  Reduce the Number of DOM Elements
18.  No 404s
19.  Reduce Cookie Size
20.  Use Cookie-Free Domains for Components
21.  Avoid Filters
22.  Do Not Scale Images in HTML
23.  Make favicon.ico Small and Cacheable


  1. I am using pagespeed insight, it's something similar but from Google. Sad, that it not analyze that i'am using, because it could be great boot for your site speed.


Post a comment

Popular posts from this blog

Internet Information Services(IIS) reveals its real or internal IP Address

In the ever changing world of global data communications, inexpensive Internet connections, and fast-paced software development, security is becoming more and more of an issue. Security is now a basic requirement because global computing is inherently insecure.

Keeping that in mind, we recently ran our flagship product through a security audit. It was such a helpful exercise in tying-off any remaining lose ends in our application in terms of application security. 
Based on the security audit report, there was a relatively minor issue that appeared when accessing the /images directory of our application. Turns out that the Location response header of the 301 request returns an Internal IP address. The issue is detailed below.

Issue reportedInternet Information Services (IIS) may reveal its real or internal IP address in the Location header via a request to the /images directory. The value returned whilst pen testing is

The riskInformation regarding internal IP add…

Unit Testing HttpContext.Current.Session in MVC3 .NET

We recently changed some functionality where during the "CREATE" process, we go through a wizard to save application data. This data is saved only to the session in the final step when the user clicks the final submit.

This was easy enough to implement but when I started writing unit tests for my static methods that Add, Update, Delete or Modify the contents of our application data in the session, I got the following error:
System.NullReferenceException: Object reference not set to an instance of an object.

Turns out I had forgotten to setup the HttpContext.
The following "TestInitialise" method fixed my problem :)

public void TestSetup()
// We need to setup the Current HTTP Context as follows:

// Step 1: Setup the HTTP Request
var httpRequest = new HttpRequest("", "http://localhost/", "");

// Step 2: Setup the HTTP Response
var httpResponce = new HttpResponse(new StringWriter());

// Step 3: Se…

IIS Request Filtering to block HTTP Verbs (For example Trace)

The issueRequest Filtering is a built-in security feature that was introduced in Internet Information Services (IIS) 7.0. This can be used to block specific verbs like "Trace".

When request filtering blocks an HTTP request, IIS 7 will return an HTTP 404 error to the client and log the HTTP status with a unique substatus that identifies the reason that the request was denied. Verb Denied.

HTTP SubstatusDescription404.5URL Sequence Denied404.6Verb Denied404.7File Extension Denied404.8Hidden Namespace404.1Request Header Too Long404.11URL Double Escaped404.12URL Has High Bit Chars404.13Content Length Too Large