YSlow analyzes web pages and why they’re slow based on Yahoo!’s rules for high performance web sites

  • Grades web page based on one of three predefined ruleset or a user-defined ruleset;
  • It offers suggestions for improving the page’s performance;
  • Summarizes the page’s components;
  • Displays statistics about the page;
  • Provides tools for performance analysis, including Smush.it™ and JSLint.
  • Ref to : http://yslow.org/

    用意,是需要找出網站慢的原因,這來源可能來自於下面幾個項目,這是目前Yahoo定義,它們認為會影響網站效能的重點


    1. Minimize HTTP Requests
    2. Use a Content Delivery Network
    3. Avoid empty src or href
    4. Add an Expires or a Cache-Control Header
    5. Gzip Components
    6. Put StyleSheets at the Top
    7. Put Scripts at the Bottom
    8. Avoid CSS Expressions
    9. Make JavaScript and CSS External
    10. Reduce DNS Lookups
    11. Minify JavaScript and CSS
    12. Avoid Redirects
    13. Remove Duplicate Scripts
    14. Configure ETags
    15. Make AJAX Cacheable
    16. Use GET for AJAX Requests
    17. Reduce the Number of DOM Elements
    18. No 404s
    19. Reduce Cookie Size
    20. Use Cookie-Free Domains for Components
    21. Avoid Filters
    22. Do Not Scale Images in HTML
    23. Make favicon.ico Small and Cacheable

    每個量測項目,都會有一個綜合成績,最好的就是A,依此類推A~F

    透過外掛套件,可以直接從瀏覽器中,看到該頁面測試的結果,注意,是以頁面為單位,不是整個網站,所以通常,會優先處理最常被使用,或者是流量較大的網頁

    該套件支援了相當多的瀏覽器(IE呢~XD)

    以下,使用Chrome當範例

    1. 點選剛剛圖片上的Chrome按鈕,會馬上跳一個安裝視窗,直接點選安裝
    2. 如果有安裝成功,你的功能清單,會多一個套件按鈕

    3. 如果沒看到,可以試著到Extension裡面翻,可能未啟用成功

    4. 既然是強調用Yahoo的規則來制定的檢測工具,我們就用台灣Yahoo網站來測試是否套件運作正常。

      首先,點開會看到一個介紹頁面,中間有個選項,針對那些不想被內籤的網頁,可以勾選,至於為甚麼要防止自己網頁被內籤? 可以參考下面文章

      https://www.tinfoilsecurity.com/blog/protect-your-website-from-embedded-content-iframe-security

      You’ve been framed
      Your site could be at risk even if you don’t include third-party content. If you don’t protect against it, other sites could use you as an iframe. Since the parent site embedding the iframe gets to control the look and feel of the element, they could use a technique called clickjacking to steal your users’ information. Potentially, a malicious site could load your site as a full-page iframe and make it seem like they’re actually visiting your site, say your login page. In front of this iframe they will overlay an invisible form, with a text field in front of both your site’s username and password field. When an unsuspecting user tries to log in to your site, they’ll actually be filling out this malicious form and sending their login credentials to the malicious site.

    5. 確定了,就點下Run Test , 當你看到類似下面的成績,就代表你的套件運行正常,接著,就是針對分數不及A的部分,逐步清查,通常,可以透過Web.config設定,也可以全域性的直接在IIS上面設定,接著透過IIS設定檔備份的概念,同步到其他伺服器上,這比較是實務的方法 (當然,例外狀況還是須考慮只放在Web.config)

      備份/還原 IIS Setting : https://support.microsoft.com/en-us/kb/302573

    Leave a Reply

    Your email address will not be published. Required fields are marked *