How to Improve Performance with Client-Side JavaScript Tag Optimizations

Browser fingerprints used in the context of bot detection.
Information about the end-user device, browser, and OS such as the device memory, number of CPU cores, and GPU information.
Specially crafted JavaScript challenges that aim to detect side effects of automated browsers, headless browsers, and anti-detection frameworks.
While the JS tag already had a negligible impact on our customers' websites, we are always pushing for better solutions.
With a focus on improving performance, we worked hard the last few months to further optimize the JS tag.
How your site performs is key for your customers, who on average will only give a website three seconds to load before clicking away.
Website load time has an impact on conversion rate and bounce rate, as demonstrated in several analyses and audits.
While there are many ways to monitor the web performance of a site, Core Web Vitals are one of the most followed metrics in the market for testing the speed of a website, as well as a key part of SEO. And at DataDome, we maintain a focus on reducing our ecological footprint.
We went through four main processes to optimize our tag.
While simple, this step is mandatory for any performance optimization project.
Some parts of our JavaScript were duplicated across our code base.
By performing JavaScript code profiling, we have been able to find which parts of our code were using the most CPU resources.
We refactored these parts-when possible-to reduce precious CPU usage.
In the past, we used to obfuscate everything inside our JS tag.
Offloaded the Computation of Some Signals Outside the Browser Main Thread. Some of our signals are more intensive to compute.
These signals used to be computed inside the browser JavaScript main thread. Using the main thread for this was adding a few milliseconds to the page render speed, particularly on slow devices.
We moved these signals to a dedicated service worker, using another thread to compute them to avoid blocking the browser main thread. Using this optimization process, between June and November 2023 we achieved: Conclusion.
The engineering team has worked for a long time to achieve this amazing performance improvement.
We ran hundreds of tests to find the best performance possible-without compromising security.
We still have some improvements in our pipe to continue to have the fastest JS tag in the market and improve our detection.


This Cyber News was published on securityboulevard.com. Publication date: Wed, 06 Dec 2023 01:43:05 +0000


Cyber News related to How to Improve Performance with Client-Side JavaScript Tag Optimizations

CVE-2023-3440 - Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 ...
11 months ago
How to Improve Performance with Client-Side JavaScript Tag Optimizations - Browser fingerprints used in the context of bot detection. Information about the end-user device, browser, and OS such as the device memory, number of CPU cores, and GPU information. Specially crafted JavaScript challenges that aim to detect side ...
10 months ago Securityboulevard.com
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack - The recent discovery of a website supply chain attack using the cdn. Polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become ...
3 months ago Imperva.com
Latest Adblock update causes massive YouTube performance hit - Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. Adblock and Adblock Plus are two ad blockers created by the same developer for ...
8 months ago Bleepingcomputer.com
CloudFlare Network Performance Update: A CIO Edition - Nowadays, more organizations than ever are relying on CloudFlare's global infrastructure to ensure the best performance for their websites and services. This is no different for companies that have a Chief Information Officer (CIO). With the dramatic ...
1 year ago Blog.cloudflare.com
Microsoft tests Windows 11 encrypted DNS server auto-discovery - Microsoft is testing support for the Discovery of Network-designated Resolvers internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks. Without DNR support, users must manually enter the info ...
10 months ago Bleepingcomputer.com
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
1 week ago Aws.amazon.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
CVE-2024-5535 - Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an ...
3 months ago
Content Delivery Network FAQs - Content Delivery Networks have become increasingly popular among businesses of all sizes in recent years. They offer a host of benefits to businesses, which can help to aid the smooth running of operations and boost reputation, efficiency, ...
1 year ago Hackread.com
Marketing Strategies for PaaS Services: Get Ahead of the Curve - With the ever-growing demand for cloud-based performance and services, Platform-as-a-Service (PaaS) is becoming increasingly critical for modern software development. PaaS is a cloud-based platform, providing businesses with an integrated suite of ...
1 year ago Hackread.com
Intel knew AVX chips were insecure and did nothing - Intel has been sued by a handful of PC buyers who claim the x86 goliath failed to act when informed five years ago about faulty chip instructions that allowed the recent Downfall vulnerability, and during that period sold billions of insecure chips. ...
10 months ago Theregister.com
How machine learning helps us hunt threats | Securelist - In this post, we will share our experience hunting for new threats by processing Kaspersky Security Network (KSN) global threat data with ML tools to identify subtle new Indicators of Compromise (IoCs). The model can process and learn from millions ...
1 week ago Securelist.com
CVE-2022-33684 - The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a ...
1 year ago
Cloudbrink Presents Firewall-As-Service for the Hybrid Workplace - PRESS RELEASE. SUNNYVALE, CA - DECEMBER 5, 2023 - Cloudbrink has added firewall-as-a-service to its zero-trust access solution, the first vendor to provide granular security controls all the way to the user edge for the comprehensive protection of ...
10 months ago Darkreading.com
PRODUCT REVIEW: ENEA QOSMOS THREAT DETECTION SDK - The Qosmos Threat Detection Software Development Kit is Enea's innovative solution to the demand for more robust, adaptable, and high-performance network threat detection platforms. ADVANCED THREAT DETECTION WITH SUPERIOR TRAFFIC VISIBILITY. ...
9 months ago Cybersecurity-insiders.com
CVE-2024-39301 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2020-15656 - JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects ...
1 year ago
Navigating Retail Disruption: Maximize Customer Centricity and Business Performance with Observability - Cisco Full-Stack Observability solutions help optimize and secure the applications that underpinonline and in-store experiences from the customer to the warehouse to economies of scale. Retailers can become more customer centric by taking action that ...
10 months ago Feedpress.me
Correct bad network behavior to bolster application experience - Legacy hardware-based applications existed happily in isolation, untethered from a network. Today, even the software running from personal hard drives relies on other applications across the network to perform. Many modern apps run off a remote ...
9 months ago Helpnetsecurity.com
Master the Art of Data Security - As we step further into the digital age, the importance of data security becomes increasingly apparent. As with all data storage services, it's crucial to ensure that the data stored on Amazon S3 is secure, particularly when it's 'at rest'-that is, ...
10 months ago Feeds.dzone.com
Are HTTP CSP Headers Sufficient to Secure Your Client Side? - One of the critical tools in the arsenal of web developers to fortify web application security is the HTTP Content-Security-Policy Headers. Designed to fortify the security of web applications, they allow developers to restrict which resources can ...
9 months ago Imperva.com
Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets - Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In this article, we'll describe some of the tactics used by ...
9 months ago Unit42.paloaltonetworks.com
Q&A: How One Company Gauges Its Employees' Cybersecurity 'Fluency' - Professional services firm TAG.Global now requires that all of its employees complete a cybersecurity fluency assessment test as a way to raise awareness on threats and to reinforce responsibility for information security among its users. Talhouni ...
8 months ago Darkreading.com
CVE-2022-36100 - XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)