@Dieulot Might I suggest changing
src="//instant.page/1.1.0"
into
src="https://..."
There's no reason not to use HTTPS explicitly when it's available, and not doing so is an anti-pattern. See https://www.paulirish.com/2010/the-protocol-relative-url/ ….
-
-
Thanks, I didn’t think of DNS spoofing. I’m keeping it protocol-relative though, for the speed hit and because SRI protecting 99% of the time makes it much less of a target (and because it looks better). Also I just enabled DNSSEC.
-
Did you measure the speed hit?
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.