Illuminating Google Lighthouse - Best Practices
Experts agree that on average, visitors decide in 10 seconds or less (much less!) if they are going to spend time on your site or not.
In the first article in this series we introduced Lighthouse from Google and showed users what is does and why it is important to your business success. In case you missed it, you can find that article here Article 1: Lighthouse Overview. Our second article discussed the Lighthouse Performance suite of tests and ways to optimize your performance. Article 2: Performance
Best Practices Improvements
Like the performance tests, Lighthouse will return a score between 1 – 100 for best practices. Google Best Practice are general recommendations used to improve both security and performance for your website.
The nice thing about the Best Practices score is all of the recommendations describe the issue clearly and once remedied, your score will immediately improve. This is not the case with some of the other categories, particularly performance, where often the audit complaint often has nothing to do with the actual fix.
The latest version of Google Lighthouse (version 3) provides feedback on over 25 specific processes. Some require more extensive efforts and investments like buying new hardware or upgrading your server OS. We will focus on the top 4 with the highest return that you should implement right away!
1. Disable older SSL Transport Protocols SSL and TLS are cryptographic protocols generally referred to as “SSL.” They provide authentication and data encryption between different endpoints such as a web server and an end users web browser. Older SSL protocols (SSL 3, SSL 2, TLS 1.0, 1.1, and TLS 1.2) exposed many vulnerabilities. Consequently, numerous damaging viruses emerged in the early 2000’s like Poodle and Beast.
Make sure you work with your IT team to perform a security audit of your servers and harden them against all known vulnerabilities and disable those older protocols. While Google Lighthouse does not typically flag these issues they most certainly need to be addressed as part of general security best practices.
2. HTTP/2?... Yes Please!HTTP/2 was a major revision to the HTTP network protocol which improved website applications, allowing them to be faster, simpler, and easier to maintain.
HTTP/1.1 required workarounds to address concerns within the transport layer itself. These all go away with HTTP/2. Taking advantage of HTTP/2 is straight forward but may require a hardware or software upgrade. If your organization is on the Microsoft technology stack, you will need to upgrade to Windows Server 2016 or greater with IIS 10 or greater. Forewarning, this may not be enough if you have hardware device load balancing, such as an F5 Big IP. You may also need to upgrade your hardware appliances that serve up HTTP traffic to utilize the newer HTTP/2 protocol.
In addition to IIS 10, Kestrel web server, typically used in .NET Core, also utilizes the newer HTTP/2 protocol on all platforms save the macOS which is scheduled for a future release. Apache and Nginx can also be configured for HTTP/2 if your organization relies more on open source and Linux based technologies.
In addition to making sure all your local pages and resources are served using the HTTP/2 protocol, Google also recommends making sure all third-party resources also use the same protocol. This may need to contact the vendors of your third-party scripts and verify that they are on the newer protocols or switch vendors to those that already support it.
3. Always use HTTPS instead of HTTP Soon, all things web will have to run over the HTTPS protocol and HTTP will no longer be allowed on any browsers or internet devices. It is surprising that HTTP is allowed at all today since significant amounts of personal data are transmitted across the internet every second and security risks are very real.
HTTPS protocol ensures that all data is encrypted and is the bare minimum, first line of defense against hackers stealing people’s personal information. HTTPS prevents intruders from tampering with or passively listening in on the communications between your site and your users.
Historically, many organizations were reluctant to adopt HTTPS due to the cost of purchasing expensive certificates from third-party organizations such as Verisign. In the early days, SSL certificates were very expensive and consequently not widely used. Today that has all, thankfully, changed! Organizations such as Let’s Encrypt provide safe reliable and 100% completely free SSL Certificates. https://letsencrypt.org/
You should follow Google Lighthouse recommended best practices and ensure your web server is only allowing HTTPS traffic externally. In addition to your website being SSL, you should also ensure all your links to third-party resources are running over HTTPS. Most browsers will give you a warning that you are serving up “mixed content” if everything is not running across SSL.
Some browsers even take it a step further and block insecure resource requests by default. If your page depends on these unsecured resources, then your page might not work properly when they are blocked.
Make sure all your third-party vendors to provide an SSL version of whatever resource you are linking to.
4. Avoid older CSS and HTMLSpecifically, Google Lighthouse will recommend avoiding older CSS for Flexbox as “display:box” has been depreciated and should be replaced with “display:flex”. We recommend taking it a step further and embracing CSS 3 and HTML 5 in order to take advantage of native mobile responsive design without the need for more bloated frameworks.
While this is more geared toward improving the Google Lighthouse Performance score, we also consider it best practice to avoid the older CSS and HTML tags since they are being depreciated and eventually will no longer be supported by modern-day browsers.
Our experts can work with you to optimize your performance even further to GUARANTEE that you are getting the most value from your precious investments in these critical digital assets. However, by adopting these tried and true best practices, you can be certain your Lighthouse and SEO scores will improve dramatically!
We want you to be successful and there is no “one and done” solution. The key to sustained, excellent SEO performance is continued vigilance to ensure you are up to date on the content changes to your site content and latest updates from Google. If you’d like to learn more, CyberLancers can perform a free performance check to help you understand how you are really performing. To learn more go here: Free Performance Check
And stay tuned for the next in our series of illuminating articles about Lighthouse as we talk about accessibility!