SEO, Speed & Security Best Practices
This guide contains 50+ web best practices that will make your site rank higher in search results, load faster in browsers and be more secure against attacks. The advice here is based on recommendations from web experts such as Google, Mozilla, W3C, OWASP and Yahoo. For each best practice, we explain why it’s important, how to follow it and provide you with authoritative links to refer to for further reading.
The web best practices guides
Get started by choosing from the the SEO, web speed or web security sections below or keep scrolling for a complete table of contents showing all the web best practices covered.
SEO Best Practices
Read the full SEO Best Practices guide or jump to the section or rule you’re interested in with one of the links below.
Page titles
Every page on your site should be given a concise, informative and unique title to improve your search rank and search result click rates. Read more ➜
Page headings
Headings should be added to pages to give their content a hierarchical structure. This helps give search engines and users a better understanding of what each page contains. Read more ➜
Page descriptions
Every page on your site should be given an informative, concise and unique description. Read more ➜
Duplicate content
Duplicate page content should be avoided as you will get less control over how your search results are displayed and how backlinks are consolidated. Read more ➜
Page content
Pages should contain substantial, unique and high-quality content that works well on mobile devices and has accessibility in mind. Read more ➜
URL names
Each page should have a well-written URL that is short, accurate and friendly for humans to read. Read more ➜
Code validation
HTML, CSS and JavaScript files should be valid to avoid issues that may impact search engines and visitors. Read more ➜
Links
Your site should be free of broken links and configured to signal broken links to crawlers using a 404 response status code. Read more ➜
Robots.txt
Every subdomain on your site should have a robots.txt file that links to a sitemap and describes any crawler restrictions. Read more ➜
Redirects
Redirects are used to signal the URL for a page has changed. These should be used carefully as redirects can influence page rank. Read more ➜
Page Speed Best Practices
Read the full Page Speed Best Practices guide or jump to the section or rule you’re interested in with one of the links below.
Page size
A key factor in making pages faster is to reduce the size of each page and their resources using compression and minification. Read more ➜
Caching
Caching should be used to decrease server load and reduce the amount of data browsers need to download while browsing your site. Read more ➜
CSS
CSS delivery should be optimised by avoiding inline CSS and avoiding the use of @import. Read more ➜
Javascript
Take care not to block page rendering when you need to include JavaScript in pages. Read more ➜
Redirects
Following redirects can significantly slow down network requests so you should avoid using page and resource URLs that trigger redirects. Read more ➜
Web Security Best Practices
Read the full Web Security Best Practices guide or jump to the section or rule you’re interested in with one of the links below.
HTTPS
HTTPS prevents attackers from reading and modifying data sent between your site and browsers. HTTPS should be considered a minimum security requirement for all websites. Read more ➜
HSTS
HTTP Strict Transport Security (HSTS) is a response header that improves security by instructing browsers to always use HTTPS instead of HTTP when visiting your site. Read more ➜
Content sniffing
A content sniffing attack typically involve tricking a browser into executing a script that is disguised as another file type. These attacks can be protected against with correctly configured response headers. Read more ➜
Response headers
Response headers should be configured to restrict iframe usage, prevent XSS exploits and to hide server configuration data. Read more ➜
