murny
commented
6 years ago Nice blog post on some more headers to investigate and remove: https://www.fastly.com/blog/headers-we-dont-want
Open murny opened 6 years ago
murny
commented
6 years ago Nice blog post on some more headers to investigate and remove: https://www.fastly.com/blog/headers-we-dont-want
We are not setting Cache-Control HTTP header on static assets, something like:
cache-control: public, s-maxage=31536000, maxage=31536000etc A long cache lifetime can speed up repeat visits to your page!More info here: https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching#cache-control
We should be serving with compression (gzip/deflate/etc) to reduce network bytes (this can be done via rails using
config.middleware.insert_after ActionDispatch::Static, Rack::Deflaterbut this should be done in apache etc, as rails doesn't server our static assets)More info here: https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/optimize-encoding-and-transfer
We give away to much information regarding our server, should reduce the amount of information we reveal here as this makes it significantly harder to identify underyling frameworks and what versions things are running on. Currently in ERA you see things like this:
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips Phusion_Passenger/5.2.3orX-Powered-By: Phusion Passenger 5.2.3