Interface and user experience)
- ● Know the implementation of web standards in various browsers to ensure that your site can run normally in the main browser. You must test at least the following engines: gecko (for Firefox), WebKit (for Safari, chrome, and some mobile browsers), and IE (you can use Microsoft's application compatibility VPC images for testing) and opera. At the same time, different operating systems may also affect how browsers present your website.
- ● In addition to browsers, websites also have other usage methods: mobile phones, screen readers, and search engines. You should know the running status of your website under these circumstances. Mobiforge provides some knowledge about mobile website development.
- ● Know how to upgrade the website without affecting user usage. Generally, you must have a version control system (CVS, subversion, git, and so on) and a data backup mechanism (Backup ).
- ● Do not let users see unfriendly error prompts.
- ● Do not directly display users' email addresses, or at least do not display them in plain text.
- ● Set reasonable limits for your website. Once the threshold value is exceeded, the service will automatically stop. (This is also related to website security .)
- ● Know how to implement progressive enhancement of web pages (progressive enhancement ).
- ● After a POST request is sent, the user always redirects it to another webpage.
- ● Do not forget the accessibility of the website (accessibility, that is, how the disabled use the website ). For us websites, this is sometimes a legal requirement. WAI-ARIA has some good references in this regard.
Security)
- ● Read the OWASP Development Guide, which provides comprehensive website security guidance.
- ● Understand SQL injection and its prevention methods.
- ● Never trust the data submitted by the user (cookies are also submitted by the user end !).
- ● Do not store the user's password in plain text. Do not store the password after hash processing.
- ● Do not be too confident about your user authentication system. It may be easily cracked, and you are not aware of the vulnerability in advance.
- ● Learn how to handle credit cards.
- ● Use SSL/HTTPS on the logon page and other pages that process sensitive information.
- ● Know how to deal with session hijacking ).
- ● Avoid cross site scripting (XSS ).
- ● Avoid cross-origin Request Forgery (xsrf ).
- ● Patch your system to keep up with the latest version.
- ● Confirm the security of your database connection information.
- ● Tracking the latest development of attack technology and the latest security vulnerabilities on your platform.
- ● Read Google's browser security handbook ).
- ● Read the web application hackers handbook ).
Performance)
- ● Cache is used whenever possible ). Correctly understand and use HTTP caching and HTML5 for offline storage.
- ● Optimized images. Do not use a 20kb image file as a recurring webpage background pattern.
- ● Learn how to use gzip/deflate to compress the content (deflate is preferred ).
- ● Combine multiple style sheet files or script files into one file, which can reduce the number of HTTP requests of the browser and the total volume of files compressed by gzip.
- ● Browse Yahoo's predictional performance website, which provides a large number of excellent suggestions to improve front-end performance, as well as their yslow tools. Google's page speed is another tool used to analyze Web page performance. Both require the installation of firebug.
- ● If your webpage uses a large number of small images (such as toolbar), you should use CSS image sprite to reduce the number of HTTP requests.
- ● For a large-traffic website, you should consider spreading webpage objects across multiple domain names (split components into SS domains ).
- ● Static content (such as slice, CSS, JavaScript, and other webpage content unrelated to cookies) should be placed on an independent domain name that does not require cookies. If there is a cookie under the domain name, the client will attach the cookie content to each HTTP request sent to the domain name. A good method here is to use content delivery network (CDN ).
- ● Minimize the number of HTTP requests required by the browser to complete web page rendering.
- ● Google's closure compiler can be used to compress JavaScript files, and Yui compressor can also be used.
- ● Make sure that the favicon. ICO file is in the root directory of the website, because even if the file is not included in the webpage, the browser automatically sends a request to it. If this file does not exist, a large number of 404 errors will occur, consuming the bandwidth of your server.
Search engine optimization (SEO)
- ● Use the URL format of "Friendly search engine", such as example.com/pages/45-article-title, but not example.com/index.php? Page = 45.
- ● Do not use hyperlinks such as "Click here", because it wastes a Seo opportunity and reduces the use of screen reader.
- ● Create an XML sitemap file. The default location is/sitemap. XML (put in the root directory of the website ).
- ● When multiple URLs point to the same content, use <LINK rel = "canonical".../> In the webpage code.
- ● Use Google's webmaster tools and Yahoo's site explorer.
- ● Google Analytics (or open-source access volume analysis tool piwik) was used from the very beginning ).
- ● Role of Zhidao robots.txt and how search engine spider works.
- ● Direct the access requests from www.example.com to example.com (with 301 moved permanently redirection) or use the opposite method to prevent Google from using them as two websites and calculating rankings separately.
- ● The website spider knows that there is a malicious or improper behavior.
- ● If your website has non-text content (such as video and audio), you should refer to Google's sitemap extension protocol.
Technology)
- ● Understand the HTTP protocol and concepts such as get, post, sessions, and cookies, including what stateless means.
- ● Ensure that your XHTML/html and CSS comply with W3C standards so that they can pass the verification. This allows your web page to avoid triggering the quirk of the browser and make it work properly on the screen reader and mobile phone.
- ● Understand how the browser handles JavaScript scripts.
- ● Understand how JavaScript files, style sheet files, and other resources on the webpage are loaded and run, and how they affect the page performance. In some cases, the script file may be placed at the end of the web page.
- ● Understand how JavaScript sandbox works, especially if you plan to use IFRAME.
- ● Know that JavaScript may not be used or disabled, and Ajax may not always run. Remember, "Do Not Allow script running" (NoScript) is becoming popular for some users. Mobile browsers have different support for scripts, but Google does not run most of the script files when indexing webpages.
- ● Understand the differences between 301 redirection and 302 redirection (this is also a Seo issue ).
- ● Learn as much as possible about your deployment platform ).
- ● Consider using the style sheet reset (reset style sheet ).
- ● Considering using JavaScript frameworks (such as jquery, mootools, and prototype), you do not need to consider the differences between browsers.
Fix bugs
- ● Understand that 20% of the programmer's time is used for coding, and 80% of the time is used for maintenance.
- ● Establish an effective error reporting mechanism.
- ● Establish some channels or systems so that users can contact you and give you suggestions and criticism.
- ● Write documents for future maintenance and customer service personnel to explain how the system runs.
- ● Regular backup! (And make sure these backups are valid .) In addition to the backup mechanism, you must also have a recovery mechanism.
- ● Use a version control system to store your files, such as subversion or git.
- ● Do not forget to perform unit testing. frameworks such as selenium will be useful to you.