This guide contains 50+ web best practices that will make your site rank higher in search results, load faster in browsers and be more secure against attacks. The advice here is based on recommendations from web experts such as Google, Mozilla, W3C, OWASP and Yahoo. For each best practice, we explain why it's important, how to follow it and provide you with authoritative links to refer to for further reading. Select from the SEO, web speed or web security section below to get started or keep scrolling for a list of all the best practices.
The web best practices guides
SEO Best Practices
Boost your search rank and click-through rates by fine-tuning the on-page SEO of your site.
Page Speed Best Practices
Accelerate your site by learning how to shrink page sizes and optimise resource delivery.
Every page on your site should be given a concise, informative and unique title to improve your search rank and search result click rates.
Headings should be added to pages to give their content a hierarchical structure. This helps give search engines and users a better understanding of what each page contains.
Every page on your site should be given an informative, concise and unique description.
Duplicate page content should be avoided as you will get less control over how your search results are displayed and how backlinks are consolidated.
Pages should contain substantial, unique and high-quality content that works well on mobile devices and has accessibility in mind.
Each page should have a well-written URL that is short, accurate and friendly for humans to read.
Your site should be free of broken links and configured to signal broken links to crawlers using a 404 response status code.
Every subdomain on your site should have a robots.txt file that links to a sitemap and describes any crawler restrictions.
A key factor in making pages faster is to reduce the size of each page and their resources using compression and minification.
Caching should be used to decrease server load and reduce the amount of data browsers need to download while browsing your site.
CSS delivery should be optimised by avoiding inline CSS and avoiding the use of
HTTPS prevents attackers from reading and modifying data sent between your site and browsers. HTTPS should be considered a minimum security requirement for all websites.
HTTP Strict Transport Security (HSTS) is a response header that improves security by instructing browsers to always use HTTPS instead of HTTP when visiting your site.
A content sniffing attack typically involve tricking a browser into executing a script that is disguised as another file type. These attacks can be protected against with correctly configured response headers.