DEV Community


Discussion on: How do you decide between security and speed?

fleshmecha profile image

An HTTP request is ~600 ms in my experience. I would need at least two more requests to remove inline JS and CSS, which would add ~1.2s of load time. Youthful people care about speed, which is my target audience. I suppose that's my answer, thanks.

jankapunkt profile image
Jan Küster

Have you measured this or is this an estimation? Which bandwidth did you use? Young people usually also care about a provider with good bandwidth. I would always favour security before performance. If you can prevent xss with.other mechanisms then it's fine. By the way this a typical use case for a beta test with a-b setup to see if CSP will really have an impact on user experience.