DEV Community

loading...

Discussion on: How do you decide between security and speed?

Collapse
fleshmecha profile image
Author

An HTTP request is ~600 ms in my experience. I would need at least two more requests to remove inline JS and CSS, which would add ~1.2s of load time. Youthful people care about speed, which is my target audience. I suppose that's my answer, thanks.

Collapse
jankapunkt profile image
Jan Küster

Have you measured this or is this an estimation? Which bandwidth did you use? Young people usually also care about a provider with good bandwidth. I would always favour security before performance. If you can prevent xss with.other mechanisms then it's fine. By the way this a typical use case for a beta test with a-b setup to see if CSP will really have an impact on user experience.