Dustin Boston

Tag: Cookies

  • Summary of the HTTP Archive 2025 Web Almanac

    The HTTP Archive’s 2025 Web Almanac is important but huge at 15 chapters. I’ve summed up each chapter so you can get gist without having to spend hours reading through it. Ready for this?

    Fonts

    • Web fonts are nearly universal
    • Self hosting continues to rise, Google fonts still dominates
    • Icon fonts are still around
    • Woff2 is the defacto standard
    • Preconnect and preload are now mainstream,
    • font-display: swap is the new normal
    • System fonts are rising for performance
    • Variable fonts are growing but not dominant

    Web Assembly

    • Web Assembly has evolved into a universal runtime
    • Adoption is growing steadily, especially among top-tier sites
    • Modules vary widely in size and usage
    • .NET and system level libraries dominate
    • Advanced WASM features are exploding in usage

    Third Parties

    • Third parties are nearly universal
    • Request volume is rising
    • Scripts, images, and other types dominate
    • Google services dominate the ecosystem
    • Low ranked sites load more third-party requests
    • TCF is the most widely used consent framework
    • Third-parties recursively load more third-parties

    Generative AI

    • Has become a core part of the modern web
    • Cloud has higher quality models than local but at the cost of privacy
    • Local AI technologies like WebGPU, WebNN, etc. are maturing
    • Browsers are starting to ship AI APIs
    • Robots.txt is universal, llms.txt is new and barely adopted
    • There has been an increase in AI-favored words
    • Vibe coding platforms are accelerating site creation
    • The .ai domain exploded
    • Agentic browsers are the next frontier

    SEO

    • AI systems are beginning to rely on SEO practices
    • Visibility means being understood by AI, not just crawled
    • Crawlability and indexability are getting more complex
    • Titles and headings are consistent, meta description rebounding
    • JSON-LD is leading structured data adoption, AMP below 1%

    Accessibility

    • Progress is slow, lighthouse scores are up slightly
    • Laws like EAA and ADA drive change
    • Core failures like contrast, focus indicators, and ARIA misuse remain
    • Gov and edu domains lead in accessibility

    Performance

    • Loading performance (LCP & FCP) improved modestly
    • Modern formats like WebP and AVIF are growing, but JPG still leads
    • Resource prioritization with fetchpriority is rising
    • Interactivity (INP & TBT) is strongest on desktop, mobile improved
    • Home pages outperform secondary pages
    • Visual stability (CLS) improved, unsized images are the worst offender

    Privacy

    • 75% of websites include at least one third-party tracker
    • Google Analytics and Facebook Pixel dominate the tracking ecosystem
    • Cookies remain core to tracking
    • Stateless tracking and fingerprinting remain and are hard to block
    • Trackers are adapting to browser protections
    • Regulatory compliance is patchy
    • Do Not Track is still detected even though it’s obsolete

    Security

    • DDoS attacks reached an unprecedented scale
    • Supply-chain compromises grew dramatically
    • There was a major React vulnerability
    • Transport security is nearly universal
    • Let’s Encrypt still leads with Google Trust Services gaining
    • Security headers adoption is rising
    • Isolation via (COOP, CORP, COEP) is improving

    PWAs

    • PWAs have matured after a decade
    • All main browsers support installation
    • Service worker adoption has exploded
    • Manifest usage is stable but only 10% of sites have one
    • PWA technology usage has doubled since 2022
    • Notifications are mostly ignored

    CMSs

    • 54% of websites use a CMS
    • WordPress still leads, powering 64% of CMSs
    • Shopify, Wix, and Squarespace grew modestly
    • Performance is defined more by implementation than platform
    • Page builders like are widespread but add complexity
    • Wix leads with core web vitals
    • Average page weight is over 2 MB on desktop and mobile
    • Structured data, semantic markup and clarity matter most to LLMs

    Ecommerce

    • Four models, SaaS, PaaS, Self-Hosted, API-first
    • Subdirectory stores may be missed (make the store your home page)
    • Ecommerce is 20% of the web
    • WooCommerce dominates, Shopify is second and growing
    • Performance is a major differentiator
    • PayPal’s share dropped, Stripe and Google Pay gained

    Page Weight

    • Page weight still matters
    • Low end devices choke on large JS
    • Metered data makes heavy pages literally unaffordable
    • The web keeps getting heavier, from 845kb in 2015, to 2,362Kb in 2025
    • Images and video dominate bytes
    • JavaScript sizes are massive
    • Request volume is rising
    • Adoption of compression, minification, caching is mixed
    • Page weight strongly correlates with core web vitals

    CDNs

    • CDNs now drive modern web protocols, especially HTTP/3
    • Adoption of CDNs keeps rising with Cloudflare and Google dominating
    • Performance wins are huge
    • Brotli compression is now widespread
    • CDNs enforce strong security

    Cookies

    • 60% of cookies are from third parties
    • Most cookies come from ads and analytics networks
    • Security attributes (HttpOnly, Secure) are underused
    • Cloudflare leads in partitioning of cookies
    • Median cookie age is one year