Sounds good. You guys are hosting my site. What should I do about these CDN suggestions? TIA.

We use a CDN but it reports we do not only because we cname the akamai url to a match.com url. This is a little misleading.

I would suggest allowing users to disable this rule. for a large percentage of sites a CDN won't be an option due to cost constraints, so this just adds noise to the results.

You can add your own CDN hostnames to YSlow as described in the FAQ. In a future release we'll have a way for these CDN preferences to be fed back into the main YSlow source code. Using Yahoo! web hosting doesn't make it a CDN. For smaller sites that can't afford a for-profit CDN service, you can try free services such as Globule, CoDeeN, and CoralCDN.

Are you guys getting a kickback from Akamai or what? You give Google's front page a 'C' purely on the basis of not using a CDN. How stupid is that? My own site which is a single 11KB HTML file also gets a 'B', purely based on not using a CDN. This rule is amazingly stupid.

FAQ does explain how to add your hostname to the CDN list, so let's move on and pay attention to all the other good suggestions this tool is producing :)

Wouldn't it make more sense to talk about http pipelining here?
What use is a CDN, when your hitting a single hostname?

Mileage varies on CDNs. My company tried a CDN (one of the ones mentioned in the article) for a while and we found no measurable performance difference, from multiple client networks, between serving our own static files and serving them from the CDN. And, we had multiple technical issues with the CDN, where certain customers would not be able to see our images, or something would get "stuck" in the CDN cache even though it had clearly expired and needed to be refreshed from our servers. The whole experience left a pretty bad taste and the bottom line was it didn't seem to increase performance at all.

On high-traffic sites, there's clearly a benefit to moving static files OFF of application web servers and onto servers that are optimized just for serving that static content.

And I do suspect that CDNs provide benefits for sites with truly global audiences-- latency on transcontinental internet connections can be kind of high. If this is your situation, make sure your CDN has adequate nodes in the countries where your audience lives.

Amazon's S3 is worth a mention here: It's distributed, pay-as-you-go, and very cheap. It costs me about $3/mo to host >130,000 PNG images (including traffic costs), and it's definitely helped response times.

We're using the Cachefly CDN (http://www.cachefly.com), which starts at $15 per month and we're very happy with it. Before getting our Cachefly 'Plus' plan ($99/month) we were paying $1000+ per month to one of the bigger CDN vendors. Performance is similar. If you want to customize a lot of settings I can recommend Akamai and Mirror Image.

I agree totally that there should be the option to disable this rule... Yslow is being used by myself and my development team at the moment, working on building a large ecommerce site, but when you are testing pages from a local server, or even a virtual machine, you are not going to be running a CDN. Firebug's primary use is during the development cycle of a project, and not many people would roll out their project across a CDN until it is finished. Having the rule in there, for us, makes for misleading results, as it is an automatic F for the pages we are coding.

Thanks for all the great feedback.

David Mcanulty: HTTP pipelining is discussed in the book. Unfortunately, the lack of support in IE and off-by-default in FF preclude it from being a viable factor.

David Eglin: That's an interesting problem. Development at Yahoo! is similar - for some components moving them to the CDN happens later in the process. But that's also a common problem: people forget to move components to the CDN. Since the page works fine, they overlook that last step of the push process. I would suggest leaving the rule on. It helps remind folks to complete the push to CDN.

I've been looking into the results of YSlow on a project I'm currently working on, in which is have seem to have some trouble getting the CDN hosts configured properly. The
site we're talking about is for sure using a CDN Network (Savvis), but for some reason YSlow seems to ignore the hostname I configured for that CDN.
I have been trying to enter the CDN hostname in various way, but still then YSlow keeps complaining about all of the files not being on a CDN network.
Could anyone tell me in what way YSlow tries to check if files are being retrieved from a CDN network or not? Or try to help me out on how to configure the CDN hostname properly?

A way to get around the push problem is to replace references to assets on the fly. This can be easily accomplished in Apache's httpd 2.0+ using the mod_ext_filter module and sed. Set up a regular expression to filter the web server output and replace references to assets to those that need to fetched from the CDN. Using this method there was a minimal impact on the server load on a dynamic site doing 40-60 hits/s spread across 3 nodes and the process was completely transparent to developers. Additionally, when we needed to take the CDN off the site. It took less than a minute to comment out the line enabling the filter in httpd.conf and restarting the servers. With a load balanced site you won't even have downtime.

One thing to note is that you still have to judge the results of YSlow intelligently based on the traffic characteristics of your own site. When in doubt of YSlow, use curl to verify some of the results.

I love YSlow and Steve's book, but I find it funny that akamai.com scores an F for the CDN rule.

Yes, we pre-load YSlow with just a few well known CDNs (Yahoo's, S3). I'll add akamai.com. A future feature will be a way for people to "nominate" their CDN so that it's automatically included in YSlow (as opposed to having to set it in your FF about:config preferences).

We decided to use Amazon S3 as our CDN, which I know is not a tru CDN, but at least helps with storage, bandwidth, and parallel downloading. The problem is that now my YSlow score is awful. Mainly because S3 cannot GZIP items.

At the moment we have all js, css, and images on S3. Is it recommended to only host certain files (images, media) and let the server handle the js and css?

I also wanted to know if I can just use alias domains to handle the parallel download issue for JS and CSS, but keep them on the same server.

Thanks.

You should host all your static content (including scripts and stylesheets) on your CDN. Ideally S3 would gzip your scripts and stylesheets. I expect they'll add that soon.

Until then, it is possible to set headers when you store an object (resource) on S3 (see http://docs.amazonwebservices.com/AmazonS3/2006-03-01/gsg/writing-an-object.html). This could be used to achieve your goal, but you'll have to do the work. You could, for example, push a gzipped and non-gzipped version of your file to S3 (eg, module1-gzip.js and module1.js). Make sure to add the Content-Encoding: gzip header per the documentation in the previous URL. Then, when generating your HTML page serve the appropriate SCRIPT SRC value based on the Accept-Encoding request header.

I would like to second the comments several others made in reference to optioning this feature in YSlow evaluations, which otherwise I find to be interesting and often very informative and useful in performance tuning. The option to deploy your site via a CDN is not pertinent to many, many sites, particularly smaller ones obviously, and it should be permitted to be disabled so as not to skew the overall evaluation.

Why not option each of the features so as to enable customized performance results - compilation, analysis and resultant tuning efforts.

You might want to check out Panther Express (http://www.pantherexpress.net/). It's very cost effective.

Umm. We use Akamai but YSlow is not seeing it. I'll look at the FAQ. Great article in Baseline Steve.

Has anyone tried CacheFly (http://www.cachefly.com)? I've had a great experience with them so far.

SECURITY! SECURITY! SECURITY!

I am surprised that I see no mention of possible security concerns associated with use of CDNs. Clearly, I recognize the performance gains possible from CDNs (especially when page weight is high due a richer user experience) but I think there are possible security concerns that need to be addressed here as well.

My intent is not to be alarmist but simply foster a dialogue so these may be addressed. I am open to sound arguments that address these concerns but let's at least recognize them as a possible concern and proactively address them

images and possibly css files are likely candidates for CDN but Isn't it fair to say that risks vary across all possible static files that could be offloaded to a CDN. What about js files? Doesn't anyone else see the possible security concerns associated with offloading js files to another network? I mean if the CDN is compromised from either an internal attack at the CDN or external attack, then the entire DOM on the respective site is potentially exposed. I can think of a few very clever attacks on a site once the attacker has compromised the integrity of the js files.

Is the position that CDN is useful to everyone unless you are a bank or have other personal user data hosted on your site?

Just got agree with everyone already mentioning how this value is tainting an otherwise great tool. Maybe rather than nixing it there could be a site "profile" selection (based in traffic, bandwith, etc..) that determines whether it belongs in the grade. Surely for most sites it should not factor.

From the beginning I knew the CDN rule would be hard to apply to all web sites. That's why I provided the option to add your own CDN (see http://developer.yahoo.com/yslow/faq.html#faq_cdn ).

Although this preference setting exists, it's still problematic. Users have to manually add their CDNs. Two people won't necessarily be comparing apples to apples if they compare their YSlow grades without identical CDN preference settings. Unless you know the CDNs used by other sites (not your own), you don't necessarily know if the YSlow score is accurate. etc.

My plan has been to allow people to "nominate" a CDN to a backend YSlow server that would validate it was a CDN (primarily that the hostname had geographically dispersed locations). Whenever YSlow started up it would ask this backend server for the list of validated CDN hostnames and apply that to Rule 2. I almost started working on that this week, but now I don't think it'll scale well (the JSON response would be huge).

Another idea would be to do it in realtime: When YSlow runs it asks a backend YSlow service whether or not the hostnames are CDNs. Results could be cached locally in the browser for better performance. Although I say "realtime" this would actually cause the score for Rule 2 to be delayed so the overall score would be delayed or updated. This realtime check could also be made an option, so it would only performed when the user chooses.

Finally, I want to mention that another high priority feature is customized grades: Users will be able to alter the entire scoring algorithm for YSlow - giving rules different weights and thresholds. Users who wanted to skip the CDN rule could give it a weight of zero.

Thanks for all the feedback.

-Steve Soudes
creator of YSlow

There are many other smaller CDN companies out there offering very competitive rates. Nice post - thumbs up!

I tried using CacheFly for a small image, but then the image (which was previously cached when not on a CND) isn't cached by the browser. Can this be a problem? Is there a solution?

There are quite a few low cost and budget CDN providers. While it's great it also saves some $$ in bandwidth fees not only lowers your front-end server load.

http://www.valuecdn.com/

You can do load balancing based on IP Deny http://www.ipdeny.com/ IP address blocks in Cidr format.

Hi, when you use Yslow to test your sites locally, you can add your own CDN's as many virtual domains you have... but don't leave spaces between this virtual domains names! :D

Want an "A" rating for CDNs? Don't want to wait for Steve's next upgrade to YSlow?

"Grade on a curve!"

In about:config add the following preference as an INTEGER with a VALUE of "0" (zero):

extensions.firebug.yslow.pointsNotCDN

You'll still get the "Use a CDN" and all of the associated noise, but it will grade "A" and appropriately bump your score. Enjoy. Now, go read my blog; I'll be posting more details on hacking the tool to ignore CDN all together, similiar how "Rule 8" currently works.

I have been a web developer for 10+ years and this is the first that I am hearing about "CDN". I can't believe that this idea is being sold and to be honest this seems more of a money making ploy than anything else and the reason that I say that is because of one; Broadband is more rapid than it's ever been, and two; If you design your web site with maximum efficiency then you should not need to bother with a "CDN".
This is just my opinion and I would love to hear what others have to say.

Nixit....do you really think the CDN industry would exist and continue to expand if this was nothing more than a "money making ploy".

I don't doubt your expertise as a web developer but the reason CDN's exist is not because of poor web page construction, it is because of the network conditions that exist between the source of the content and the end user. Latency has a significant impact to the protocols that are used in the TCP/IP stack and high latency results in slow page downloads or video stream delivery. While you are correct that the last mile to the end user is certainly better than it was by having broadband connections instead of dial-up, that alone doesn't overcome issues of latency and packet loss that directly affect throughput rates. If you can deliver the web or video content from a source closer to the end user from a CDN provider, you can reduce the impact of latency has on TCP throughput and deliver the content much faster and more reliably. This is the main value that CDN's provide. But they also reduce the amount of capital investment needed to deliver content to a wide audience. Rather than have to continue to purchase servers and bandwidth for the origin website, enterprises can utilize the CDN infrastructure that is already built out and can scale as web/video delivery needs increase.

The cost of a CDN for the majority of websites out there would be counterproductive. I think users should be able to ignore this rule.

Another vote for letting users ignore this rule. I develop web GUIs for embedded devices, none of which will ever use a CDN. There are many, many standalone webserver applications in the world and the number is growing. CDNs are irrelevant to most of these applications. Please let me switch it off so I can point at a nicer letter grade and make my boss happy.

A great CDN, http://www.simpleCDN.com (I am not affiliated). Affordable and easy to setup.