The plugin also includes a suite of security features to help you secure your website, including full control over Content-Security-Policy, which enables you to control which domains can embed assets on your website, and what domains you can connect to. This prevents malicious scripts from being able to run and more.
- Site Analysis
- Environment information
- Page information such as MIME type, output size and compression ratio
- Asset counts and sizes with recommendations
- Performance metrics with descriptions and recommendations
- Security metrics with descriptions and recommendations
- Minify your HTML (Uses HTMLdoc)
- Minify and cache your inline CSS (Uses CSSdoc)
- Combine Files
- Combine and minify CSS files
- Lazy load images
- Set shared cache timeout
- Set client cache timeout
- Enable client to check whether their cached page is still valid, and send an HTTP 304 response if it is
- Disable MIME sniffing
- XSS protection
- Control how the site can be embedded
- Enable HSTS to force browsers to only connect over HTTPS
- Specify Content-Security-Policy to control what domains can connect and embed content in your site
- HTTP/2.0 Push
- Select which assets to push with first load
- Push combined stylesheets
- Administration panel to control all features, including all minification optimisations
See the Torque Github homepage for more information.
Upon installation of the plugin, most of the settings will be disabled. Only the settings in the “Caching” section will be implemented.
To get the plugin up and running to a basic level, enable some settings in the “Settings” section.
It is recommended that you do not use this plugin with other minification plugins.
What kind of compression can I expect from minification?
Depending on how compressible you content is you can expect ~10 – 15% compression of your page before gzip compression, after gzip you can expect ~5 – 10%.
How long does it take to minify my page?
You can tick the “Show stats in the console” option to see how long it takes to minify your page and what compression was achieved, view the output in the developer console (Press F12).
What are the tradeoffs for minifying my HTML?
You are swapping the time it takes to send the extra bytes down the wire to your clients for extra CPU time on the server.
Torque uses my other project HTMLdoc to minify your code, it has been designed to use on the fly and has been optimised for speed. Even so I recommend you use some sort of cache in front of your PHP code to make sure your time-to-first-byte is optimised, then the extra CPU time doesn’t matter.
How can I test if my page is faster after using your plugin?
The best tool to use is Lighthouse, which is built into Blink based browsers such as Chrome, Edge and others:
- Press F12 to bring up the developer tools
- Select the “Lighthouse” tab
- Click “Generate Report”
Do this before you enable the plugin, and then again after you have enabled and configured the plugin. The performance metric should be higher with the plugin. You can also look at the Network tab in the developer console and see that the total download size and number of requests is lower (With combne and minify enabled).
I enabled minification and it broke my site
For example, you can strip default attributes from your HTML such as
input[type=input], the selecctor will no longer match. See [https://github.com/hexydec/htmldoc/blob/master/docs/mitigating-side-effects.md](HTMLdoc: Mitigating Side Effects of Minification) for solutions.
Why is HTMLdoc best in class?
Other minification plugins blindly find and replace patterns within your code to make it smaller, often using outdated 3rd-party libraries.
All three libraries have automated test suites to ensure reliability, and should outperform other PHP based minifiers in terms of compression.
What is Content Security Policy?
Content Security Policy (CSP) is a very powerful browser security feature that only enables assets to be downloaded from the specified domains. Any assets that are downloaded from domains that are not listed will be blocked.
How do I setup my Content Security Policy?
Using the developer tools in your browser (Press F12), look at the network tab on each page, and note down the domains that are used for different assets, along with their asset type. You can then enter those domains in to the relevant CSP boxes. Be sure to run any extra features of your website that use Fetch or XHR, as these connections are also bound by CSP.
Once the domains are entered, and with the CSP setting set to “Enabled only for me (testing)”, go through the pages of your website again, checking for Content-Security-Policy errors in the console. If there are errors, the console should indicate which domain and category trigger the CSP error. Note that your website may not function correctly whilst you do this if the CSP is not correct, but this behaviour will only be exhibited for you with the testing setting.
When you are happy that all domains and settings are set correctly, you can enable the CSP setting.
How does HTTP/2.0 preload work?
To enable preload, you must have an HTTP/2.0 enabled server, and your website must be served over HTTPS. You may also have to specifically configure your server to enable preload.
Preload works by “pushing” the selected assets onto the client when they first request a page, so they receive assets they haven’t requested in the initial payload. When the users browser then parses the page, and knows what assets to request, the browser already has them ready to load.
To prevent continually pushing assets onto the client on each page load, a cookie (called “torque-preload”) is used to indicate that assets have already been pushed to the client.
My server doesn’t support HTTP/2.0 or my website is not served over HTTPS, can I still use preload?
Preload is best when your site is delivered over HTTPS using the HTTP/2.0 protocol, but you can still take advantage of preload without this setup, but it won’t be quite as fast as with it setup correctly.
Preload is implemented through a “Link” header, which lists all the assets to preload. When setup correctly, your server will read this header and bundle the listed assets and push them onto the client. When not enabled at server level, the header is passed to the client who can request the assets immediately upon receipt of the page. If any of these assets are chained within other assets, the preload header will enable the browser to fetch them earlier.
No hay reseñas para este plugin.
Colaboradores y desarrolladores
Este software es de código abierto. Las siguientes personas han contribuido a este plugin.Colaboradores
¿Interesado en el desarrollo?
Registro de cambios
- Updated dependencies for better PHP 8.1 compatibility
- Improved type hinting
- Fixed issue where if a datasource returns false, it caused an error
- Fixed issue where the plugin said it was only compatible with PHP 8.0+, whereas it still supports 7.4
- Updated dependencies
- Updated dependencies to fix PHP 8.0/8.1 issues
- Added hook to rebuild the assets when a plugin is updated
- Added CLI command “torque rebuild”
- Updated readme to add unlisted features
- Fixed issues when addressing stylesheet assets which caused some not to be listed
- Fixed issue with how some internal addresses were formatted for certain features
- Updated terminology of the HTTP/2.0 Push feature
- Changed defaults of some HTML attribute minification options to false as they may be unsafe and updated description in
- Updated FAQ in readme
- Fixed issues with how URL’s were rewritten when combining CSS files, which caused image and font files not to appear in some cases
- Fixed issue in HTMLdoc where domain URLs were not minified correctly
- Updated readme