hpvd

just learned inlining resources like js and css has a second disadvantage: 1. you can't use a strict (=save) CSP, because you have to allow `unsave inline` or similar (as...

=> with this there are 2 good reasons to externalize code: security and speed/serverload/traffic for returning visitors Does this necessarily lead to speed disadvantage in comparison to inlined code? No,...

with this learned, from my pov, it should be possible to apply the most strict and with this the most secure csp rules without sacrificing functionality and performance at all...

edit of CSP given above, to now fully reach an A+ rating (0 errors, 0 warnings) 

the `report-uri` is, in the first step, a great help when debugging: a `JSON body` will be sent if the content-security-policy blocked a piece of content since `report-sample` is activated,...

> maybe also show the code with syntax highlight yeah! As always there is a tool advertising... The lightest suitable tool I know so far is prismjs https://github.com/PrismJS/prism/ - only...

great! regarding second language: the example code is a scroll box (hard to see) where highlighting of inline code is demonstrated: https://prismjs.com/#examples got there from this issue and the mentioned...

looks great in the demo!

just found, the prism.js file seems to be loaded twice (found it because seeing a flickering when loading the page with throttled speed) btw: the file also looks a little"huge"...

when starting to dive a little deeper into the stunning demo by looking into webdev tools, on the very first look the direct loading of prism.js and prism.css is a...