The StackOptic Blog
Practical guides on identifying website technologies, SEO and GEO, web performance and lead generation — from the team behind StackOptic.
What Is First Contentful Paint (FCP)?
First Contentful Paint marks when a page first shows content. What FCP is, what is good, how it differs from LCP, what causes a slow score, and how to fix it.
How to Use preload, prefetch, and preconnect (Resource Hints)
Resource hints tell the browser what to fetch and connect to early. When to use preconnect, dns-prefetch, preload, prefetch and modulepreload, and the pitfalls.
How to Optimize CSS for Faster Pages
CSS is render-blocking, so bloated stylesheets delay your page. How to minify, cut unused CSS, inline critical CSS and defer the rest to speed up FCP and LCP.
What Is Browser Caching and How to Set It Up
Browser caching lets visitors reuse files instead of re-downloading them. What it is, the HTTP headers that control it, cache-busting, and how to verify it.
How to Secure Cookies with HttpOnly, Secure, and SameSite
How to harden cookies with the HttpOnly, Secure and SameSite attributes, plus Path, Domain and the prefixes — and how to inspect them in browser DevTools.
What Is Two-Factor Authentication (2FA) and Why Use It
A clear guide to two-factor authentication: the three factor types, methods ranked from SMS to passkeys, and why 2FA stops phishing and credential-stuffing.
What Is Cross-Site Request Forgery (CSRF)?
CSRF tricks a logged-in user's browser into sending an unwanted request. Learn the concept and defences: anti-CSRF tokens, SameSite cookies and origin checks.
What Is a Data Breach and How to Respond
A plain-English guide to data breaches: what counts as one, the common causes, a step-by-step incident-response plan, the GDPR 72-hour rule, and prevention.
What Is a Web Application Firewall (WAF)?
A plain-English guide to web application firewalls: what a WAF filters, the deployment types, OWASP rule sets, false positives, and when a site needs one.
What Are HTTP/2 and HTTP/3, and Why They Matter for Speed
HTTP/2 and HTTP/3 fix HTTP/1.1's bottlenecks. What each protocol changes, how multiplexing and QUIC speed loading, and how to check which your site uses.
What Are Gzip and Brotli Compression (and How to Enable Them)?
Gzip and Brotli shrink HTML, CSS and JavaScript before they are sent. What each is, how Brotli compares to Gzip, how to verify it, and how to enable it.
What Is Time to First Byte (TTFB) and How to Improve It
Time to First Byte measures how long the browser waits for a server response. What TTFB is, what counts as good, its components, and how to improve it.
What Is Clickjacking and How to Prevent It
Clickjacking tricks users into clicking hidden controls via invisible frames. Learn how to check if your site is framable and the defences that stop it.
What Is HSTS and How to Enable It
A practical guide to HTTP Strict Transport Security: how HSTS forces HTTPS, blocks SSL-stripping and downgrade attacks, its directives, and how to enable it.
How to Tell if a Website Is Built with BigCommerce
BigCommerce leaves clear fingerprints: cdn11.bigcommerce.com assets, /stencil/ theme paths and a window.BCData object. Here is how to detect it in under a minute.
How to Protect Your Website from Bots and Scrapers
Not all bots are bad. Tell good crawlers from abusive scrapers, spot the signals of bot traffic, and layer rate limiting, CAPTCHA, a WAF and bot management.
What Is Lazy Loading and How to Use It
Lazy loading defers offscreen resources until needed. What it is, how to use native loading="lazy", when not to lazy-load, and avoiding any layout shift.
How to Tell if a Website Uses an A/B Testing Tool
Optimizely, VWO, AB Tasty and Convert leave fingerprints: anti-flicker snippets, _vwo cookies and window globals. Here is how to detect a site's test tool.
How to Tell if a Website Uses HubSpot
HubSpot leaves clear fingerprints: js.hs-scripts.com tracking code, hubspotutk and __hstc cookies, and hsforms embeds. Here is how to detect it quickly.
How to Find Out What Server Software a Website Runs (Nginx, Apache, LiteSpeed)
The Server response header usually names the web server — nginx, Apache, LiteSpeed, IIS or Caddy. Here is how to read it, and why CDNs and proxies often hide it.
How to Tell if a Website Is Built with Astro
Astro leaves clear fingerprints: astro-island elements, an Astro generator meta tag and _astro/ asset paths. Here is how to detect it in under a minute.
How to Tell if a Website Is Built with Laravel
Laravel hides on the server, but it leaks tells: XSRF-TOKEN and laravel_session cookies, /storage/ paths and Blade markers. Here is how to spot each one.
What Is the Carbon Cost of Video and Streaming?
Video is the heaviest thing most sites serve, and streaming dominates internet data. Here is what really drives its carbon cost and what site owners control.
How to Measure Your Website's Carbon Emissions
You cannot reduce what you do not measure. Here are the free tools that estimate website carbon, what they base it on, and how to track emissions over time.