Do Not Track (DNT) HTTP Header

Over the past year there have been many capabilities added to web browsers to allow users to indicate their willingness to be tracked across various sites for web advertisements. While the implementation by individual hosts is optional, the user can sent the request to identify their personal preference. Tracking can be relevant to allow for more “targeted” ads tailored to each user.

Firefox 4.0 betas added an "X-Do-Not-Track:1" HTTP Header. Later implemented Firefox 5.0 betas as "DNT:1". Safari and MSIE9 have also added support. Recently Firefox 9.0 exposed this attribute to JavaScript as navigator.doNotTrack, with a value of “yes” when set.


Ternary Operators and Assignment

Ternary operators, if not abused, can make code easier to follow once you grasp the concept. While normally used for assignment, they can also be used to control program flow. The keys to this are the condition, question mark and colon that identify the condition and results.

var foo = (some_condition) ? then_code : else_code;


JavaScript function overloading

JavaScript, while mostly object-oriented, does not support function overloading like Java and other common OO languages. To my less knowledgeable audience, overloading is use of the same function name with a different number of arguments or types.

NOTE: there are various ways to implement this sort of functionality using various frameworks, but legacy code can be full of these issues!

In the following code, they share the same name, the second function will always be executed as it is defined last!

<script type="text/javascript">
function doSomething(arg1, arg2){
alert('2 args');
function doSomething(arg1){
alert('1 arg');

RabbitMQ setup on Ubuntu

In my past enterprise experience, I’ve worked a lot with IBM WebSphere MQ, as I’ve evolved to open source, I’ve found RabbitMQ to fill my messaging needs as an implementation of AMPQ. While I’ve added Ubuntu installation instructions here, server and API implementations are available for most programming languages and operating systems.


sudo apt-get install rabbitmq-server


sudo wget

sudo apt-key add rabbitmq-signing-key-public.asc

sudo vim /etc/apt/sources.list.d/rabbit.list

NOTE: this file will probably be empty, just add the following line (for Ubuntu 11.04 and earlier)

deb testing main

sudo apt-get update
sudo aptitude install rabbitmq-server


HTTP ETag Header

These are useful for some advanced caching behavior, but there are cases where you might find them unnecessary for static files (in particular). Most network analysis tools will call attention to this header value, and while it seems like a trivial amount of bandwidth to send from the server to the client, the real reason for the negative score is more likely related to the behaviors that it causes in the client.

It should be noted that the default value used for the ETag is based upon the ‘inode’ of the file, as such it’s IS problematic in clustered server environments. I’ve shown the correction for this below.

Adding the following to your Apache http.conf file is a start:

# Change ETag to remove the iNode (for multi-server environments)
FileETag MTime Size

#Remove ETag from all static content, this could be done globally without the FilesMatch, but we want better control.
<FilesMatch "\.(html|htm|js|css|gif|jpe?g|png|pdf|txt|zip|7z|gz|jar|war|tar|ear|java|pac)$">
<IfModule header_module>
Header unset ETag



HTTP Cookie Header

Obviously “Cookies” have a lot of advantages in web applications to maintain “state”, unfortunately using standard server configurations leads to even static content serving them up un-necessarily wasting some (minimal) bandwidth.

Adding the following to the Apache httpd.conf file is a start:
#Remove Cookie from all static content (except HTML as javascript could use it)
<FilesMatch "\.(html|htm|js|css|gif|jpe?g|png|pdf|txt|zip|7z|gz|jar|war|tar|ear|java|pac)$">
<IfModule header_module>
Header unset Cookie



MSIE Conditional Comments

This approach is useful in building standards based websites and allows you to prevent it from being “polluted” by various hacks used to support MSIE. MSIE5 and newer support the use of Conditional Comments and thus allow the developer to include additional files or markup for specific versions of the browser. Other browsers will see the content as an HTML comment and thus ignore it.

<!--[if IE]><style type="text/css">@import "/css/IE=Fixes.css";</style><![endif]-->
<!--[if lt IE 5.5000]><style type="text/css">@import "/css/IE50Fixes.css";</style><![endif]-->
<!--[if IE 5.5000]><style type="text/css">@import "/css/IE55Fixes.css";</style><![endif]-->
<!--[if IE 6]><style type="text/css">@import "/css/IE60Fixes.css";</style><![endif]-->
<!--[if IE 7]><style type="text/css">@import "/css/IE70Fixes.css";</style><![endif]-->
<!--[if IE 8]><style type="text/css">@import "/css/IE80Fixes.css";</style><![endif]-->
<!--[if IE 9]><style type="text/css">@import "/css/IE90Fixes.css";</style><![endif]-->
<!--[if lt IE 7]><script type="text/javascript" src="/wiki/skins/common/IEFixes.js"></script><![endif]-->


Browser capabilities comparison testing

Browsers tend to evolve quickly, but they often do not offer the same capabilities cross-platform. As a result of this, there are many standard tests available to the developers of browser software to test for compliance with modern web standards.

Before making use of a specific capability in your web application, it’s often best to determine which browsers can support it.

Web Proxy Autodiscovery Protocol (WPAD)

If you take a close look at your logs you may occasionally see requests for a file named wpad.dat. This file is related to automatic proxy configuration in many browsers.

To provide this capability to your users and website,

  1. DNS:

    Default behavior is to traverse the domain in reverse, looking for one with a file named /wpad.dat

    Example (using my domain for example):

  2. Then in httpd.conf, set the MIME type:
    AddType application/x-ns-proxy-autoconfig .pac
  3. Also in httpd.conf, add a redirect to the actual file you wish to use.
    Redirect permanent /wpad.dat
  4. In the new file, add the following default contents, modify if you use a proxy:

    /* 'proxy.pac' - This is the main function called by any browser
    NOTE: there is NO proxy!
    function FindProxyForURL(url, host)
    return “DIRECT”;
    } // End function FindProxyForUrl


Avoid CSS Expressions

MSIE5 added support for CSS expressions or “Dynamic Properties”, however MSIE8 ‘deprecated’ their use and prevents their use in Standards Mode.

While powerful because this allowed you to script your CSS dynamically, there were two primary problems.

  1. Performance – the expression could fire literally hundreds or thousands of times on a page when scrolled or resized.
  2. Security – this represented an attack vector and exposed XSS