Databases
StackOverflow2013
Postsdbo
POWhy move your Javascript files to a different main domain that you also own?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POWhy move your Javascript files to a different main domain that you also own?
    text
    copied!<p>I've noticed that just in the last year or so, many major websites have made the same change to the way their pages are structured. Each has moved their Javascript files from being hosted on the same domain as the page itself (or a subdomain of that), to being hosted on a differently named domain.</p> <h2>It's not simply parallelization</h2> <p>Now, there is a well known technique of spreading the components of your page across multiple domains to parallelize downloading. <a href="http://developer.yahoo.com/performance/rules.html#split" rel="nofollow noreferrer">Yahoo recommends it</a> as do many others. For instance, <strong>www.example.com</strong> is where your HTML is hosted, then you put images on <strong>images.example.com</strong> and javascripts on <strong>scripts.example.com</strong>. This gets around the fact that most browsers limit the number of simultaneous connections per server in order to be good net citizens.</p> <p>The above is <em>not</em> what I am talking about.</p> <h2>It's not simply redirection to a content delivery network (or maybe it is--see bottom of question)</h2> <p>What I am talking about is hosting Javascripts specifically on an entirely different domain. Let me be specific. Just in the last year or so I've noticed that:</p> <p><strong>youtube.com</strong> has moved its .JS files to <strong>ytimg.com</strong></p> <p><strong>cnn.com</strong> has moved its .JS files to <strong>cdn.turner.com</strong></p> <p><strong>weather.com</strong> has moved its .JS files to <strong>j.imwx.com</strong></p> <p>Now, I know about content delivery networks like <a href="http://www.akamai.com" rel="nofollow noreferrer">Akamai</a> who specialize in outsourcing this for large websites. (The name "cdn" in Turner's special domain clues us in to the importance of this concept here).</p> <p>But note with these examples, each site has its own specifically registered domain for this purpose, and its not the domain of a content delivery network or other infrastructure provider. In fact, if you try to load the home page off most of these script domains, they usually redirect back to the main domain of the company. And if you reverse lookup the IPs involved, they <em>sometimes</em> appear point to a CDN company's servers, sometimes not.</p> <h2>Why do I care?</h2> <p>Having formerly worked at two different security companies, I have been made paranoid of malicious Javascripts.</p> <p>As a result, I follow the practice of whitelisting sites that I will allow Javascript (and other active content such as Java) to run on. As a result, to make a site like <strong>cnn.com</strong> work properly, I have to manually put <strong>cnn.com</strong> into a list. It's a pain in the behind, but I prefer it over the alternative.</p> <p>When folks used things like <strong>scripts.cnn.com</strong> to parallelize, that worked fine with appropriate wildcarding. And when folks used subdomains off the CDN company domains, I could just permit the CDN company's main domain with a wildcard in front as well and kill many birds with one stone (such as *.edgesuite.net and *.akamai.com).</p> <p>Now I have discovered that (as of 2008) this is not enough. Now I have to poke around in the source code of a page I want to whitelist, and figure out what "secret" domain (or domains) that site is using to store their Javascripts on. In some cases I've found I have to permit three different domains to make a site work.</p> <h2>Why did all these major sites start doing this?</h2> <p>EDIT: OK <a href="https://stackoverflow.com/questions/160376/why-move-your-javascript-files-to-a-different-main-domain-that-you-also-own#160451">as "onebyone" pointed out</a>, it does appear to be related to CDN delivery of content. So let me modify the question slightly based on his research...</p> <p>Why is <strong>weather.com</strong> using <strong>j.imwx.com</strong> instead of <strong>twc.vo.llnwd.net</strong>?</p> <p>Why is <strong>youtube.com</strong> using <strong>s.ytimg.com</strong> instead of <strong>static.cache.l.google.com</strong>?</p> <p>There has to a reasoning behind this.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload