Pantheon is dedicated to improving the quality of the open web and making web professionals successful with open source. We do this by delivering a unique set of services via a completely different architecture compared to traditional/legacy hosting or infrastructure providers. Our customers stand on the shoulders of giants, always using the best cutting edge technology, and following best practices as a natural part of using our product.
In that spirit, we’re incredibly proud to launch the Pantheon Global CDN, delivering high-grade security and blazing fast performance, into general availability. The Global CDN combines the power of Fastly’s global edge network and Let’s Encrypt’s certificate authority as an integrated, turnkey feature for every website on the platform.
We believe this to be the future standard all websites will be held to: high-grade encryption running end-to-end, from the browser to the application, with pages showing up for user eyeballs (or screen readers) less than a second after they click.
This is a high bar to clear, but Pantheon is making it possible for everyone using Drupal or WordPress, nearly 30% of the internet! We are democratizing security and performance for the open web, helping the professionals who implement open source thrive under increasingly demanding circumstances.
Every Website Deserves the Best
“A chicken in every pot, a Tesla in every garage, and every website running HTTPS on a CDN.”
Security professionals want every website to run under HTTPS all the time. No mixed mode, no exceptions. We agree: plain-text HTTP is going the way of telnet. Soon it will be something deployed only under extreme legacy circumstances, behind the firewall, or otherwise mitigated with additional layers of security.
That’s a good thing. Nobody wants their session cookies hijacked at the coffeeshop, and, increasingly, people also want to know their browsing activity isn’t being slurped up and analyzed by shadowy government intelligence services. Strong end-to-end encryption is the only way to guarantee that.
Additionally, users are being conditioned to expect pages to be visible in a second or less by social media, native apps, and mobile optimized experiences like Google AMP. Hitting this performance bar requires some care with your website’s design and implementation, but for anyone looking to drive results via the web focusing on a fast user-experience is undeniably worth it.
Research has shown that delivering a meaningful response—e.g. beginning to render the page, or “time to first paint”—in less than a second can be a tipping point in behavior. A sub-second delay from click to visual feedback prevents user attention from wandering or context-shifting. Any longer and they may open another tab while they wait, or change their focus to another task. Will they be back? Who knows. Higher-performance websites capture more clicks, and deliver higher performing outcomes as a result.
Speed and Security: Crushing SEO Requirements?
“And I, for one, welcome our new page-ranking overlords.”
As if all the above weren’t enough, HTTPS and page load times are being given more and more weight in search index rankings, and browser-makers are taking increasingly aggressive steps to call out insecure user-input. These changes impact every user of the web, and hence every single website.
In other words, our page-ranking overlords have spoken. Security and high performance are transitioning from aspirational goals for top websites only, to non-negotiable must-haves for everyone.
This puts we who make the internet in a tight spot. While it’s exciting to reach for the brass ring on your next big project, what about all the old clients? Worldwide, over a billion websites have already launched, and every professional I know carries a legacy of tens (sometimes hundreds or even thousands) of projects from earlier in their career. The amount of effort required to bring all these up to modern standards is daunting, especially when you consider that substantive budget for this work may not ever materialize.
One example: because HTTPS has historically been a special-case, the process of obtaining, managing, and deploying SSL certificates is still manual for the vast majority of sites. A process that seemed perfectly sane when only a handful of higher-value sites required certs is obviously unworkable if every single site is going to be encrypted. Manual cert management can easily turn into a full time job, which cannot possibly scale.
Likewise, the techniques required to deliver sub-second user performance are well known—use a reverse proxy, use a CDN, be smart with your theme/design—but actually following through on these guidelines generally requires developer time and expertise. Frontend performance must be measured and optimized. CMS configurations may need adjustment, themes refactored, assets aggregated or re-processed. New technologies will likely need to be deployed, and because of all these changes, extensive testing will be required. It’s a slog, and not one many legacy projects or smaller sites can easily afford.
Developer’s Guide to Frontend Performance
Moving the Open Web Forward
So what is to be done? If independently built websites fall behind the corporate walled-gardens, the open web could enter a death spiral. If we want the open web to thrive, we have to keep pushing things forward, to meet and exceed these higher standards.
We’re pushing hard with the Global CDN. We’ve solved the problem of certificate management by integrating Let’s Encrypt directly with the service, and are doing amazing things for performance by leveraging Fastly’s core infrastructure in a way that’s 100% compatible with our legacy Varnish service. You just turn it on and it works: high-grade HTTPS lights up end-to-end, and pages get faster with zero additional labor required, the way it should be.
Pantheon exists to help the open web thrive. We’re your partners in this; your platform; giant shoulders for you and your clients to stand on; getting broader and stronger everyday. To all our existing users, we’re happy to deliver another overnight performance boost. To anyone looking for a better way to this, we feel you, and we’re always happy to chat.
Learn more about Global CDN: