Quick Wins

The following quick wins are easy to implement and benefit usability, performance, maintainability, security, etc.

• UseManage Content andEdit Menu buttons in your page components to enable easy editing from within the Experience manager.

• Lets (admin) users insert an HTML snippet into a page template, for example in a header or footer component. This is useful for Google Analytics, temporary surveys, etc. However, make sure to implement acontent security policy to prevent security exploits through the HTML snippet!

• When you check in newhst:pages,hst:components orhst:configurations, make sure to sort their child nodes alphabetically.

• Optimize SEO value using the Sitemap, SEO Support, and Robots.txt plugins.

• Make sure that all feedback to the end-user (form feedback, error messages, subscribe mail etc.) is configurable via the CMS or console.

• Make sure components that make calls to external systems areloaded asynchronously so they don't block page loading.

• Correctly configure thedelivery tier users and set up the required permissions for polls, form data, etc. NEVER use admin/admin for the site.

• Check all input boxes forXSS and don't allow (all) wildcards in search. For example "e" will crash your site with an OOME.

• Page not found (a.k.a. "404") pages MUST return a 404 HTTP status code (not 200 (ok) or 500 (error)).

• All pages and CSS should be W3C valid.

• Use and/or extend thestandard delivery tier components as much as possible. They are based on best practices and optimized for performance.

• UsesetLimit forHstQuery equal topageSize. UseHstQueryResult#getTotalSize() andHstQuery#setOffset(int) for paging.

• Make smart use of logging in debug level.