Non-Functional Requirements
SEO
You can assess SEO using PageSpeed Insights.
Accessibility
You can evaluate WCAG compliance using WebAIM. Here is the recommended approach for handling the report:
- You MUST fix ALL the Errors.
- You SHOULD address the Contrast Errors, as much as possible.
- It is advisable to address the Alerts.
- The Features, Structural Elements and ARIA criteria demonstrate how tools like search engines or screen readers perceive your page. If these aspects are logical, well-structured, and accessible, your page will have a higher chance of reaching the target users.
Some articles related to Accessiblity:
Security
You can assess security using Mozilla Observatory or ImmuniWeb.
HTTP Observatory
There are several tests to perform on this tab, but the Frontend team should pay attention to the following items:
-
Content Security Policy
To pass this test, minimize the use of inline scripts and styles by moving them into asset files and referencing them in the page.
For elements that cannot be moved to asset files, add thenonce="some-randome-string"
attribute to the script or style element, as shown in the sample below:Then, include those nonce values in the CSP header and disallow
unsafe-inline
for bothscript-src
andstyle-src
, andunsafe-eval
forscript-src
. Note that for the Frontend part, the randomness is not crucial; you only need to demonstrate how it works, and the Backend team will handle the actual implementation. -
Subresource Integrity (SRI)
SRI recommends adding theintegrity
attribute to external resources. For example:The attribute contains the hashed value of the resource's content. If the content is altered, such as in the case of the server being compromised by hackers and modifying the content, the hash will no longer match, and browsers will refuse to execute it.
In reality, it's likely that your website may fail this test as many common resources are dynamically updated by default. For example, if you use the Google Tag Manager script, its content may change without prior notice. However, this does not mean we should underestimate the importance of this test. Apply SRI to any resources where it is applicable.