-
Posts
-
Hi,
I have enabled minify. I have several questions regarding my settings, could you please assist me adjusting them correctly? Thanks.
I have followed this guide to adjust my settings:
The Ideal W3 Total Cache Settings 2023: Revamped With New Features/Setup Guide
1. Minify Set to Auto
I have set Performance > General Settiings > Minify > Minify mode: Auto.I read the following online, see below. I would like your advice please if I can keep auto enabled, and if there are any other solutions to issues other than changing to manual. I want to avoid having to add all the files in the right order to minify manually. I would not know in which order they need to be.
– Auto minify can break styling and functionality of the website, and that I will need to add JS and CSS files manually as well as in the correct order. (Is this correct? Do I still need to add files manually if set to auto?)
– Manual mode allows you to bypass minification for specific CSS and JavaScript files but you have to add the files to minify.
– Typically minification of advertiser code, analytics/statistics or any other type of tracking code is not recommended.
(So if my client wants to use Google Tag Manager or Google Analytics later, I can’t have Minify Mode set to auto as I need to manually exclude these files from minification? Would it also interfere with the RankMath SEO plugin – if NOT connected to Google Analytics?
Is there a way around this?)2. Render Blocking Issues
My settings in Performance > Minify > JS
– Minify method: Minify only
– Minify engine settings:
Embed Type:
Before </head> Default (blocking)
After <body> Default (blocking)I had warnings in my online Website Tests that there are Render Blocking issues.
However, I read online regarding JS and CSS Minify Engine Settings that non-blocking settings can break your site.
What are your recommendations? I would prefer to keep the default (blocking) settings to avoid any problems. Are the render blocking issues a big problem or can I safely ignore it?
3. Here are my current minify settings. Could you please let me know if they are configured correctly?
Performance > General Settiings > Minify
Minify mode: Auto
Minify Cache Method: Disk
HTML minifier: Minify (default)
JS minifier: JSMin (default)
CSS minifier: Minify (default)Performance > Minify:
HTML
– Inline CSS magnification
– Inline JS minification
– Don’t minify feeds
– Ignored comment stems:
google_ad_
RSPEAK_
mfuncJS
– Minify method: Minify only
– Minify engine settings:
Embed Type:
Before </head> Default (blocking)
After <body> Default (blocking)
Preserved comment removalCSS
– Minify method: Minify only
– Minify engine settings: Preserved comment removal
– @import handling: ProcessAdvanced
– Update external files every: 86400 seconds
– Garbage collection interval: 86400 seconds
– Never minify the following JS files: /wp-content/plugins/w3-total-cache/pub/js/lazyload.min.jsHello Mel,
Thank you for reaching out.
The optimal W3 Total Cache configuration takes into account several factors: your theme, your plugins, and the technologies available on the server. Since everyone’s site and traffic and theme are different, there is no one size fits all solution.
The mentioned guide is good, however, it all depends on your website.
All the settings related to the performance of your website are good. I’ve made the tests (check the screenshots) and in the report, there are no render-blocking files (total blocking time is 0ms), and the score is PERFECT! There are no console errors and there are no problems in the functionality of your website.
The Minify settings are spot on for your website.
Since the other topic is duplicate, I’ll remove it and you can ask any additional questions in this thread if you have any.
Thanks!
Hi Marco,
Thanks for your reply and testing the website. You have tested the secret access link. https://www.hundetraining-mit-roya.at/?my1test
I currently have Maintenance Mode on and the main url loads the coming soon page for visitors and website tests.
Do I need to purge all caches every time I turn Maintenance Mode on and off? ( Am doing this.)
I compared the results for the secret access link and the main site url with Maintenance Mode off on webpagetest.org and they seem to be the same.
Re: 2. Render Blocking Issues
Test on PageSpeed Insights shows 0 render blocking time.
However, my test of https://www.hundetraining-mit-roya.at/ at https://www.webpagetest.org/result/230614_BiDc8A_BBZ/1/details/
with location set to Frankfurt (Site server is in Austria) shows
– 10 externally-referenced CSS files are blocking page rendering
– 3 JavaScript files are blocking page rendering.
The test for the secret access link shows the same results.
Please see screenpic https://snipboard.io/yK8qS9.jpg.Is the render blocking time so minimal that it shows up as 0 at the Page Speed Test? Or is this test inaccurate?
Re: 1. Minify Set to Auto
Could you please also answer my previous question:
– Typically minification of advertiser code, analytics/statistics or any other type of tracking code is not recommended.
So if my client wants to use Google Tag Manager or Google Analytics later, does this mean I can’t have Minify Mode set to auto as I need to manually exclude these files from minification? Would auto mode also interfere with the RankMath SEO plugin – if NOT connected to Google Analytics?
Is there a way around this? Can I keep auto setting and exclude the files from minification in a different way?
What is your recommendation?
Thanks
MelHello Mel,
You should purge the cache every time the content of your website is changed.
So for example, if you add any new blog post or a new page, you should purge the cache.In the tests I’ve shared with you, the blocking time is 0ms which means that there is no need for eliminating any render-blocking resources.
The first and the second minify questions are related. W3 Total Cache does not optimize any external files like Google Tag Manager or Google Analytics. so there is no need to exclude any files as those are 3rd party files that are loading on your website from external servers.
I hope this helps!
Thanks!
Hi Marko,
Thanks for your reply and the info.
Great that the render-blocking resources are ok.
Regarding Google Tag Manager,
You wrote those are 3rd party files that are loading on your website from external servers.
To implement Google Tag Manager in my WordPress Theme GeneratePress, 2 blocks of code (from Google) need to be added via the Hooks Element for the entire site, one for wp_head and one for wp_body_open. OR alternatively the code could be added as 2 functions (PHP).
The code sample in the GeneratePress Instructions for wp_body_open includes <noscript><iframe src=”https://www.googletagmanager.com/ns.html etc etc </iframe></noscript>
Do I need to exclude this code embedded into the website from being cached? (Via “Page Cache” settings, selecting “Never cache the following pages” and adding the Google Analytics tracking code?)
Are the 3rd party files loaded on the website as iframe? I also need to setup my security headers – X-Frame-Options HTTP response header and it prohibits iframe? How can this be solved?
Thanks
Hello Mel,
Thank you for your feedback.
When implementing a Google tag manager script, The function then creates a new script element, sets its src attribute to the URL of the GTM JavaScript file, and appends it to the element of the HTML document. The id parameter passed to the GTM JavaScript file is the GTM container ID that identifies the specific GTM container that the website owner has set up in the GTM interface.
So you should not worry about any conflict with W3 Total Cache in this case.As for the X-Frame-Options, you can enable this and set a Directive in Performance>Browser Cache>Security headers section
This tells the browser if it is permitted to render a page within a frame-like tag (i.e.,<frame>,<iframe>or<object>). This is useful for preventing clickjacking attacks.Thanks!
Hi Marko,
Thanks for your helpful reply.
Regarding the X-Frame-Options, setting a Directive in Performance>Browser Cache>Security headers section:
So would I need to set Directive to Allow-From and enter the URL from “src= ” within the iframe tag? In the case for Google Tag Manager is would be https://www.googletagmanager.com/ns.html.For Google Tag Manager the iframe would be set for every page of the site?
Hi,
I tried several times yesterday to reply here but there was no confirmation and nothing is showing up.Regarding the X-frame Options, do I need to set Directive to Allow-From and and enter the URL from iframe src, in the case of google tag manager https://www.googletagmanager.com/ns.html? Would this allow the GTM to load for pages site-wide?
I have read that for setting up security headers it is easier to use this plugin https://wordpress.org/plugins/http-headers/
(in W3TC there are so many fields for Content Security Policy (CSP) header, and I have no idea what to enter for those.)
So I am considering using the HTTP Headers plugin instead. Would this plugin interfere with W3TC? If I set the X-Frame Options Directive with HTTP Headers instead to allow iframe for GTM, would there be a conflict with W3TC minify?Thanks.
Hi,
I thought I had already replied to your last post but there is nothing here.Regarding the X-frame Options, do I need to set Directive to Allow-From and and enter the URL from iframe src, in the case of google tag manager https://www.googletagmanager.com/ns.html? Would this allow the GTM to load for pages site-wide?
I have read that for setting up security headers it is easier to use this plugin https://wordpress.org/plugins/http-headers/
(In W3TC there are so many fields for Content Security Policy (CSP) header, I have no idea what to enter for those.)
So I am considering using the HTTP Headers plugin instead. Would this plugin interfere with W3TC? If I set the X-Frame Options Directive with HTTP Headers instead to allow iframe for GTM, would there be a conflict with W3TC minify?Hello Mel,
Thank you for your feedback.
This is a public forum and any replies or topics must be approved by the Administrator to avoid potential spam or sharing of sensitive information.
The Security headers do not have any impact or conflict with Minify so you should not worry about this.
The security headers are an option in the W3 Total Cache, however, how and if you are going to use it, it depends on you, your website, and what you are trying to achieve so there is no single answer for this.X-Frame-Options directives#
The X-Frame-Options header has three different directives in which you can choose from. These must be sent as an HTTP header, as the browser will ignore if found in a META tag. It is also important to note that certain directives are only supported in certain browsers. See browser support further below in this post. While it is not required to send this response header across your entire site, it is best practice to at least enable it on pages that need it.1. deny directive#
The deny directive completely disables the loading of the page in a frame, regardless of what site is trying. Below is what the header request will look like if this is enabled.X-Frame-Options: deny
This might be a great way to lock down your site, but it will also break a lot of functionality. The following two directives below are more common use cases for a typical website.Examples of sites currently using the deny directive:
Facebook
GitHub2. sameorigin directive#
The sameorigin directive allows the page to be loaded in a frame on the same origin as the page itself. Below is what the header request will look like if this is enabled.X-Frame-Options: sameorigin
We have the sameorigin directive enabled on this website. With this directive enabled, only our website is allowed to embed an iframe of one of our pages. This is probably the most commonly used directive out of the three. It is a good balance between functionality and security.It is also important to note that if a browser or plugin can not reliably determine whether the origin of the content and the frame have the same origin, this must be treated as deny.
Examples of sites currently using the sameorigin directive:
Twitter
Amazon
eBay
LinkedIn3. allow-from uri directive#
The allow-from uri directive allows the page to only be loaded in a frame on the specified origin and or domain. Below is what the header request will look like if this is enabled.X-Frame-Options: allow-from https://www.example.com/
This allows you to lock down your site to only trusted origins. But be careful with this directive. If you apply it and the browser does not support it, then you will have NO clickjacking defense in place.As for the CSP (Content security policy) and GTM, please check the article below for more assistance with the setup:
https://developers.google.com/tag-platform/tag-manager/web/cspI hope this helps!
Thanks!
- The topic ‘W3TC Minify Issues & Settings’ is closed to new replies.
