In real-world synthetic testing, Instart’s customers find that there is no significant change in page load time or other key performance metrics seen when implementing WSP. A brief explanation of service functionality and a few examples are included here, though we expect that customers may still want to perform quantitative testing of their own in a trial or production setting. Instart is happy to work with customers to collect these measurements as required.
How Web Skimming Protection works – high-level flow
- On sites using WSP, the Nanovisor is injected into a page as the first script, in the HEAD section of the HTML. This can be done manually by an Instart customer or automatically if the site is delivered via Instart’s network.
- By loading first, the Nanovisor establishes visibility and control over the DOM as it is constructed. WSP security logic configured through Instart’s portal is enforced as other scripts (after the Nanovisor) become active and begin to interact with the browser’s APIs.
- When a script attempts to read or write to protected form field selectors or to protected cookies, the Nanovisor logs these events and, if configured to do so, blocks access.
- Data are beaconed back to Instart after the OnLoad event to avoid introducing any penalty to page load times.
WSP performance optimization
- Small size. The Nanovisor itself is a tiny file – approximately 20kB or less. In terms of file size, it’s one of the smallest components loaded onto many web pages. The small size ensures that the Nanovisor is downloaded quickly and begins to work immediately.
- High-performance delivery infrastructure. The Nanovisor is delivered to browsers from Instart’s globally-distributed content delivery network.
- Built for performance and proven over time. Instart and the Nanovisor’s roots are in web performance. In fact, the Nanovisor is a key portion of best-in-class performance optimizations enjoyed by Instart’s CDN customers. It’s been powering faster page loads and security logic for over 8 years. As a backbone technology for site speed optimization, Instart continually optimizes Nanovisor functionality for both performance and security uses.
Below are example results from Catchpoint testing with current Instart WSP customers. The Catchpoint test agents in this case are on broadband connections and measuring over the public Internet.
Note that since the majority of web pages are multiple MB in size, the Nanovisor is much less than 1% of overall payload to the browser.
Example 1. An existing Instart customer “waterfall” performance graph from Catchpoint test. The Nanovisor is object #2 and loads with other page content quickly – it does not block other objects or slow page rendering.
Example 2. An existing Instart customer “waterfall” performance graph from Catchpoint test. This base HTML page is not served by Instart. The Nanovisor is again object/request #2 and shows a quick load time of a few tens of milliseconds.
Example 3. Metrics collected by the Nanovisor are beaconed back to Instart after the Document Complete (vertical green line) event, ensuring that there is no impact to the user experience.