https://www.eknix.com/tags/performance/Recent content in Performance on Eknix — Web security & performance for the enterpriseHugoen-us© {year} EKNIX LTD. All rights reserved.Tue, 10 Feb 2026 00:00:00 +0000https://www.eknix.com/blog/cdn-math-ecommerce/Tue, 10 Feb 2026 00:00:00 +0000https://www.eknix.com/blog/cdn-math-ecommerce/<p>When we audit a <a href="https://www.eknix.com/solutions/performance-cdn/">CDN deployment</a> for an e-commerce client, we don&rsquo;t start with the dashboard the vendor provides. We start with four numbers. If these four numbers aren&rsquo;t being tracked, optimized, and reported every month, the deployment is almost certainly underperforming.</p> <h2 id="1-cache-hit-ratio-by-content-type">1. Cache hit ratio (by content type)</h2> <p>The aggregate cache hit ratio is mostly useless — it&rsquo;s dominated by static assets that would cache anywhere. What matters is the cache hit ratio broken down by content type:</p>https://www.eknix.com/blog/cdn-node-mapping/Mon, 10 Nov 2025 00:00:00 +0000https://www.eknix.com/blog/cdn-node-mapping/<p>There&rsquo;s an interview question that used to be a rite of passage in backend engineering: &ldquo;Walk me through everything that happens when a user types a URL and hits enter.&rdquo; Most answers got stuck on DNS and TLS. The part most people glossed over — how the request actually lands on the <em>right</em> CDN node out of thousands distributed globally — is where the interesting engineering lives.</p> <p>Get the mapping wrong and your users in Singapore are hitting a PoP in Frankfurt. The latency shows up in your P75 TTFB, in your bounce rate, and eventually in your revenue numbers.</p>https://www.eknix.com/blog/recaptcha-ddos-cost/Wed, 14 May 2025 00:00:00 +0000https://www.eknix.com/blog/recaptcha-ddos-cost/<p>There&rsquo;s a category of question that gets asked quietly in Slack channels and in private post-incident reviews: &ldquo;could we just use reCAPTCHA to handle this?&rdquo; It&rsquo;s not an unreasonable instinct. Google reCAPTCHA is already deployed on most sites, it can challenge suspicious traffic, and it costs nothing for the first ten thousand requests. As a lightweight speed bump, it has its place.</p> <p>But &ldquo;speed bump against DDoS traffic&rdquo; and &ldquo;speed bump against spam submissions&rdquo; are very different things — and running reCAPTCHA into a volumetric attack has a financial profile that most teams haven&rsquo;t priced out before they need to.</p>https://www.eknix.com/blog/akamai-mpulse-real-user-monitoring/Thu, 10 Apr 2025 00:00:00 +0000https://www.eknix.com/blog/akamai-mpulse-real-user-monitoring/<p>Most engineering teams I talk to have Google Analytics. A lot of them assume that means they understand how their site is performing. It doesn&rsquo;t.</p> <p>Google Analytics is an excellent tool for answering one set of questions: where do users come from, where do they go, what do they convert on, where do they drop off? It&rsquo;s a behavioural map. It tells you the path. What it doesn&rsquo;t tell you is what the path <em>felt like</em> — how long it took, how it degraded under load, which users are bouncing not because the content is wrong but because the page took five seconds to load on a 4G connection in Germany.</p>https://www.eknix.com/blog/holiday-peak-readiness/Tue, 03 Dec 2024 00:00:00 +0000https://www.eknix.com/blog/holiday-peak-readiness/<p>11.11 just happened. Black Friday is right behind it. Then Christmas, then New Year&rsquo;s. If your platform survived Singles Day with headroom to spare, you might be tempted to relax. Don&rsquo;t. Each of these events amplifies the same underlying gaps — and the ones that don&rsquo;t show up under moderate traffic tend to surface spectacularly under peak load.</p> <p>The preparation conversation usually focuses on infrastructure scaling: more instances, higher database connection limits, load balancer tuning. That&rsquo;s necessary but not sufficient. Two factors that consistently determine whether a platform has a good or bad holiday season sit outside the application layer entirely: security posture and edge performance.</p>