Glossary
Plain-language definitions of web performance, accessibility, SEO, and security terms used across BeaverCheck audits.
Accessibility
- Alt Text
- The `alt` attribute on `<img>` describing the image's content or function; required by WCAG for every meaningful image.
- ARIA
- Accessible Rich Internet Applications -- a W3C spec providing roles, states, and properties to communicate semantics to assistive technology.
- ARIA Landmarks
- Semantic regions of a page (`<main>`, `<nav>`, `<aside>`, `<header>`, `<footer>`) that screen readers expose as a navigable list.
- Contrast Ratio
- The luminance ratio between text and its background; WCAG AA requires 4.5:1 for body text, 3:1 for large text and UI components.
- Focus Management
- Ensuring keyboard + assistive-tech users can see and follow which element currently has focus, and that focus moves predictably as the UI changes.
- Keyboard Navigation
- Operating a website using only the keyboard (Tab, Shift+Tab, Enter, Space, arrow keys) -- required by WCAG 2.1.1 for every interactive element.
- Screen Reader
- Assistive software that converts on-screen content (text, images via alt text, structure via semantic HTML) into synthesised speech or refreshable Braille.
- Semantic HTML
- Using HTML elements according to their intended meaning (`<button>` for buttons, `<nav>` for navigation) rather than generic `<div>` and `<span>`.
- Skip Links
- Hidden anchor links at the top of a page (revealed on focus) that let keyboard users jump past repeating navigation directly to the main content.
- Web Content Accessibility Guidelines
- The W3C standard defining how to make web content accessible to people with disabilities -- WCAG 2.2 is the current version.
Performance
- Core Web Vitals
- Google's three user-experience metrics (LCP, INP, CLS) that are confirmed Google Search ranking signals.
- Critical Rendering Path
- The sequence of steps the browser takes from receiving HTML to painting pixels: parse HTML -> build DOM -> build CSSOM -> apply styles -> layout -> paint -> composite.
- Cumulative Layout Shift
- A Core Web Vital measuring how much visible page content shifts unexpectedly during loading.
- First Contentful Paint
- The time from when the page starts loading to when any text, image, or non-blank canvas first renders.
- First Input Delay
- A retired Core Web Vital that measured the delay before the first user interaction was processed; replaced by INP in March 2024.
- Interaction to Next Paint
- A Core Web Vital measuring the latency from a user interaction to the next visible frame -- replaced FID in March 2024.
- Largest Contentful Paint
- The time it takes for the largest visible element above the fold to appear on screen, used by Google as a Core Web Vital.
- Render-Blocking Resources
- Scripts and stylesheets the browser must download + parse before it can paint the first frame -- the dominant cause of poor FCP.
- Speed Index
- A Lighthouse lab metric measuring how quickly the contents of a page are visibly populated.
- Time to First Byte
- The time from a navigation request to the first byte of the response arriving from the server.
- Time to Interactive
- A Lighthouse lab metric for when the page becomes fully interactive -- main thread idle for 5+ seconds.
- Total Blocking Time
- A Lighthouse lab metric summing the time the main thread was blocked by long tasks between FCP and TTI.
Security
- Content Security Policy
- An HTTP response header (`Content-Security-Policy`) declaring which script, style, image, and other resource origins the browser is allowed to load -- the primary defence against XSS.
- CORS
- Cross-Origin Resource Sharing -- a browser security mechanism using HTTP headers (Access-Control-Allow-Origin, etc.) to control which origins may read responses from a different origin.
- HSTS
- HTTP Strict Transport Security -- a response header instructing browsers to use HTTPS for the domain for a fixed duration, preventing protocol downgrade.
- HTTPS
- HTTP over TLS -- the encrypted version of HTTP that protects request and response data from network observers and tampering.
- Mixed Content
- An HTTPS page loading a sub-resource (script, stylesheet, image, iframe) over HTTP -- a security issue browsers either warn on or block.
- Referrer-Policy
- An HTTP response header (`Referrer-Policy: strict-origin-when-cross-origin`) controlling how much URL information the browser sends in the `Referer` header on outbound navigations.
- Subresource Integrity
- An attribute (`integrity="sha384-..." crossorigin="anonymous"`) on `<script>` and `<link>` tags letting browsers verify that a third-party CDN-served asset hasn't been tampered with.
- X-Frame-Options
- An HTTP response header (`X-Frame-Options: DENY` or `SAMEORIGIN`) telling browsers whether the page is allowed to be embedded in an `<iframe>`. Primary defense against clickjacking.
SEO
- 301 Redirect
- An HTTP `301 Moved Permanently` response telling browsers and search engines that a URL has permanently moved to a new location.
- Canonical URL
- The preferred URL of a page when duplicate or near-duplicate content exists, declared via `<link rel="canonical" href="...">`.
- hreflang
- An HTML attribute (`<link rel="alternate" hreflang="en-US" href="...">`) telling search engines which language and region each version of a page targets.
- Meta Description
- An HTML meta tag providing a brief summary of a page's content, often used by search engines as the SERP snippet.
- Mobile-First Indexing
- Google's policy of using the mobile version of a page as the primary version for indexing + ranking; in effect for nearly all sites since 2023.
- Open Graph
- A protocol (originally from Facebook) for declaring how a URL should appear when shared on social platforms, via `<meta property="og:...">` tags.
- robots.txt
- A plain-text file at the site root telling crawlers which paths they may or may not request, following the Robots Exclusion Protocol.
- Sitemap
- An XML file (typically `/sitemap.xml`) listing every indexable URL on a site, used by search engines to discover content.
- Structured Data
- Machine-readable metadata in JSON-LD, microdata, or RDFa that helps search engines understand a page's content -- typically using the schema.org vocabulary.
Web technology
- CDN
- Content Delivery Network -- a distributed network of edge servers that cache and serve content from a location physically close to the requesting user.
- DNS
- Domain Name System -- the distributed directory translating human-readable hostnames (example.com) into IP addresses (93.184.216.34).
- HTTP/2
- The 2015 update to HTTP that introduced binary framing, multiplexing, header compression, and server push -- delivering multiple resources over a single TCP connection.
- Lazy Loading
- Deferring the load of below-the-fold images and iframes until the user scrolls them near the viewport, via `loading="lazy"` on `<img>` and `<iframe>`.
- TLS
- Transport Layer Security -- the cryptographic protocol that secures HTTPS, encrypting traffic between client and server and authenticating the server's identity.
- WebP
- A modern raster image format developed by Google offering ~25-35% smaller file sizes than JPEG / PNG at equivalent visual quality.