XF 2.0 Defer parsing of JavaScript Xenforo 2.0


Active member
Hello i just tested my site speed i got some error any idea how to solve them . i am unable to understand how to solve that

Defer parsing of JavaScript

JavaScript can significantly slow down a page display, especially if it is necessary to download an external script.
Defer the use of JavaScript as much as possible to provide a faster start for the page display.
How can I fix this?
First of all, distinguish what portions of your JS is critical and must be loaded as soon as possible, and put them in a specific external file. Keep this file as streamlined as possible, and defer the parsing or execution of all other JS files (learn more).
Use one of the methods below to defer parsing for external JavaScript files:
  • use the async attribute;
  • use the defer attribute;
  • append the script to the DOM in JavaScript during the onload event;
  • make sure your scripts are placed at the bottom of the page (ideally at the end of the body).

You should reduce the number of DOM elements

The number of DOM elements influences the complexity of the webpage and DOM access in JavaScript.
A well-designed webpage can offer rich content while maintaining a reasonable number of DOM elements. Read more about this here.
We recommend creating pages that contain less than 1000 DOM elements.
This page contains too many DOM elements (1642 elements).

The Content Security Policy is missing

Protect you website from cross-site scripting (XSS) attacks by setting up a restrictive Content-Security-Policy.
XSS attacks explained
XSS attacks are a type of attack in which malicious data is maliciously added to websites. The number of vulnerabilities allowing these attacks is quite large, which is why it is as useful to prevent them as to limit their harmful effects.
You can protect your pages against these attacks and their effects by restricting execution to code portions either legitimized by the domain to which they belong or by a unique integrity token. The code that does not corresponding to this security policy will not be executed and the user will be informed.
You can learn more about XSS attacks on the Open Web Application Security Project (OWASP) Website.
Configure a "Content-Security-Policy" (CSP) HTTP header
Set up a "Content-Security-Policy" (CSP) HTTP header to prevent or limit damage caused by an XSS attack. To specify a security policy configure your server so the response of the first resource contains the "Content-Security-Policy" HTTP header.
Here's an example:
Content-Security-Policy: script-src 'self' https://apis.google.com
In this case, only scripts coming from the current host or https://apis.google.com will be executed.

Each form must define a submit button

HTML forms are used to send data. For accessibility purposes (eg using a screen reader), all your forms must include a submit button.
How to specify a submit button?
You can send the form data using two kind of elements:
  • button
  • input, with the type attribute using one of these values: submit, image or button
The following forms should define a button:
  • <form style="display:none" hidden="hidden">