I did a little audit on the website www.steemit.com . On the whole, the servers are well configured. The red grade F indicates that the performance needs improvement to deliver the first byte faster. This should be done within 200 ms. In many cases, this is unrealistic and difficult to implement. However, the rendering process must start within 2.5 seconds from every location word wide. Website performance is a top ranking factor.

In terms of security, something could be improved too.

---

No malware was found. (That´s good)

---

JavaScript Libraries with vulnerabilities
✓ No vulnerable versions of JavaScript libraries detected.

Security headers
HTTP security headers enable better browser security policies.

Successfully detected the following security headers:
• ✓ strict-transport-security
• ✓ content-security-policy
Great job! no known versions of vulnerable JavaScript libraries were detected.

❌ The following security headers are missing from the website:
low severity
X Content Type Options
The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions.
X Content Type Options documentation

medium severity
X Frame Options
Clickjacking protection: deny - no rendering within a frame, sameorigin - no rendering if origin mismatch, allow-from - allow from specified location, allowall - non-standard, allow from any location.

Performance
Images generate the most traffic on the Steem frontends: Starting here makes the most sense.
For better performance on steemit it would bring the most to use Progressive JPEGs as standard image format.

There are two different kinds of JPEG images: progressive JPEGs and non-progressive JPEGs. These categories have nothing to do with the JPEGs political beliefs. They’re all about the order in which they’ve been encoded.
Non-progressive JPEGs are encoded (and thus also decoded) in a very simple order: from top to bottom (and left to right). This means that when a non-progressive JPEG is loading on a slow connection, you first get to see the top part of the image. More and more of the image is revealed as loading progresses.
Progressive JPEGs are encoded in a different way. When you see a progressive JPEG loading, you’ll see a blurry version of the full image, which gradually gets sharper as the bytes arrive.

Source: keycdn.com

A Great tip by Andrew Walker
Use ImageMagick to create optimised and progressive JPGs.
Use the following command to optimise a JPG and make it progressive:

convert -strip -interlace Plane -quality 80 input-file.jpg output-file.jpg

Batch all the images in a folder like this:

for i in source/images/backgrounds/*.jpg; do convert -strip -interlace Plane -quality 80 $i $i; done

With Carrierwave and MiniMagick you can create an optimise function like this:

def optimize
  manipulate! do |img|
      return img unless img.mime_type.match /image\/jpeg/
      img.strip
      img.combine_options do |c|
          c.quality "80"
          c.depth "8"
          c.interlace "plane"
      end
      img
  end
end

And use it in your uploader like this:

version :large do
  process :optimize
end

With the mass of images used here in the steem blockchain, a lot of savings potential can be achieved and thus server resources can be saved by using only progressiv Jpegs.

Ave Atque Vale!