2021 'Web Almanac' Research Finds Lots of CSS, JavaScript, jQuery - and Not Much WebAssembly

"HTTP Archive is a community-run project that has been tracking how the web is built since 2010," explains its web site. "Using WebPageTest and Lighthouse under the hood, metadata about nearly 8.2 million websites are tested monthly and included in a public BigQuery database for analysis."

And now 113 people "have volunteered countless hours in the planning, research, writing and production phases of the 2021 Web Almanac," processing 39.5 terabytes of data from 8.2 million web sites (using July's data set).

Berlin-based web developer Stefan Judis calls it "a comprehensive report on the state of the web, backed by real data and trusted web experts...comprised of 24 chapters spanning aspects of page content, user experience, publishing, and distribution." But he's also tweeting out what he sees as some of its most interesting statistics. — The median webpage loads 70kb CSS...and the "top scoring site loaded over 60mb of CSS...

- There's also a new high score for the number of loaded external stylesheets: 2368...!

- We all ship a lot of JavaScript. It's 420kb+ per page at the 50th percentile. This is transferred bytes, so the amount of JavaScript is way higher after decompressing...

- [From a graph of JavaScript library/framework adoption]: 84% use jQuery and 8% are built with React...

- There's almost no adoption of WebAssembly. ["We got 3854 confirmed WebAssembly requests on desktop and 3173 on mobile. Those Wasm modules are used across 2724 domains on desktop and 2300 domains on mobile, which represents 0.06% and 0.04% of all domains on desktop and mobile correspondingly."]

- 16% of sites don't ship a robots.txt...

- In 2021 641 million emails, 428 million passwords and 149 million phone numbers were involved in data breaches.
And apparently while just 7% of the top 1,000 sites use a content-management system, 42% of all sampled sites are using one. (And 33.6% of those appear to be using WordPress.)

Re:

[ShanghaiBill]

Looked at webassembly and it smelled like a one-trick-pony: Some webdev's idea of a "good idea" but not much actual use in practice.

It depends on what you are doing. For a flat 2D website, webassembly is mostly pointless.

For animated 3D or VR, webassembly with C++ or Rust using OpenGL is way easier and more performant than JS and WebGL.

Re:

[DamnOregonian]

Yup. Basically what you said. WebAssembly is not for building the js glue for a website.
However, if you need some very performant code written in a language better suited at tight processing kernels, WebAssembly is fucking awesome. I love it.

Re:So is webassembly

[Opportunist]

I see. So, considering how important 3D and VR are for webpages, most of these 0.06% of pages actually don't use it for anything sensible, I take it?

Re: So is webassembly

[TJHook3r]

VR will be the new tag. 3D will be the new 3D! People may find these sites impressive for 1 or 2 visits but then you'll have to upgrade it for the next novelty. What a waste of time.

Re:

[Jeremi]

Ah, the old argument-from-everybody-knows. My favorite!

Re:

[ArchieBunker]

I wish archive.org ignored robots.txt as there are a few websites that have gone offline for good along with their content.

I hope they know a good exorcist.

[Gravis Zero]

"top scoring site loaded over 60mb of CSS...

CSS is nice and all but if you are exceeding 100KB then you need to work on cutting it down. If you are exceeding 1MB then you have a serious problem you need to fix immediately. If you have over 10MB of CSS then someone should fire you immediately, delete everything you have worked on, incarcerate your office space and computer then call an exorcist to force the demon out of you.

Re:

[ewibble]

you can embed images in css, which is useful if you embed the css in the html, it can make one downloadable file, or including things like font awesome which is 70k for just the free icons.

Re:

[Z00L00K]

And font awesome isn't. Most of those fonts really sucks for me.

I can understand that using an icon or two in the CSS might be neat in some cases, but as I see it a lot of HTML and CSS is now generated by bloat-generators with no concern about the end user. It just "has to look good", not work.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[phantomfive]

Project managers are running software teams these days (especially at companies like Facebook and Google). They have milestones to make, and features to build. They are unable to see whether the software itself is good or not.

Some companies have team managers that don't code. At these companies, there is no one who is in charge who actually cares about the code quality. If a software developer actually does care, he is sometimes punished for it.

Few companies have programmers who understand how to keep code

Re:

[Z00L00K]

Until a major security breach happens and nobody knows how to fix it because that person either left, retired or passed away with no documentation or code quality measures taken. That can result in two alternatives - either the company straightens up their crap or they go the way of the dodo.

Re:

[phantomfive]

I'd like to agree with you but somehow Equifax survived their hack (their stock is higher than ever). We'll see if anything happens to SolarWinds, but I imagine they'll still be around because they have a good sales team.

Re:

[ShanghaiBill]

If you have over 10MB of CSS then someone should fire you immediately

No problem. You can get a new job with HealthCare.gov.

Nope. You need more than 100kb.

[aepervius]

Bootstrap 4 alone is 147K and that is using the minimified version. That said, yes if people go over 1Mb they are doing something fishy.

Re:

[AmiMoJo]

If your website consists of large amounts of CSS and JS then there is a good chance it's not accessible either. People with screen readers and high contrast/large font displays are probably going to struggle with it.

This explains everything

[quonset]

My electrical company has, for its logon page, over 20 scripts running. That is just to get into their site to pay my bill. For a logon page.

The vast majority of web pages are shit. From saying because your browser is more than five minutes old you can't access the page, to the overbearing use of scripts, to giant walls of text with no useful information of what a product or service does, to sites which are seemingly changed every other day, the modern web is a landmine-filled beach of crapulence.

Give me raw HTML any day over this shit. The only reason we have CSS and the like is for web "designers" to justify their existence.

Re:

[bubblyceiling]

If this is true

most web designers only know enough CSS to cut and paste unintelligible bullshit from their favorite poorly designed framework.

then how does this make any sense

Not only is HTML way better off with CSS than without

Are you trying to say that we need more "Web designers" who can only copy paste code?

PS: I have over 10 years of experience in Web and can code CSS from scratch, without frameworks

Re:

[Anonymous Coward]

If this is true
then how does this make any sense

Are you trying to say that we need more "Web designers" who can only copy paste code?

English motherfucker, do you speak it? Read the statements prior to posting. None of this is even remotely difficult to understand. There are two claims and both of them are cow manure.

The first is HTML is better than HTML + CSS which is pure BS. Everyone with half a clue knows this is completely bonkers.

The second claim: the only reason we have "CSS and the like" is for web "designers" to justify their existence. Is also BS for the simple reason many web designers don't even understand CSS so it can'

Re:

[nagora]

PS: I have over 10 years of experience in Web and can code CSS from scratch, without frameworks

Isn't that kind of the equivalent of "boasting" that you can write C++ code without intellisense?

What's your point? That developers shouldn't know how to code without constant help? Or that developers who rely on a frame work know their language better than ones who don't?

CSS today is largely generated by pre-processors, and they are generally shit at it, resulting in webpages that download more text than the Bible (sometimes multiple times the size of the Bible) to display a pretty simple page that could be laid out in a table with about 400 lines of CSS. Literally, a person could stand over you and d

Re:

[Junta]

Easy enough, a lot of web developers are not good at using the facilities they given. This does not mean those facilities are inherently bad.

For example, if you think their HTML+CSS is bad, you can only imagine how bad those developers would be with plain HTML. If you have any difficulty imagining it, you can probably find some examples of what Microsoft Frontpage would output back in the day to get a general idea.

The bad web developers are a separate concern from CSS/Javascript and those same developers wo

Re:

[bubblyceiling]

I feel the exact same way

We should have drawn the line at HTML & CSS.

Re:

[Travelsonic]

This idea that permeates some minds of "Just throw more hardware at it," or "we can get away with because we have many times more resources than we used to" IMO is a huge part of the problem, and bugs the crap outta me.

Re:

[Anonymous Coward]

When a site really drags, it's almost guaranteed to use jQuery.

Correlation does not necessarily imply causation.

jQuery is not going to cause a site to drag merely by existing within it.

Using jQuery improperly - or indeed any framework, library, or really whatever machinery - may do so.

We still have jQuery doing certain things in some of our older deployments. They do not drag. Ergo, jQuery also does not drag.

You should consider reexamining your preconceived notions.

Re:

[narcc]

jQuery encourages a style where you generate more event listeners than necessary. This is just one of many known problems with that absurdity.

I recommend you consider reexamining your preconceived notions about that abomination.

Re:

[nagora]

Give me raw HTML any day over this shit. The only reason we have CSS and the like is for web "designers" to justify their existence.

You should be careful what you wish for. I remember the web before CSS. We're a lot better off now than we were then.

I'm not completely sure I agree. HTML4 was the peak IMO. CSS hasn't really done much for me as a user beyond some useful @media stuff for printing.

Re:

[narcc]

The big advantage of CSS was it's ability to separate content from presentation. That dramatically reduced both the size and complexity of both.

Thanks to CSS, we no longer see deeply nested tables, endless font tags, 'spacer' images, and other bizarre things that used to be standard practice.

That modern approaches to development have bloated websites isn't the fault of that particular standard. If it can be blamed at all, it's that it's reduced complexity to the point that the absurdities of today can exi

Re:

[nagora]

But that doesn't stand up. I'm looking at pages with relatively simple content and layout - basically three columns and a headline - which are generated with tens of megabytes of markup. That's shit code, not some deep and inescapable complexity.

When your markup is less efficient than using English to describe the page, you have a problem with your markup language, not the content.

Re:

[narcc]

That's an artifact of the insanity of modern development, not the standards.

Try it yourself. Do a simple three column layout in htm4 and do the same using html5 and css. You'll find that the html5+css version is significantly smaller and less complex. At least, if you're not a complete moron. As an extra, make the css version responsive. That should be trivial. The same can't be said for the html4 version, where you'd need to introduce scripting.

When your markup is less efficient than using English to describe the page, you have a problem with your markup language

Exactly. This is why CSS is so helpful. It easily repla

Its high reliance on third parties

[Brain-Fu]

Most web development is done by grabbing scripts and components built by third parties, and slopping them all together on web pages. That's why the numbers get so huge. These components are designed to be generic so they always do more than what any individual needs them to do, and they all bring their own CSS and Javascript with very little re-use (since many of these were built by separate people, there is no reason why there would be much re-use). And that is without all the tracking and what-not that

Re:

[AmiMoJo]

My bank has a lot of heavy scripts running too. Some of them seem to be trying to foil keyloggers.

Fortunately if you just disable Javascript for their entire domain and block all third party stuff, the site works just fine.

Re:

[Tablizer]

It usually happens because some PHB wants a fancy feature. You may tell them, "The more JavaScript the more potential problems", but they either don't believe you, thinking you are trying to get out of work, or don't care about the long-term because they hope to get promoted.

web apps vs web pages

[phantomfive]

It's important to distinguish between web apps and web pages. If you're building photoshop in the web, you'll want a completely different toolset than if you're building an informational page. The later most likely needs zero Javascript.

So hard to read

[idontusenumbers]

This might be the first time the PDF is easier to read than the web version. Scrolling is messed up, theres no top-level nav (once you're in a section, it's difficult to navigate out of it), the graphs all lazy load and it takes forever... The UX section doesn't seem to mention these traps.

Paraphrasing that old saying

[fahrbot-bot]

There's also a new high score for the number of loaded external stylesheets: 2368...!

All style... sheets, no substance.

Just as well ...

[fahrbot-bot]

There's almost no adoption of WebAssembly.

I have WebAssembly disabled in Firefox anyway.

WebAssembly for what?

[Misagon]

The survey does not tell how many sites that used WebAssembly for malicious purposes, such as for mining cryptocurrency.
Two years ago, that was about half of all sites that used WASM, according to a survery.

Myself, I therefore have WebAssembly disabled in my web browsers.

However, I do think that WebAssembly could have a bright future on the server. And perhaps even on the desktop.

Re:

[Eravnrekaree]

They can just as easily use Javascript for malicious mining. Webassembly is for making things such as Mastodon for instance run and load faster. There are legitimate uses

Re:

[bubblyceiling]

Same. Have disabled a bunch of technologies on my browser - WebAssembly, WebGL, WebRTC, etc No need to open up more entry points. Sure, JS can also be exploited and used to mine bitcoin, but that is already a mature technology. Additionally, the speed of the JS rendering engine being quite slow, makes it pretty self-evident

Re:

[upuv]

Good riddance,

Web Assembly was a bad idea from the start. Having to maintain binary code on multiple architectures some that have not even been released yet for many years to come, also across multiple OS's. Web Assembly was never and will never be a player.

To top it off it's a security minefield of potentially nasty consequences. A security scenario so bad that almost all of my clients will disable it by default. To top it off it has fallen into the land of very poor support from browser vendors. So the

Re:

[Anonymous Coward]

For those that think there are legitimate uses [to webassembly]. I would direct those users over to Electron framework. Build a standalone multiple platform app that can be easily webhooked. Here you have much more control and still have all the power of the web.

Electron framework? The "giant pile of stupidly slow javascript" electron framework? That electron framework?

That doesn't seem a reasonable substitute. Neither for building standalone applications with nor for the idea that webassembly was supposed to embody. If electron is a viable substitute for webassembly, then that spells total and complete viability failure for webassembly.

Re:WebAssembly for what?

[phantomfive]

Having to maintain binary code on multiple architectures some that have not even been released yet for many years to come, also across multiple OS's.

This is literally no different than maintaining packed Javascript on multiple platforms. I don't think you know what WebAssembly is.

Re:WebAssembly for what?

[AReilly]

More curious than enthusiastic about WASM myself, as an engineer all opportunities for efficiency seem like good ideas. However since there doesn't seem to be any way to AOT-compile existing JavaScript applications into corresponding WASM ones, it's hardly surprising that uptake is slow.

Having said that, none of the complaints in the parent post appear to be based in reality:

"maintain binary code on multiple architecutres": nope. WASM is a cross-platform abstract bytecode, not vastly dissimilar from JVM bytecode, but lacking the underlying memory management, object model and access to any APIs (see above about hard-to-use). So no, you aren't maintaining binaries for multiple architectures, any more than you do that for JavaScript itself.

"nasty security consequences": no more so than JavaScript, and arguably less, given the aforementioned lack of access to any APIs. So probably more secure than JavaScript. Of course, it isn't JavaScript, so any "protection" based on content-scraping is probably toast, but since cryptographic permutation and obfuscation is also a thing, it's toast anyway.

"poor support from browser vendors": there are only a couple of javascript engines in the world (V8, SpiderMonkey and JavaScriptCore, now that Edge also uses V8). WASM uses the javascript compiler to do the final-step code generation and optimization, and none of those three are slacking off, and JavaScript isn't going away. Ergo, WASM is well supported (if not necessarily enthusiastically) by browser vendors.

The "not able to find experts" is very probably real though. Not necessarily a ding against WASM itself, more an observation of the state of the learning curve.

Re:WebAssembly for what?

[tlhIngan]

WebAssembly is really just a form of pre-parsed JavaScript, it runs within the permissions of Javascript.

The main purpose of it is to provide an alternative to plugins. Remember having to install plugins? You know, you probably had Flash at one point, then Silverlight, then Java and dozens more. The whole point is to avoid all that - the plugin is written in C or other language, then compiled down to WebAssembly.

Already it's how things like Unity (how it really all started) can now exist as a server side script without users having to actually install a plugin then revisit your site.

The Internet Archive uses WebAssembly to good effect - the emulators and such they use are common emulators compiled down using WebAssembly. The MS-DOS archive uses DOSBox ported to WebAssembly. There are even sites that let you play using MUNT, the MT-32 emulator, again compiled using WebAssembly.

As for Electron, that's a totally different thing. That lets you run node.js applications locally. Node.js is basically a a javascript development environment - it can be run server side for server side applications, or client side for client side applications. Basically it's just offering Javascript as another development language.

Re: WebAssembly for what?

[MobyDisk]

Web Assembly was a bad idea from the start. Having to maintain binary code on multiple architectures some that have not even been released yet for many years to come, also across multiple OS's.

That is not what we assembly is. It is platform neutral like JavaScript.

Needs more compiler support, better documentation

[Eravnrekaree]

Webassembly is a thing where ideally you would compile it before you upload it to the server. The tools to compile javascript etc into webassembly are not clear or easy to use at this point. Also for a while, the webassembly implementations seemed rather incomplete with basic features such as access to browser APIs seemingly unavailable or difficult to use with confusing as hell documentation.

Basically its a good idea since if you can precompile it will make the stuff run faster and allow for a range of oth

Re:

[acroyear]

Related to compiling, there's the matter of debugging. typescript and jsx to javascript (and even clean javascript to mangled) manages to keep the original code available to the debugging environment via the web console?

Does such a thing exist for webassembly? how would the browser know how to step through a method written in, say, rust or go if it was then compiled down to webassembly, even with webassembly's native support in the browser.

Re:

[RReverser]

> Does such a thing exist for webassembly? how would the browser know how to step through a method written in, say, rust or go if it was then compiled down to webassembly, even with webassembly's native support in the browser. It does, see https://developer.chrome.com/b... [chrome.com]. Basically same debugging as on other platforms (but perhaps even easier to set up, since DevTools are already there).

Re:

[godrik]

Came to say pretty much that.
We've tried to use webassembly and the support and toolchain are pretty bad at this point. It ma become very useful. But at this point, not where it needs to be to get good adoption.

Webassembly..

[BytePusher]

Yeah, the WebAssembly development environment/tooling are currently in sad shape and the people developing them are sensitive and pedantic. Make getting off the ground easy and adoption will grow.

quantity isn't quality

[Tom]

webasm is amazing for specific use cases. I wouldn't write a whole website in it - what for? I'm still more than happy it exists and hope we can keep it around.

You see, LOC or # of sites or other trivial metrics don't say so much. It's like the one time that IIS suddenly became "popular" by statistics because one web-hoster had switched a few ten-thousand single-page domains to it.

Webassembly is misnamed anyway

[Viol8]

Whatever its merits, calling it webASSEMBLY is little more than opportunist marketing (Assembly, must be really fast! etc) as its far closer to a C style language and bears zero resemblence to any assembler I've ever seen.

Did they find anything between the tags?

[Arnonyrnous Covvard]

The definitive work on the state of the web was created six years ago: https://idlewords.com/talks/website_obesity.htm [idlewords.com]

WASM is usually useless...

[Junta]

An interesting concept, but since they declared the WASM runtime to have pretty much no access to anything then it's utility is limited. You have to use Javascript to play intermediary between WASM code and anything else (network, DOM, storage, etc). You get to deal with Javascript+something else so it doesn't enable 'something else' to supersede Javascript. So you need to deal with more complexity and it has to be worth it, and relatively few in-browser applications have that strong a need for open-ended

Security risk; it's the new Java Applets

[Tablizer]

having Web Assembly enabled just makes you a target for pirate eCoin miners. Unless you really need speed, such as a video game, the risk ain't worth it. Might as well have it off by default and only activate it for gaming sites.

Give it 5 years

[cordovaCon83]

WebAssembly is practically in its infancy. On top of that, it is a solution looking for a problem. It's still a powerful solution though! Give it another 5 years and I bet we'll see some truly innovative, high-quality products being produced with WebAssembly. Just don't expect wide-spread adoption across most websites - most businesses are still happy to do customized WordPress. After all, it's easy on the budget and the client feels more comfortable retaining ownership