Performance

Enforce Web Performance Standards at Scale

Document Policy lets you set performance budgets for images, scripts, and resources. Monitor violations to catch performance regressions, govern third-party behavior, and prove compliance with your standards.

Start Free Trial Read Documentation

The Problem

Performance Debt Accumulates Silently

Every millisecond matters. A 1-second delay drops mobile conversions by 20%. Sites loading in 1 second convert 3x better than those loading in 5 seconds. Yet performance regressions slip in constantly — an uncompressed hero image here, a synchronous script there.

The culprits are everywhere: a marketing team uploads a 5MB banner image. A third-party widget loads blocking scripts. An analytics provider adds synchronous XHR calls. Your carefully optimized site gets slower with every deployment, and 79% of dissatisfied shoppers won't come back.

The problem is visibility. There's no alert when an oversized image ships to production. No log when a third-party script blocks rendering. By the time you notice the performance regression — through slower Core Web Vitals or customer complaints — the damage is done.

Manual audits don't scale. You can't review every image, every script, every resource across every page. Performance standards exist in documentation but not in enforcement.

The Solution

Document Policy: Performance Standards the Browser Enforces

Document Policy is a W3C standard that lets you declare performance constraints as HTTP headers. Define maximum image sizes, block synchronous scripts, require media dimensions — and browsers enforce your rules automatically.

Control 10 performance behaviors: block document.write() and synchronous XHR, enforce image compression ratios with oversized-images, require dimensions on media elements with unsized-media, restrict animations to GPU-friendly properties, and more. Each policy is parametrized — set oversized-images=2.0 to allow images up to 2x their container size.

Browser support is 77.33% globally (Chrome 85+, Edge 85+). Configuration is pure HTTP headers — no JavaScript SDK, no build process changes. Add a Document-Policy header and browsers start enforcing your performance budget immediately.

Use Document-Policy-Report-Only to test policies without blocking resources. See what would fail before enabling enforcement.

The Challenge

But Policy Violations Happen Silently

Here's the gap: when a resource violates your Document Policy, the browser blocks it silently. An oversized image gets replaced with a placeholder. A synchronous script fails. And you never know it happened.

This creates an operational blind spot. You've deployed performance standards, but you have no visibility into what's being blocked. Is your policy working? Is it too strict? Are critical resources failing because of thresholds you set months ago?

Worse, you can't identify which teams or vendors are causing violations. Is the marketing CMS uploading oversized images? Is a new third-party script using deprecated synchronous APIs? Without violation reports, you can't enforce accountability or make informed decisions about your performance budget.

Building your own reporting infrastructure means maintaining endpoints, parsing JSON, storing reports, and building dashboards. That's undifferentiated work that doesn't ship features.

The Answer

The Reporting API Creates Performance Visibility

We collect Document Policy violations and route them to your existing observability tools.

Performance Visibility: See every policy violation with resource URL, policy breached, and source details. Know exactly which images are too large, which scripts are blocking, and which resources violate your performance budget.
Proactive Optimization: Catch performance regressions before users notice. Identify bloated images in staging, oversized resources in CI/CD, and policy violations in production — all before they impact Core Web Vitals.
Third-Party Accountability: Track which vendor scripts violate your performance standards. See which third-party resources trigger sync-script or document-write violations. Make data-driven decisions about integrations.
Route to Your Stack: Send Document Policy violations to AppSignal, webhooks, or Google Chat. Integrate with your existing performance monitoring and alerting tools. Act on violations where you already manage incidents.

Ready to Enforce Performance Standards?

Monitor Document Policy violations. Catch performance regressions before they impact users.

Start Free Trial View Documentation