Cloudflare, eager to speed up the loading of formatted text in browsers, has challenged Google with a new ROFL web font delivery service.
The company, which specializes in content delivery networks and more, has two problems with Google Fonts.
According to Cloudflare, Google Fonts uses a cascading style sheet (CSS) located at fonts.googleapis.com, but stores the font files at fonts.gstatic.com. "This separation results in a minimum of four round trips to third-party servers for each resource request" wrote Mat Bullock, product manager at Cloudflare, and William Woodhead, manager of software engineering.
The original post can be found here: Cloudflare Fonts: enhancing website font privacy and speed
These trips include the DNS lookup, socket connection establishment, TLS negotiation (for HTTPS), and the last trip to actually request the resource. As a result, getting a font from Google's servers to your browser requires eight round trips.
All this back and forth translates to a 150ms increase in page load time for a WordPress site, they wrote.
Their second problem is privacy. While the post acknowledges that Google does not collect information about the use of fonts for advertising or to set cookies, the two authors note that font collection interactions with Google could potentially collect IP addresses, user agents, referring page details and measure the frequency with which each IP makes requests to Google.
"Any time you can avoid sharing an end user's personal data unnecessarily is a win for privacy" they wrote.
Not surprisingly, Cloudflare has addressed these issues.
The company solved the chattiness problem with an approach that allows it to transmit fonts over the same HTTP/2 or HTTP/3 connection used to serve other page resources. It also eliminated the CSS prompt.
"To achieve both redirection of font requests and removal of the CSS requirement, we rewrite the HTML as it passes through Cloudflare's global network. The CSS response is embedded and font URL transformations are performed within the embedded CSS” explains the post.
This approach is made possible by a technology called “ROFL” – Response Overseer for FL.
FL stands for Front Line – part of a framework called Cf-html that Cloudflare uses to parse HTML. As detailed in a February 2023 post, Cf-html had security challenges that led Cloudflare to rework it, using Rust.
In the latest post, Bullock and Woodhead state: “ROFL pioneered the development of Cloudflare Fonts.”
The new service will be available online in October. Unfortunately, Cloudflare's post doesn't specify a date, nor does it mention the cost.