Practising what we preach · this site’s own posture

The site’s own observability.

A site that writes about platform engineering should be willing to show its own posture — including the trade-offs it makes and the things outside its control. Below: performance, asset weight, accessibility, hosting choices and the honest limits of GitHub Pages as a stack.

Page weight · home
~32 KB

HTML for the home page, served over HTTP/2 from GitHub Pages edge via Fastly. About 1/10th of a typical marketing site.

CSS payload
~35 KB

Three stylesheets (site / enhance / per-page). No framework, no preprocessor output, no Tailwind, no Bootstrap.

JS payload
~14 KB

site.js + enhance.js, both deferred. No framework runtime. ⌘K palette and reveal animations are vanilla.

Edge cache
10 min

Cache-Control max-age=600 + Fastly CDN. Home page typically served from Melbourne edge (cache-mel11231-MEL).

Measured live via curl -sI https://hellouchit.com/ · numbers refresh whenever the deploy cycles.

Live third-party scanners.

Trust an independent scanner over my published number. Each link runs a real scan against this site and renders a fresh score:

Performance
PageSpeed

Google PageSpeed Insights / Lighthouse against the live URL. Targets >90 mobile, >95 desktop.

Run live scan →
Core Web Vitals
CrUX

Real-user data from Chrome User Experience Report (28-day rolling). LCP / INP / CLS.

View report →
Accessibility
WAVE

WebAIM WAVE accessibility evaluation. Checks colour contrast, ARIA roles, landmark structure.

Run scan →

Stack choices — what runs and what doesn’t.

HostingGitHub Pages, served by Fastly
$0/mo
CI / deployGitHub Actions auto-deploy on push to main
~30s
CDNFastly edge — typically Melbourne (cache-mel11231-MEL)
edge-cached
DNSCustom domain hellouchit.com via CNAME
live
TLS / HTTPSHTTPS enforced; HSTS-eligible
HTTP/2, TLS 1.3
FrameworkNone. Static HTML + 3 CSS files + 2 JS files.
vanilla
Build toolingNone. Pages serve as-is.
zero-build
AnalyticsNone on the site. RUM via Cloudflare Browser Insights (optional).
privacy-first
CookiesZero set by this site.
0
Third-party JSNone loaded by default. Calendly loaded on click only.
deferred
Data collected from visitorsDiagnostics + calculators run in-browser; nothing posted.
none

What is outside our control on GitHub Pages.

Being honest about this matters more than vanity badges. Hosting on GitHub Pages is a trade-off: $0 cost, simple ops, GitHub-as-CI, nothing to patch — in exchange for limited HTTP-header customisation.

  • Content Security Policy (CSP). Cannot set strict CSP via Pages. The vercel.json file in this repo carries the policy that would apply if redeployed to Vercel. Today, on Pages, no CSP header is sent.
  • HSTS preload. Pages enforces HTTPS but does not advertise HSTS with preload. To preload, the site would need to be deployed behind a CDN we control (Cloudflare, Vercel, Netlify) with the header set.
  • Strict X-Frame-Options / X-Content-Type-Options / Permissions-Policy. Same constraint — not set at Pages edge.
  • Server-side request handling. Pages is static-only. Any future form-handling, auth or API needs an off-platform endpoint.

The trade-off is deliberate. Practitioner-brand sites at this stage benefit more from radical simplicity than from header maximalism. If/when this site needs server-side logic or strict CSP enforcement, it moves to Cloudflare Pages or Vercel and the headers in vercel.json become live.

What gets measured here over time.

  • Page weight + LCP for the home page — regression alarm if either drift past target.
  • Deploy frequency + build duration — the boring DORA metrics applied to a personal site.
  • Broken-link count — weekly check against internal and external links from essays + diagnostics.
  • Lighthouse + WAVE quarterly — with the deltas published here.

This page itself is an instance of the principle in The encoded enterprise architect — if you can’t measure it and publish it, you don’t enforce it.

Companion.

The security posture lives at /security. The two pages together are the “practising what we preach” surface.

Also on this site