With all the brilliant tools (Google Page Speed, YSlow, etc.) out there, web professionals can now easily see a few basic things to improve page speed performance. One suggestion is to send static content from a cookieless domain. On most sites I’ve worked with, we serve static content from a media subdomain and then the real content from the main domain (without www). I know with cookies, if the domain is .indirecthit.com it would send that cookie to any subdomain on indirecthit.com, therefore the media subdomain would have a cookie. An easy change: remove the . from the cookie domain. But when I looked at the PHP manual for setcookie, I came across the following statement:
The . is not required but makes it compatible with more browsers.
That doesn’t sound very good, I want it to be compatible with all browsers…
I couldn’t find much on it, from what I did find I believe the reason it doesn’t work with all browsers is for security. If I had the domain er.com, and I set a cookie to the domain er.com (notice the missing .), the browser could match this with older.com or lesser.com. If the website at er.com set the cookie to er.com (without the first .), the web server on older.com or lesser.com can access this cookie…not good. Therefore, even if I remove the . from the domain, it still would match media.indirecthit.com and that domain wouldn’t be cookieless.Doesn’t solve my problem and isn’t compatible with most browsers.
The solution, is to split out your media server on a different domain such as indirecthitmedia.com. This is why when you visit some Google properties it loads media content from gstatic.com not media.google.com or google.com. And obviously you don’t set any cookies to this new media domain. You will now score a bit higher on Google Page Speed and YSlow. Congrats!