← Back to Blake's Learning Hub

Lesson 16: Web Standards, Tools & Libraries

W3C, DevTools, CSS tooling, frameworks, open-source, CMS, and version control for teams
April 2026 ~75 min Topics 5+6 of 6 Year 12 Module 2

0. Recall Quiz — Email & File Transfer Protocols ~8 min

SE-12-06 — Protocols

No notes. Two rounds — definitions first, then real scenarios. Answer each question before moving on.

Score
0 / 10
Answer all questions to see your result
Round 1 — What does each protocol do?
1. SMTP — what is its primary function?
2. POP3 — what happens to your emails after you download them?
3. IMAP — what is its key advantage over POP3?
4. FTP — why is plain FTP considered a security risk?
5. SFTP — how does it solve FTP's security problem?
Round 2 — Spot the protocol in the wild

Pick the correct protocol for each scenario.

6. You hit "Send" on a Gmail draft. Gmail's servers then forward it to the recipient's mail server at another company.
7. A developer SSHes into a web server and uses a command-line tool to upload updated HTML files. The transfer is fully encrypted.
8. You mark an email as read on your phone at 9am. When you open your laptop at 10am, it shows as read there too — without you doing anything.
9. An old desktop email client downloads all of Blake's emails to a local folder. He tries checking his email on his phone — the inbox is completely empty.
10. A legacy payroll system transfers a CSV file to a remote server every night at midnight. A network audit reveals the username and password are transmitted in plaintext.

Quick-reference memory hooks

  • SMTPSends Mail To People
  • POP3Pulls Off Permanently (downloads, deletes from server)
  • IMAPI access Mail from All Places (stays on server, syncs everywhere)
  • FTPFile Transfer (Plaintext) — avoid
  • SFTPSecure File Transfer via SSH — always use this instead

1. W3C — Who Makes the Rules of the Web? ~15 min

SE-12-06 — W3C Standards

You use HTML, CSS, and JavaScript every day for Volcanic Pantheon — but who decided what <h1> means, or how display: flex should behave? That's the job of the World Wide Web Consortium, or W3C.

The W3C is an international standards body founded by Tim Berners-Lee (who also invented the web). Its members — browser vendors, universities, companies — publish specifications that tell browsers exactly how to behave. Without W3C, Chrome and Firefox could implement things completely differently and the web would break.

The five working groups you need to know

1. Web Accessibility Initiative (WAI)

WAI produces the Web Content Accessibility Guidelines (WCAG) — a set of rules for making websites usable by people with disabilities: blindness, motor impairments, colour-blindness, deafness.

  • Screen readers (e.g. NVDA, VoiceOver) speak web content aloud — they rely on semantic HTML like <button>, <nav>, and alt attributes on images
  • WCAG levels: A (minimum), AA (standard for most sites), AAA (highest)
  • Key rules: sufficient colour contrast, keyboard navigability, descriptive link text, text alternatives for media
Volcanic Pantheon: Does your site have alt attributes on images? Can someone navigate it using only a keyboard (Tab, Enter)? These are WAI requirements. Most personal projects fail accessibility audits — but knowing the standard is what the exam asks.

2. Internationalisation (i18n)

i18n (shorthand: 18 letters between 'i' and 'n') is about making websites work for any language, locale, or culture.

  • Unicode / UTF-8: the character encoding that lets you display Japanese, Arabic, and emoji alongside English in the same page
  • Right-to-left (RTL) text: Arabic and Hebrew read right-to-left — CSS has direction: rtl for this
  • Locale-aware formatting: dates (DD/MM/YY vs MM/DD/YY), currencies ($1,200 vs €1.200,00), number separators
  • The lang attribute on <html> tells screen readers what language to pronounce

3. Web Security

W3C defines security-related browser behaviours — not just best practices, but standards that browsers must enforce:

  • Content Security Policy (CSP): HTTP header that tells the browser which sources of scripts are allowed — blocks injected scripts even if an XSS attack succeeds
  • CORS (Cross-Origin Resource Sharing): controls which domains can call your API from JavaScript in a browser — stops malicious sites from impersonating your users
  • SameSite cookies: cookie attribute that prevents them being sent on cross-site requests — directly mitigates CSRF (which Blake covered in Lesson 9)

4. Privacy

W3C's Privacy Interest Group (PING) reviews new web features for privacy implications:

  • Third-party cookie phase-out — browsers are deprecating cross-site tracking cookies
  • Fingerprinting resistance — APIs that leak device info are restricted
  • Permission model — browser prompts for location, camera, mic before sites can access them

5. Machine-Readable Data

How does Google know your website is a recipe, an event, or a product listing — and show a rich result in search?

  • schema.org: a vocabulary of types (Person, Event, Product, Recipe) that you embed in your HTML
  • JSON-LD: the recommended way to embed schema.org data — a <script type="application/ld+json"> block in your <head>
  • Google's crawler reads this and can display star ratings, event dates, or breadcrumbs directly in search results
Volcanic Pantheon: If you added a JSON-LD block marking your site as a "CreativeWork" or "WebSite" with your name as author, Google could show it as a rich result. It's just a few lines in the <head>.

Quick check — W3C working groups

Match each scenario to its W3C working group (WAI, i18n, Security, Privacy, Machine-readable):

  1. A blind user's screen reader can't understand your navigation because you used <div onclick> instead of <button>.
  2. Your shopping site shows all prices in USD even to visitors in Japan.
  3. A malicious ad on another site is making requests to your API pretending to be logged-in users.
  4. Google shows your site in search results without any summary, event date, or rich snippet.
  5. An analytics company is tracking users across every website they visit using third-party cookies.
Reveal answers
  1. WAI — semantic HTML is an accessibility requirement
  2. i18n — locale-aware formatting
  3. Security (CORS) — cross-origin request policy
  4. Machine-readable data — add schema.org JSON-LD
  5. Privacy — third-party cookie tracking

2. Browser Developer Tools ~10 min

SE-12-06 — Browser Developer Tools

You've used DevTools to inspect elements and debug JavaScript. But do you know every tab and what it's for? This is a named NESA dot point — you're expected to describe what DevTools does and why developers use it.

Open DevTools: F12 (Windows/Linux) or Cmd+Option+I (Mac). Here's every panel you need to know:

Tab What it shows When you use it
Elements The live DOM tree and CSS rules. Click any element to see its styles, margins, and box model. Debugging layout, tweaking CSS live before committing it to code
Console JavaScript errors, warnings, and console.log() output. Run JS interactively. Debugging JS, reading error messages, testing expressions
Network Every HTTP request made by the page — URL, method, status code, headers, size, timing. Filter by type (Fetch, JS, CSS, images). Checking API calls, seeing request/response headers, diagnosing slow loads
Application localStorage, sessionStorage, cookies, IndexedDB, cache storage, service workers, manifest.json Inspecting stored data, clearing auth tokens, checking PWA setup
Performance Timeline of rendering, scripting, and painting — shows where frames are slow Diagnosing jank (choppy animations), finding expensive operations
Lighthouse Automated audit for performance, accessibility, SEO, and PWA criteria — gives scores 0–100 Checking if a site meets WAI/accessibility standards, measuring load speed

The Network tab is your protocol window

Everything you've learned about HTTP requests, headers, status codes, DNS, and TLS — it's all visible in the Network tab. You can see the exact URL requested, the HTTP method, the response status, all request and response headers, and how long each step took (DNS lookup, TCP connection, TLS handshake, server response, download).

Open the Network tab on any website and click a request. The Headers sub-tab shows raw HTTP. The Timing sub-tab breaks down exactly where time was spent.

Volcanic Pantheon: Open DevTools → Application → Local Storage on your site. You'll see the authenticated: "true" key that used to control access — the same one that could be set manually to bypass your login. That's the client-side auth vulnerability you fixed by moving to Vercel Edge Middleware.

Challenge — Which tab?

For each task, which DevTools tab would you open?

  1. You want to see the JWT token your login API returned.
  2. Your page has a button that does nothing when clicked — there's no error message.
  3. You want to check if your site's images are being lazy-loaded or all downloaded at once.
  4. A site's heading font looks different in your browser than in the design — you want to see what CSS is actually applied.
  5. You want to know if your site scores above 90 for accessibility.
Reveal answers
  1. Application (cookies or localStorage) or Network (response body of the login request)
  2. Console — check for uncaught JS errors
  3. Network — filter by Img, see if requests fire on page load or on scroll
  4. Elements — select the heading, inspect computed styles
  5. Lighthouse — run an accessibility audit

3. CSS — Consistency, Flexibility & Maintenance ~15 min

SE-12-06 — CSS Tools

The NESA syllabus calls out three specific CSS concerns: consistency of appearance, flexibility with browsers and devices, and maintenance tools. These aren't random — they reflect real problems that professional web developers solve every day.

Consistency — CSS Custom Properties (Variables)

Imagine your brand colour (#dd6b20) is used 47 times across your stylesheet. One day the designer says "change it to #e07a30". Do you find-replace 47 lines, or change one?

CSS custom properties (aka CSS variables) solve this. You define a value once and reference it everywhere:

/* Define in :root — available everywhere */
:root {
  --brand-color: #dd6b20;
  --font-heading: 'Inter', sans-serif;
  --spacing-md: 1.5rem;
}

/* Use anywhere */
h1 {
  color: var(--brand-color);
  font-family: var(--font-heading);
  margin-bottom: var(--spacing-md);
}

button {
  background: var(--brand-color); /* change once → updates everywhere */
}
Volcanic Pantheon: Your fire/dark theme relies on repeating the same colours across many elements. CSS variables would let you swap the entire theme in one line — handy if you want to add a light mode or tweak the palette.

Flexibility — Media Queries & Responsive Design

A website that looks great on a 27" monitor can be unreadable on a phone. Responsive design means the layout adapts to the screen size.

The tool is media queries — CSS rules that only apply at certain screen widths:

/* Default: mobile-first base styles */
.card-grid {
  display: grid;
  grid-template-columns: 1fr;  /* one column on mobile */
  gap: 1rem;
}

/* When screen is ≥ 768px (tablet and above) */
@media (min-width: 768px) {
  .card-grid {
    grid-template-columns: 1fr 1fr;  /* two columns */
  }
}

/* When screen is ≥ 1200px (desktop) */
@media (min-width: 1200px) {
  .card-grid {
    grid-template-columns: repeat(3, 1fr);  /* three columns */
  }
}

Other responsive units you should know:

  • % — relative to the parent element's width
  • em — relative to the current element's font size
  • rem — relative to the root (:root) font size — more predictable than em
  • vw / vh — percentage of the viewport width/height
  • clamp(min, ideal, max) — scales smoothly between a minimum and maximum value

Maintenance — SASS / SCSS

Plain CSS has no variables (before custom properties), no nesting, no loops, and no way to split a large stylesheet into smaller files. SASS (Syntactically Awesome Stylesheets) is a CSS preprocessor — you write SASS, it compiles to plain CSS that browsers understand.

Plain CSS
.nav { background: #1a202c; }
.nav a { color: white; }
.nav a:hover { color: #dd6b20; }
.nav-mobile { display: none; }
@media (max-width: 640px) {
  .nav-mobile { display: block; }
}
SCSS (compiles to the same CSS)
$brand: #dd6b20;
$dark: #1a202c;

.nav {
  background: $dark;
  a {
    color: white;
    &:hover { color: $brand; }
  }
  &-mobile {
    display: none;
    @media (max-width: 640px) {
      display: block;
    }
  }
}

Key SASS features for the exam:

  • Variables: $brand-color: #dd6b20 — like CSS custom properties but processed at compile time
  • Nesting: write child selectors inside parent blocks — less repetition
  • Partials: split styles into _buttons.scss, _nav.scss, etc., then @import them — keeps large projects manageable
  • Mixins: reusable blocks of CSS, like a function for styles

The NESA framing

The syllabus groups these as: "CSS — consistency of appearance, flexibility with browsers/devices, maintenance tools." Map your knowledge directly: consistency = CSS variables, flexibility = media queries + responsive units, maintenance = SASS/preprocessors + file organisation.

4. Code Libraries, Frameworks & Open-Source ~15 min

SE-12-06 — Code Libraries

Almost no production website is built from scratch. Developers stand on the shoulders of thousands of open-source packages — and the NESA syllabus specifically calls out four types: frameworks, template engines, predesigned CSS classes, and open-source software.

Library vs Framework — the key distinction

Library

You call it

A library solves one specific problem. You choose when and where to use it. Your code is in charge — you call the library when you need it.

  • Axios — HTTP requests
  • date-fns — date formatting and manipulation
  • bcrypt — password hashing
  • Lodash — utility functions (sorting, grouping arrays)
Analogy: a hammer. You pick it up when you need it.
Framework

It calls you

A framework provides the overall structure. You fill in the blanks it defines. The framework is in charge — it calls your code at the right moment (the "Hollywood Principle": don't call us, we'll call you).

  • Express.js — Node.js web server framework
  • Django — Python web framework (batteries included)
  • Ruby on Rails — opinionated MVC framework
  • React — UI component framework
Analogy: a building. You furnish the rooms it provides.

Template Engines

A template engine lets a server generate HTML dynamically — mixing a fixed HTML structure with live data from a database.

Without a template engine, you'd have to concatenate strings in code to build HTML responses — which is messy and vulnerable to XSS. Template engines handle escaping automatically.

<!-- Jinja2 template (Python/Django) -->
<h1>Welcome, {{ user.name }}!</h1>
<ul>
  {% for post in posts %}
    <li>{{ post.title }} — posted {{ post.date }}</li>
  {% endfor %}
</ul>

The server fills in {{ user.name }} and loops over posts, then sends complete HTML to the browser. The browser never sees the template syntax — just finished HTML.

Common template engines: Jinja2 (Python), Handlebars (JavaScript), EJS (Node.js), Blade (PHP/Laravel).

Predesigned CSS Classes — Bootstrap & Tailwind

Instead of writing every CSS rule yourself, you can use a library of pre-made classes and just apply them in your HTML:

<!-- Bootstrap: semantic class names that apply styles -->
<button class="btn btn-primary btn-lg">Submit</button>
<div class="container mt-4 p-3 bg-light rounded">...</div>

<!-- Tailwind: utility classes (one class = one CSS rule) -->
<button class="bg-blue-600 text-white px-4 py-2 rounded hover:bg-blue-700">Submit</button>
<div class="max-w-4xl mx-auto mt-4 p-3 bg-gray-100 rounded">...</div>
FeatureBootstrapTailwind CSS
ApproachPre-built components (modals, navbars, cards)Utility-first (build your own components)
Class namesSemantic (btn-primary)Descriptive (bg-blue-600 text-white)
CustomisationOverride defaultsHighly configurable design system
File sizeLarger (full component library)Small (PurgeCSS removes unused classes)
Best forQuick prototypes, admin dashboardsCustom designs without leaving HTML
Volcanic Pantheon: You wrote every CSS rule from scratch — which is great for learning. In a professional project or hackathon, Bootstrap or Tailwind would let you build the same UI in a fraction of the time.

Open-Source Software in Web Development

Almost every library and framework above is open-source — the source code is publicly available for anyone to use, study, modify, and distribute.

  • MIT licence: most permissive — use commercially, modify, distribute, no requirement to open-source your changes. Just keep the copyright notice. Used by Express, React, Vue, Bootstrap.
  • Apache 2.0: similar to MIT but explicitly grants patent rights. Used by many Google projects.
  • GPL: copyleft — if you modify and distribute a GPL-licensed project, you must release your changes under GPL too. WordPress uses GPL.

Open-source powers the entire web stack — Node.js, Python, Linux, Nginx, PostgreSQL, Git — all open-source. The trade-off is that maintaining these projects relies on volunteers and sponsorships.

Supply chain risk — this connects to Lesson 10

When you run npm install, you're downloading code written by strangers onto your machine. In Lesson 10 you saw that attackers target npm packages to compromise thousands of projects at once. This is the supply chain risk inherent in open-source dependency ecosystems.

Mitigations: pin dependency versions, audit with npm audit, prefer well-maintained packages with many contributors, and never blindly upgrade all packages before a production release.

Library or Framework? Spot the difference.

For each item, identify whether it is a library, framework, template engine, or predesigned CSS classes:

  1. Django
  2. Axios
  3. Jinja2
  4. Tailwind CSS
  5. bcrypt
  6. Ruby on Rails
  7. Handlebars
  8. Bootstrap
Reveal answers
  1. Framework — it dictates project structure (models, views, URLs)
  2. Library — you call it to make HTTP requests
  3. Template engine — generates HTML server-side
  4. Predesigned CSS classes — utility-first CSS
  5. Library — you call it to hash passwords
  6. Framework — opinionated MVC structure
  7. Template engine — HTML templating with {{ }}
  8. Predesigned CSS classes — component-based CSS

5. CMS, Load Times & Version Control for Teams ~15 min

SE-12-06 — CMS, Load Times, Version Control

Content Management Systems (CMS)

Not every website is built by a developer. A business owner needs to update their product descriptions, add new blog posts, or change their opening hours — without touching code. That's what a CMS is for.

A CMS separates content (text, images, data) from presentation (templates, CSS). Non-developers edit content through a visual dashboard; the CMS handles rendering it to HTML.

CMSTypeWho uses itNotes
WordPressTraditional (self-hosted)Blogs, business sites, newsPowers ~40% of the web. Plugin ecosystem. Requires PHP server.
Wix / SquarespaceHosted drag-and-dropSmall businesses, portfoliosNo coding needed. Less flexible. Monthly fee.
ShopifyE-commerce CMSOnline storesManages products, checkout, inventory.
Contentful / SanityHeadless CMSDevelopers building custom frontendsAPI-first — delivers content as JSON to any frontend (React, mobile).

Traditional vs Headless CMS

Traditional CMS (WordPress): the CMS controls both the content database and the HTML rendering. Tightly coupled.

Headless CMS (Contentful, Sanity): the CMS manages content and exposes it via API. Your React app (or any frontend) fetches the content and decides how to display it. More flexible, but requires developer work.

How to Evaluate a CMS — Criteria Table

NESA expects you to evaluate CMS options — not just list them. That means applying criteria to a specific scenario and justifying a recommendation. Here are the six criteria to use:

CriterionWhat to assessWhy it matters
CostFree, subscription, or enterprise pricing? Hosting included?Determines viability for the client's budget
Technical skill requiredCan a non-developer use it? Does setup require a developer?Determines who can actually maintain the site long-term
CustomisabilityCan the design be fully customised? Are there template limits?Determines whether the client's design requirements can be met
ScalabilityCan it handle growth in users, content, or traffic?Avoids needing a full rebuild when the business grows
Vendor lock-inCan you export content and migrate away? Is data portable?Protects the client if pricing changes or the vendor closes
Open-source vs proprietaryIs the source code available? Can you self-host?Affects long-term control, security auditing, and cost

Worked Evaluation — HSC exam style

Scenario: A local restaurant wants a website to display their menu and accept online reservations. They have no developer on staff, a modest budget, and want to update the menu themselves whenever dishes change.

Evaluate two CMS options and justify a recommendation.

Reveal model response

Option A — WordPress

  • Cost: Software is free (open-source), but hosting is required (~$10–15/month). Total cost is low but not zero.
  • Technical skill: Setup requires some developer knowledge (hosting, theme installation, plugin configuration). Ongoing content editing (menu updates) is manageable for a non-developer via the dashboard.
  • Customisability: Highly customisable via themes and plugins. A reservation plugin (e.g. OpenTable integration) exists.
  • Scalability: Scales well with caching plugins (WP Super Cache, Cloudflare).
  • Vendor lock-in: Low. Open-source; content is stored in a portable SQL database.

Option B — Squarespace

  • Cost: ~$25/month subscription; no separate hosting needed.
  • Technical skill: No developer needed at any stage — drag-and-drop editor, zero setup.
  • Customisability: Limited to provided templates; fine for a standard restaurant site.
  • Scalability: Adequate for a small restaurant; not suitable for high-traffic e-commerce at scale.
  • Vendor lock-in: High. Content is locked to the Squarespace platform; migration is difficult.

Recommendation: Squarespace is the better choice for this client. The restaurant owner has no developer on staff, so the zero-setup, non-technical interface is the decisive factor. While WordPress is more flexible and cheaper long-term, it requires developer involvement for setup and ongoing maintenance — a hidden cost the client cannot meet. The scalability and lock-in trade-offs are acceptable given the modest, stable requirements of a local restaurant. If growth or advanced features become necessary, a migration could be considered at that point.

Managing Web Page Load Times

A 1-second delay in page load time reduces conversions by 7% (Amazon research). Performance is not optional — it's a user experience and business concern.

Minification

Removing whitespace, comments, and shortening variable names in JS/CSS files. app.js (47 KB) becomes app.min.js (18 KB). Tools: Terser (JS), cssnano (CSS), or bundlers like Vite/Webpack that minify automatically on build.

Content Delivery Network (CDN)

A CDN stores copies of your static files (HTML, CSS, JS, images) on servers around the world. When a user requests your site, they're served from the closest node — reducing latency from hundreds of milliseconds to single digits.

Volcanic Pantheon: When you deployed to Vercel, they automatically put your site on their CDN. A visitor in London gets your files from a London server, not from Australia. That's why Vercel deployments feel fast globally with zero configuration.

Lazy Loading

By default, browsers download all images on a page immediately — even ones far below the fold that the user may never scroll to. Lazy loading defers loading until an image is about to enter the viewport.

<!-- Native browser lazy loading — one attribute -->
<img src="shrine-photo.jpg" alt="Volcanic Pantheon shrine" loading="lazy">

Browser Caching (Cache-Control)

The Cache-Control HTTP response header tells the browser how long to store a resource locally before fetching it again from the server.

Cache-Control: max-age=31536000, immutable

This tells the browser: "keep this file for one year, and it will never change." Your CSS and JS files (which have hashed filenames after build) can be cached forever — because if they change, they get a new filename.

Image Optimisation

  • Use modern formats: WebP (30–50% smaller than JPEG/PNG with same quality)
  • Serve correctly sized images — don't serve a 4000px image in a 400px container
  • Use srcset to serve different sizes to different screen resolutions

Version Control for Web Apps — Git in Teams

You already use Git and GitHub for Volcanic Pantheon — but you're the only developer. Version control in teams works differently, and the NESA syllabus expects you to understand collaborative practices.

The Feature Branch Workflow

In a team, everyone working on main simultaneously causes chaos. Instead:

  1. Every new feature or bug fix gets its own branch: git checkout -b feature/login-page
  2. Developer works on the branch, commits as they go
  3. When ready, they open a Pull Request (PR) — a request to merge their branch into main
  4. A teammate reviews the code, leaves comments, requests changes if needed
  5. Once approved, the branch is merged and deleted

Key benefits:

  • Code review: another set of eyes catches bugs, security issues, and bad patterns before they hit production
  • Isolation: half-finished features don't break the main branch
  • History: every change is logged — you can see who changed what and why, and revert if needed
  • CI/CD integration: automated tests run on every PR before merging — broken code can't land in main
Volcanic Pantheon: Your single-branch, single-developer workflow is fine for a solo project. If a friend joined to help build features, you'd create feature branches so you're not overwriting each other's work. The git history you've built is already a portfolio asset — it shows your project's evolution.

Challenge — Design a Web Stack

A client runs a bakery. They want a website where they can update their menu, post weekly specials, and take online orders. They have no coding knowledge. They get 2,000 visitors a day from across Australia.

For each decision below, choose an option and justify it:

  1. CMS choice: custom-built admin panel, WordPress, or Shopify?
  2. Should they use a CDN? Why or why not?
  3. Their developer wants to use Bootstrap for the frontend. What type of tool is Bootstrap, and what's the benefit?
  4. Should product images use lazy loading?
Reveal model answers
  1. Shopify — has e-commerce built in (inventory, checkout, payments). WordPress would need plugins. Custom-built is overkill and expensive for a non-technical client.
  2. Yes, CDN. 2,000 daily visitors from across Australia means some may be in Perth, Brisbane, or Darwin — far from one server. A CDN serves static files (images, CSS, JS) from the nearest edge node, reducing load time for all regions.
  3. Bootstrap is a predesigned CSS class library. Benefit: the developer can build consistent, responsive UI without writing CSS from scratch — faster development and professional visual result.
  4. Yes, lazy loading. A bakery menu likely has many product photos. Loading all of them on page entry wastes bandwidth for users who only look at the top items. Lazy loading defers off-screen images until the user scrolls down.

Exam Cheat Sheet — Lesson 16

W3C
International standards body. Defines HTML, CSS, and browser behaviour. Working groups: WAI, i18n, Security, Privacy, Machine-readable data.
WCAG (WAI)
Web Content Accessibility Guidelines. Levels A / AA / AAA. Key: semantic HTML, alt text, colour contrast, keyboard navigation.
i18n
Internationalisation. Unicode/UTF-8 for all characters, RTL text, locale-aware dates and currencies, lang attribute on <html>.
schema.org / JSON-LD
Machine-readable structured data. Tells search engines what your page is (event, product, person). Enables rich results in Google.
CSS Variables
Custom properties (--brand-color). Define once, use everywhere. Change one value to update consistently across whole site.
Media Query
@media (min-width: 768px) { ... } — CSS rules that only apply at certain screen widths. Foundation of responsive design.
SASS / SCSS
CSS preprocessor. Adds variables, nesting, partials, mixins. Compiles to plain CSS. Improves maintainability of large stylesheets.
Library vs Framework
Library: you call it (Axios, bcrypt). Framework: it calls you (Express, Django, Rails). Frameworks dictate structure; libraries solve one problem.
Template Engine
Server-side HTML generation with variables and loops. Examples: Jinja2 (Python), Handlebars/EJS (Node.js). Prevents string concatenation for HTML.
Predesigned CSS Classes
Bootstrap (component-based) and Tailwind (utility-first). Apply classes in HTML to get styles without writing CSS. Speeds up UI development.
Open-Source Licences
MIT: most permissive — use anywhere. Apache 2.0: adds patent grant. GPL: copyleft — modifications must stay open-source.
CMS
Content Management System. Non-developers edit content via dashboard. Traditional (WordPress), hosted (Wix), headless (Contentful — API-first).
CDN
Content Delivery Network. Copies static files to edge servers worldwide. Users download from nearest node → lower latency.
Minification / Lazy Loading
Minification: remove whitespace from JS/CSS to reduce file size. Lazy loading: loading="lazy" on images — defer download until needed.

Programming for the Web — Almost There

Lesson 13 covered protocols and HTTP. Lesson 15 covered client-server and APIs. This lesson covered the entire web tooling and standards ecosystem. One lesson to go.

← Back to Blake's Learning Hub