No joke: Cloudflare takes aim at Google Fonts with ROFL

Cloudflare wants formatted text to flow faster into browsers, so has taken on Google with a webby font-delivery offering.

The content-delivery-network-and-more biz has two beefs with Google Fonts – one of which is that it's needlessly chatty.

In Cloudflare's telling, Google Fonts uses a cascading style sheet that resides at fonts.googleapis.com but stores font files at fonts.gstatic.com.

"This separation results in a minimum of four round trips to the third-party servers for each resource request," wrote Cloudflare product chap Mat Bullock and software engineering manager William Woodhead. "These round trips are DNS lookup, socket connection establishment, TLS negotiation (for HTTPS), and the final round trip for the actual resource request. Ultimately, getting a font from Google servers to a browser requires eight round trips."

All that back and forth adds up to 150ms of page load time to a WordPress site, the pair wrote.

Their second beef is privacy. While the post acknowledges that Google doesn't collect info about font usage for ads or to set cookies, the pair note that the font-gathering interactions with the Big G means it can potentially collect IP addresses, user agents, details of the referrer page, and could measure how often each IP makes requests to Google.

"Any time you can prevent sharing your end user's personal data unnecessarily is a win for privacy," they wrote.

In what readers may not consider a colossal surprise, Cloudflare has addressed its own gripes.

• Cloudflare opposes Europe's plan to make Big Tech help pay for networks
• Cloudflare engineer broke rules – and a customer's website – with traffic throttle
• Cloudflare hikes prices by a quarter, blames the accountants
• Cloudflare finds a way through China's network defences

The biz has challenged chattiness with an approach that sees it transmit fonts over the same HTTP/2 or HTTP/3 connection used to deliver other page resources. It's also done away with the CSS request.

"To achieve both the home-routing of font requests and the removal of the CSS request, we rewrite the HTML as it passes through Cloudflare's global network. The CSS response is embedded, and font URL transformations are performed within the embedded CSS," the post explains.

This approach is made possible by a tech Cloudflare calls "“ROFL" – the Response Overseer for FL.

The FL stands for Front Line – part of a framework called Cf-html that Cloudflare uses to parse HTML. As detailed in a February 2023 post, Cf-html had security challenges that saw Cloudflare re-work it, using Rust.

In the latest post, Bullock and Woodhead declare "ROFL paved the way for the development of Cloudflare Fonts."

The new service comes online in October. Sadly, Cloudflare's post doesn't specify a date, nor mention cost.

Also on Monday, Cloudflare announced it will start delivering incident reports to its customers, over an API and an RSS feed. NetAdmins can also choose to have the info piped into services like PagerDuty, or sent as boring old email. ®