This documentation is for an outdated version: 14.5.0. The current version is 14.6.17 - get the documentation here.

Sevenval FIT 14 – Changelog

Version 14.5.0

Release date: 2016-08-03

FIT 14.5 is a feature release for the Web Accelerator.

Brotli is a new data compression library that shrinks Web payload better than proven methods such as gzip or deflate. The Web Accelerator now includes brotli as an Apache module. We have seen an improvement of over 10% of the average compression ratio compared to gzip. This means that compressible payloads (almost all formats except images) are transferred to clients in less than a third of its original weight.

Brotli also accounts for much of the benefits of the WOFF2 font format. Those font files load significantly faster than the predecessor format WOFF or the old TTF format. The Web Accelerator beta feature webfont-compression converts WOFF fonts on-the-fly into the WOFF2 format, resulting in 20% or more reduction in payload. As fonts are usually loaded in the critical render path, this is a welcome diet. To keep things simple, the Web Accelerator handles the necessary changes to your CSS font definitions as well!

To further accelerate loading of CSS files, we have improved our style-concat feature to work with any external CSS files. All adjacent <link rel=stylesheet> definitions within the same media query selector are combined into a single request. This not only frees up request slots in HTTP/1 setups, it also allows for more efficient data compression than single requests would have. Furthermore, style-minifying now removes even more redundant code and has improved runtime performance.

In 1999 Microsoft gave birth to the infamous favicon.ico. Of course everyone loves icons, but what made the favicon so annoying was that it was a request the browser conducted itself without the developer referencing it in the page. That makes it so easy to forget. Later, Apple tuned in with its apple-touch-icon.png that some (interestingly non-iOS) clients attempt to load from every single site visited. If your site does not handle those well-known icon URLs, it may result in unnecessary requests and wasted bandwidth. For example, the 404 error document may be much larger than a regular favicon. Many Web sites have developed the habit of sending redirects (to potentially better suited URLs) instead of 404s. In this case, the browser could be redirected to the home page in search for the favicon, resulting in two (or more) requests which may return lots of unnecessary HTML. Our new error handling for missing-icons does not paint an icon for you, but it replaces all non-icon answers for well-known icon URLs with a tiny error document.

To save even more bytes, more clients including Microsoft Internet Explorer and Mozilla Firefox now qualify to use Zorro images as a replacement for transparent PNG images with photo characteristics.

There are many more improvements and bug fixes in this release. And as usual, you will find all third-party libraries freshened up.

Web Accelerator

  • Improved: style-concat now works with all CSS files referenced as <link rel=stylesheet> (#32268)
  • Improved: The CSS minifier now removes rules having empty blocks (#30493)
  • Improved: CSS minifier vendor prefix stripping now also removes keyframe at-rules (#30493)
  • Improved: FIT now delivers Zorro images to more clients that are not WebP-capable including Microsoft Internet Explorer, Mozilla Firefox and Google Chrome on iOS (#31528, #32176)
  • Improved: Fonts being served by source servers with content type font/* are passed compressed using gzip or deflate compression (#26870)
  • Improved: Detection of binary data like images or fonts that were loaded with content type text/html in parse action (#32964)
  • Improved: The FDX event clientTiming is now also bound to the window‘s pagehide, the document‘s visibilitychange, the pplnavstart and pplnavend (instead of pplend) events. Additionally, its structure has changed: the mode parameter was dropped in favour of the new parameters source (default|ppl) and type (load|unload|pagehide|visibilitychange|pplnavstart|pplnavend). (#32486)
  • Fixed: Exceptions when handling SVG fonts in the parse action (#33055)
  • Fixed: Visibility delayed images in elements with overflow are now correctly loaded (#31138)
  • Fixed: CSS minifier vendor prefix stripping now correctly honors strings and URLs (#30493)
  • Removed: Support for the formerly deprecated attribute resolve-ie-comments of the <text-tilter/> config element has been removed. (#32582)


  • Improved: The new loadAll parameter of the ai.images.loadHQImages() JavaScript function can be used to load all delayed images (including visibility delayed) (#31285)
  • Improved: When calling the ac.stage.stage(id,options) method with the optional options parameter, the specific AC-Stage object is now destroyed and reinitialized with the new options. (#32552)
  • Changed: The delivery context property client/hw/type is no longer read from the DDB export but calculated from the User-Agent header field and the fitdetection cookie. (#32770)
  • Fixed: The pplnavstart event is now fired when submitting a form. (#32649)
  • Fixed: PPL will no longer move scripts to the document head that were falsely identified as pagejs debug script. (#32955)
  • Fixed: a elements in AC-Stage elements will no longer get a href attribute if they did not already have one. (#32717)
  • Fixed: The AC-Stage addElement function now works correctly on Windows Phone 8 (#32082)
  • Removed: Support for the formerly deprecated attribute data-ai-priority has been removed. (#32582)

Operation & Administration

  • New: FIT_MAX_PARSE_SIZE in fit.ini limits the HTML/XML parser’s input size to prevent excessive CPU usage when processing large DOMs (#32800)
  • Changed: The Content-Length field in the fit_request.log now contains the number of originally transferred bytes, even when the response was read from the internal cache (#32521)
  • Changed: In order to distinguish erroneous requests in the fit_request.log, backend request timeouts that occur after the HTTP response headers have been loaded are now logged with HTTP status code 0 (#32588)

Third Party

Version 14.4.2

Release date: 2016-07-06

https:// should be considered the norm for Web traffic. It allows for secure communication, the green padlock looks cool, and most important: it enables the efficient and fast data transfers of HTTP/2. However, switching your site to HTTPS may not be trivial. The force-https feature removes the hassle of changing URLs in your backend. But what can you do about URLs pointing to other domains, like ad scripts, social media or user images? Your browser will show mixed protocol errors and block the loading of these assets. The new force-https option external-media handles this by rewriting foreign http:// URLs to their secure counterpart. Switch to https:// now!

Speaking of security, we have improved our transport mapping feature, which is crucial when using the same domain name for Web Accelerator and source, to validate TLS certificates on mapped traffic. E.g. your certificate is accepted when the requests are routed to the IP resolved for

Besides a lot of bug fixes, this version ships ImageMagick 7 to be up-to-date with the frequent upstream updates, many of which are security related.

Web Accelerator

  • New: external-media option for the url-rewriting/force-https setting to prevent mixed-content warnings (#31318)
  • Improved: Transport mapping now allows for TLS certificate checks. (#30151)
  • Improved: The characters $!*'()-_.~/?:@[] will now remain unencoded in query parameters in backend requests (#30863)
  • Improved: The parsing of the fitdetection cookie was improved to better cope with clients sending multiple Cookie headers. (#32187)
  • Changed: JavaScript and CSS Minifying is now disabled by default (as documented before) (#30498)
  • Changed: FDX tracking cookies are no longer sent to backend servers. (#32476)


  • Improved: Added script for easier SDK updates (#32482)
  • Improved: PPL navigation by left mouse click in combination with Ctrl, Shift, Cmd or Alt key, as well as middle and right mouse click, has been changed to behave like the browsers default. (#32548)
  • Improved: The new JavaScript function ai.ppl.clearCache allows to remove all cache entries from the PPL Cache. (#32229)
  • Improved: The new detectioninit event can be used to register custom detection code. (#31628)
  • Improved: Support for XInclude in ACLs (#32318)
  • Changed: The deprecated DC property client/hw/input/touchscreen now always has the value true (#32372)
  • Changed: The deprecated DC property viewport/orientation-switchable now always has the value true. As a result, filtering of media queries with the orientation media feature is not possible anymore. (#32380)
  • Fixed: Extended checks added to the Script Manager to avoid exceptions caused by corrupt requests or missing files (#32321)
  • Fixed: Premature garbage collection in EXSLT regexp:match() (#32766)

Operation & Administration

  • Fixed: Redundant writes of extension cache files (#32478)
  • Fixed: Cleanup of invalid extension cache files (#32480)

Third Party

Version 14.4.1

Release date: 2016-06-08

This release is a maintenance release comprising mostly bug fixes, security patches and 3rd party updates. However, there are some interesting improvements, too.

But security comes first! The Web Accelerator uses the ImageMagick library for image scaling. Recently, a number of security vulnerabilities were discovered in ImageMagick. With this release, we address these with a policy.xml as recommended by the vendor, as well as some patches that remove potentially exploitable code that we do not use. This is why we recommend all customers to update to 14.4.1 as soon as possible.

Until now, the cache for scaled or compressed images was valid for one day – regardless of the resource’s actual caching headers. Now these headers are respected, allowing shorter TTLs. However, you may still override this with the interval cache.

With the new scaling option add-size-attributes, the width and height attributes of images are set in the HTML document. This allows browsers to render the page quicker, because no reflows are necessary after the images have been downloaded. For pages with delayed images, this avoids “jumping pages” if image dimensions are missing.

Still in Beta, but nevertheless exciting, we provide an optional new URL scheme. With trailing marks enabled, the URL marks needed for URL optimization (such as caching) are moved to the last path segment. In 1:1 setups where a single origin is mounted onto /, all paths are identical to the origin. In combination with the new force-transparent switch, this allows for transparent cookies with arbitrary path directives.


Web Accelerator

  • Improved: Image Scaling and Image Compression now respect origin caching headers (#28476)
  • Improved: FIT now tracks the hardware vendor for FDX in clientInfo.hwVendor (#32257)
  • Improved: FIT now tracks more client-side JavaScript errors for FDX (#32178)


  • Improved: The pplnavstart event and pplnavend event were added to Partial Page Loading to improve usability of the use-cache feature (#32149)
  • Improved: PPL now has the new pplready event, that is triggered immediately when the Partial Page Loading session is initialized, even before the load event (#31809)
  • Improved: Generation of proper HTML5 document type declaration (#32102)
  • Fixed: popstate events in PPL after POST requests or redirects will now be processed by PPL (#31953)
  • Fixed: PPL now retains fragment identifiers in both the URL and document.location (#31973)
  • Fixed: form element parsing on Mobile Safari (on iOS 8) after navigating with PPL (#32129)
  • Fixed: Case-insensitive hostname matching in sources.xml (#32307)
  • Fixed: Segmentation faults in the XPath function version-compare() (#32036)

Adaptive Components

  • Fixed: AC-Stage needed an enhancement for swipe gestures via touch-action (used on IE Mobile and Edge browser) (#32002)
  • Fixed: Initialized AC-Stage elements will no longer claim to be uninitialized under certain circumstances (#32012)

Operation & Administration

Third Party

Version 14.4.0

Release date: 2016-05-04

This release brings a performance update to the “rear side”. When communicating with an origin server, a TCP connection needs to be established. This comprises multiple round trips. For encrypted connections, an additional TLS handshake is necessary to setup parameters for secure communication. Depending on the network latency this adds up to a significant amount of waiting time in the critical path. Furthermore, the throughput of a freshly established TCP connection is limited. Only after a number of network packages have been exchanged, the throughput increases.

With 14.4. we start recycling TCP connections to avoid these performance penalties. This reduces connection overhead and improves request performance. The savings are especially high for TLS backends and (very) remote origins. On our production systems we have seen average speed-ups of up to 20%. But even in low latency environments with plain HTTP there are some milliseconds to scrape. Check your fit_request.log to see what’s in it for you!

Besides that, we have fixed a number of bugs. But in case something goes wrong nevertheless, you can now fail with grace with a custom error page.

Please note that this major release includes deprecations and removals.

In the Beta section we have introduced a page cache for PPL: When navigating back and forth in the browser history, no HTTP request or HTML parsing will be required. Instead, the previous pages’ DOM objects may be reused, resulting in much faster and less interruptive history navigation.

Web Accelerator

  • Improved: FDX scripts are delivered without the need for an additional Adaptive Component (#31592)
  • Improved: The display properties for unknown clients were changed to better default values (#31261)


  • Removed: HTTP Digest authentication for backend requests. You may use Basic authentication (preferably under TLS) instead (#31292)


Third Party

  • New: PHP extension pecl_http 3.0.1 (#31292)
  • New: PHP extension propro 2.0.0 (#31292)
  • New: PHP extension raphf 2.0.0 (#31292)
  • Updated: PHP 7.0.6 (#31952)
  • Updated: imagick 3.4.1 (#31389)

Version 14.3.1

Release date: 2016-04-06

We have learned a lot from analyzing our image traffic. Therefore, this minor release focusses on bug fixes and enhancements of image processing.

Many images are small enough, in terms of dimensions, to fit into current clients’ viewports. That is because many mobile devices have high density displays (e.g. Apple’s retina display) resulting in lots of pixels. Therefore, Image Scaling and Compression are now separately configurable. This can be useful for CSS documents with image sprites that should not be scaled but still be compressed.

If an image is known to be small enough for the requesting client, FIT will automatically switch from Image Scaling to Image Compression. The latter uses image URLs without sizing parameters, resulting in a better cache hit rate (in FIT and in downstream caches) and reduced disk and CPU usage.

Another finding in our image statistics is that in certain cases image weight (i.e. file size) may be increased by our image processing. Then, the smaller original image will be sent to the client instead of the processed image. We call that pass-on-enlargement. Since animated GIF images are hard to optimize and are practically never scaled, they are no longer processed at all.

We have further improved SVG as a replacement for transparent PNGs (also known as “zorro”). The alpha map is smaller. And a bug showing artifacts at image borders was fixed.

Developers will find some interesting enhancements, too. The content DC properties for example let you run Flow actions depending on the type of content (e.g. html or js). The detection page can now be disabled on a per-URL basis.

Web Accelerator

  • Improved: Head reordering will position the base and most meta tags directly after the first title tag (#31097)
  • Improved: Delayed images with visibility prioritization will no longer scroll the page after navigating to anchor targets (#30961)
  • Improved: Performance of URL rewriting for images (#30674)
  • Changed: If the image file size increases during image processing, the smaller source image is delivered instead. Set the Image Scaling option pass-on-enlargement in the config.xml to false to revert to the behaviour of FIT before 14.3.0. (#29896)
  • Fixed: Fringe artifacts in Zorro SVG images between the image and mask (#31047)
  • Fixed: Attributes from body elements are moved to the implicit body element created by the HTML5 parser (#30997)
  • Fixed: Viewport dimensions will now be detected correctly even if pages are rendered in quirks mode (#26728)
  • Fixed: Calculation of the position of position: fixed elements for delayed images with visibility prioritization. (#31197)
  • Removed: Animated GIFs will no longer be scaled or compressed (#30456)
  • Removed: FIT will no longer inline its JavaScript code on the first request (#31029)


  • Fixed: Detection of JSON content received with the content type text/html (#31211)
  • Fixed: The characters $!*'()-_.~ will now remain unencoded in query parameters in backend requests (#30863)
  • Fixed: HTML5 doctype output (#31054)
  • Fixed: If enabled, the Interval Cache ignores the presence of Authorization header in the request to the source server (#31031)

Adaptive Components

  • Fixed: A bug where autosized stages were too small to fully display contained images after a PPL navigation. (#29737)

Operation & Administration

  • Improved: Decreased the variability of image URLs when source images are too small for image scaling. This should improve the cache hit rate for result images. (#31059)
  • Changed: The client properties data is now stored in a single file to ensure consistency during updates (#30980)

Third Party

  • Updated: PHP 7.0.5 (#31593)

Version 14.3.0

Release date: 2016-03-09

This update brings a significant performance boost to the server-side! The overall CPU usage is reduced by 25% on average. Depending on the features in use, sites may see even larger savings in CPU time. This is not only a benefit in terms of hardware savings. Since the responses are generated more quickly, resulting in shorter times-to-first-byte, it can be a major improvement to your site’s critical render path. These performance gains result from the update of the underlying PHP engine to the much acclaimed version PHP7.

The Web Accelerator was improved, too. As images are a very important part of the user experience, support for WebP and SVG images is now determined automatically by the client feature detection. Before 14.3, these capabilities were taken from our Client Description Repository. With the new on-the-fly detection we have more accurate information when dealing with new, unknown clients. FIT now uses URL encoding instead of base64 when Inlining SVG images, which results in more efficient transfer compression and a reduced payload for the client.

The documentation now has a section on beta features. It offers an overview of experimental features that we make available for pre-production use. Any developer feedback on these features is highly appreciated!

With this major release, we have also removed some formerly deprecated features. Please note that Session Management and the Load Brake have been removed.

Web Accelerator

  • Improved: The detection mechanisms will update the delivery context with detected values for webp and svg support (#31055)
  • Improved: Desktop bots now get DC properties similar to a recent desktop browser (#30705)
  • Improved: Inlined SVGs are now use URL encoding instead of base64, thereby reducing the transfer size (#30398)
  • Improved: Internal scripts preceding the first external script element are inserted before styles (with head reordering enabled and, under certain circumstances, without head reordering) in order to reduce Chrome developer audit messages while retaining low page load times. (#30950)
  • Improved: noscript elements are now removed in PPL requests (#30844)
  • Fixed: Under certain conditions an exception could be thrown if an opening tag in the <head> element was misspelled (#30947)
  • Fixed: Do not add spurious content attributes to meta tags where a charset attribute already exists (#30769)
  • Fixed: cookie path directives with (superfluous) quotes are accepted (#31109)
  • Fixed: The Script Manager now works correctly with scripts using the 'use strict' directive (#30673)
  • Fixed: Iframes are no longer removed from head element during PPL transition (#30944)
  • Fixed: When PPL is not enabled, ai-fragment tags are now stripped from the output document, to prevent interference with CSS relying on their absence (e.g. child selectors) (#31086)
  • Fixed: A bugfix for edge browsers on WindowsPhone is now applied to all edge browsers. It is needed for PPL fragments wrapping thead elements in combination with HTML minifying. (#30284)
  • Fixed: Detection of SVG images containing a DOCTYPE declaration (#30760)
  • Fixed: Zorro SVG gamma correction issues (#30970)
  • Fixed: quality:-1 now works properly with the image url API (#31078)
  • Fixed: Image rewriting in CSS containing unresolved text filter instructions (#31131)
  • Fixed: Image rewriting with ai-rewriteimage now respects the image-scaling settings defined in config.xml (#30875)
  • Fixed: WhatsApp’s rich preview got confused by our util.js snippet, resulting in a wrong preview title (#30864)


  • Improved: The debug target errorlog is now less verbose to be better “tailable” (#30803)
  • Changed: The XPath function urlencode() does not encode the ~ (tilde) character anymore (#30796)
  • Changed: The XPath function md5() no longer implicitly converts the UTF-8 input to ISO-8859-1. This may lead to different result hashes! (#30796)
  • Removed: FIT Session System (#23764)

Adaptive Components

  • Improved: Visibility image delaying will now consider images in not yet visible AC-Stage elements. The number of stage elements considered for preloading can be configured using the preload-count attribute. (#30215)
  • Fixed: AC-Stage touch event handling on Samsung Galaxy Tab 2 devices (#31035)
  • Fixed: A client bug on some iOS 7.x clients prevents touch event capturing when -webkit-overflow-scrolling:touch is used in AC-Scroll (#28462)

Operation & Administration

  • Changed: Due to the removal of the Session System, the fit.ini setting FIT_JOB_HOST_URL has been renamed to FIT_STATUS_URL. It is only used for apachectl/phpfpmctl (full)status. (#30415)
  • Removed: Load Brake (the built-in mechanism to limit the system load) (#29117)

Third Party

Version 14.2.0

Release date: 2016-02-10

The first release of 2016, FIT 14.2.0 primariliy brings a set of new features regarding image optimization.

First and foremost we have implemented a new algorithm that allows us to reduce the transport size of truecolor PNGs with transparency by up to 80%. This is especially interesting for relevant browsers that do not support WebP images (looking at you, Apple Safari). While we were inspired by Mario Klingemann’s Zorro SVG we were able to take the idea several steps ahead and not only resolve issues that it raised, but also improve methods further and in consequence produce even smaller result images without the need of JavaScript.

FIT now also uses 16-bit algorithms for internal image calculation and a better gamma correction. Better handling for truecolor PNGs that are transcoded to WebP format was implemented and developers now may use ai-scaling-width/height values that will scale images bigger than the target viewport. Additionally bringing new scroll speed dependent loading of visibility delayed images and options to control the viewport offset for loading these, FIT 14.2.0 arguably offers the best automated image optimization we ever had.

For assuring high quality in development and maintenance of projects we introduced an XPath function and a fit.ini setting. The watch() XPath function allows you to watch XPath expressions and in case of errors will create entries in the fit_alert.log. In combination with the new fit.ini option FIT_DEPRECATION_EXCEPTION, which will cause exceptions to be thrown when deprecated features are used, you can minimize the chance that your projects will run into future issues.

We also did a rework of our user agent detection. FIT now uses the common UA Parser project for client matching. It provides a robust set of regular expressions that are less sensitive to the frequent version updates (of both operating systems and browsers) seen in user agent strings. However, we still maintain our own Client Description Repository that stores client capabilities, features and properties. After identifying the client, our CDR data is accessed to build up the Delivery Context.

Updates of third party software and bugfixes complete this release.

Web Accelerator

  • Improved: Image Scaling now supports scaling images to sizes bigger than the viewport (#30370)
  • Improved: Image Scaling will now reduce the quality according to the specified scaling size of the image on devices with a high density display (#30640)
  • Improved: For PNG images transcoded to WebP via the Image URLs JS API FIT now always uses lossless compression and therefore sets the quality parameter to -1 in the created URL (#30267)
  • Improved: The load event of delayed images is now dependent on the current scroll speed (#30198)
  • Improved: Delayed images visibility offsets are now configurable (#30182)
  • Improved: Script Minifying now supports scripts with json content types (e.g. application/json or application/ld+json) (#29764)
  • Improved: For Media Query Filtering, it is no longer necessary that the dimensions for both orientations have been detected (#29804)
  • Improved: Correct passing of HTTP status and headers for HEAD requests and replies with various non-200 HTTP status codes when the parse action performs image scaling (#30300)
  • Improved: Head Reordering removes link elements with rel="stylesheet" and the same href (#29433)
  • Improved: Head Reordering remove-duplicates preserves ai-load and id attributes of script elements (#30377)
  • Changed: FIT inserts its own scripts only first if it is necessary for the features activated in the config.xml, for example any of the js-api features, partial-page-loading or document-write-deferring (#30217)
  • Changed: The fitdetection cookie no longer contains the unified caching mark (#30602)
  • Fixed: Inadequate handling of UTF-8 characters in CSS style sheets (#30325)
  • Fixed: The character encoding of HTML is not changed by HTML minification. HTML content is transcoded to UTF-8 when an Adaptive Component is registered. The Content-Type header is set accordingly (#30507)
  • Fixed: An error triggered by scaling an img element with src attribute containing a data URI and a srcset attribute (#30569)
  • Fixed: A bug where custom error handling for images that are loaded delayed with visibility prioritization would cause FIT to load the erroneous image multiple times (#30701)
  • Fixed: A bug in Partial Page Loading with fragments that caused broken redirects (#30426)
  • Fixed: JavaScript minifier removes code after certain regular expressions (#30484)
  • Fixed: Head reordering ignores style elements that contained @import rules (#30634)
  • Fixed: A bug on WindowsPhone 10 devices was fixed caused by HTML minifying in combination with PPL fragments wrapping thead elements (#30284)
  • Fixed: The HTML parser no longer complains about duplicate IDs (#30070)

Development & SDK

  • New: XPath function watch() (#29948)
  • New: It is possible to abort further processing of a request if a deprecated feature was used by enabling FIT_DEPRECATION_EXCEPTION in fit.ini – this is activated by default in the SDK (#30099)

Operation & Administration

  • Fixed: SSL Mutex set to sem in Apache configuration to avoid restart errors on CentOS 7.2 (#30391)

Third Party

  • Changed: FIT now uses the GeoLite2 database to determine the request/country (#30312)

  • Updated: PHP 5.6.17 (#30571)

  • Updated: libxml 2.9.3 (#30070)
  • Updated: imagick 3.3.0 (#27430)

Version 14.1.5

Release date: 2015-12-09

14.1.5 is 2015’s last planned feature release. The main focus was on improving the image handling of the Web Accelerator.

However, the most interesting feature is certainly the script manager that now supports loading remote scripts, too. According to HTTP Archive, after image media, JavaScript is the second largest chunk of content used in Web pages. At the same time, JS code is often delivered in many small files. FIT combines its caching, minifying and script loading facilities to turn the situation into a strength: All JS files, both from backend servers or local files, will be delivered in a single request. This results in better compression, a reduced HTTP overhead and faster browsing – especially on networks that suffer from higher latency like mobile connections.

For Image Scaling (and compression), we have improved the handling of PNG images. This image type delivers sharp graphics, well suited for logos and glyphs, but they can eat up your bandwidth – especially when the number of colors exceeds the maximum palette size. Our new algorithm considers the number of colors, transparency and client capabilities to decide whether the image is suitable for lossy compression. For graphic-like images, WebP lossless compression is used, if supported. These measures drastically reduce the resulting file size.

These advanced compression techniques may now be used for even more images: The parse action detects image content and then applies image scaling to it. These images are scaled according to the default image settings. As the URLs are the same for every client, the response is not publicly cacheable. Nevertheless, this allows you to reduce image payload, even if your image URLs are created or modified on-the-fly with JavaScript, as many responsive image libraries do.

Speaking of which, the new responsive-image-filtering reduces the HTML size by filtering out all image variants (picture/source or srcset) that a capable client would not use anyway. At the same time, image scaling and compression is applied to these images, too.

In addition to these features, we have improved our HTTP compatibility to properly pass HTML form uploads (multipart/form-data) through FIT, regardless of the field names used. In the other direction, HTML fragment responses can be detected automatically, which is often useful for sites making heavy use of AJAX.

Web Accelerator

  • Improved: Image Scaling now selects better output formats for PNG input images to reduce file size while retaining quality (#29970)
  • Improved: Image URLs in srcset attributes will now be scaled (#29933)
  • Improved: When navigating to a new page via Partial Page Loading, the page will be scrolled to position 0, 0 unless an anchor target is given (#24657)
  • Fixed: Scaled images quality calculation bug for clients with DPR greater than 1 (#29509)
  • Fixed: Some Android browsers before 4.4 did not adjust the URL in the address bar correctly for PPL (#26660)
  • Fixed: A bug in pages with nested autosize ac-stages, requested via PPL caused an autosize call on a non existing stage (#30028)


  • Changed: The header fields listed in the remove parameter of response-headers are now dropped from all requests instead of only main requests (#29921)
  • Fixed: POSTing multipart/form-data requests with duplicate or odd field names (#29263)
  • Fixed: POSTing multipart/form-data requests with content beginning with @ (#29516)
  • Fixed: Whitespace surrounding URLs in HTML attributes is trimmed by the URL Rewriter, as required by the HTML5 Standard (#29454)
  • Fixed: URL Rewriting now determines the output format for images in non-standard attributes (e.g. data-src) correctly (#29927)
  • Fixed: Automatic resizing on viewport changes for AC-Stage if size="auto" is set (#29513)
  • Fixed: A bug where Samsung SII devices of version 4.0 or greater could not handle nested ac-scoll very well (#29812) (#29821)

Operation & Administration

  • Changed: ProxyTimeout in httpd.conf set to 60s to ensure that configured timeouts are actually usable (#29783)

Third Party

Version 14.1.4

Release date: 2015-11-11

FIT 14.1.4 is a maintenance release comprising bugfixes and a number of enhancements. Many of which aim to provide seamless integration of FIT into existing Web site deployments to make use of the Web Accelerator features.

Web Accelerator


  • New: remove-content flow action allows to remove content specified by XPath or CSS selector from DOM documents (#29275)
  • New: response-headers option to remove or pass HTTP response HTTP headers from backends (#29188)
  • New: ciphers option to specify TLS ciphers for backend connections (#29384)
  • Improved: JSON is not parsed as HTML5 anymore, even if it has been received with content type text/html (#29340)
  • Improved: Detection of SVG images for Image Scaling (#29503)
  • Improved: CSS minifier now removes redundant sequences of semicolons and whitespace (#26114)
  • Improved: PPL won’t send X-Requested-With headers to the backend anymore (#29171)
  • Improved: When loading fragments with partial page loading, Adaptive Components will now only process the document fragments that will be in the PPL response (#28632)
  • Improved: regex actions and text filter do not run on binary data anymore (#29277)
  • Improved: Performance of the text filter (#29301)
  • Improved: The set-header action may now replace X- headers that were already set (#29295)
  • Improved: Documentation overview for Caching in FIT (#29264)
  • Fixed: A bug where Apple Safari of version 9 or greater could not execute JavaScript properly when navigating via PPL (#29817)
  • Fixed: A bug where the CSS minification option strip-prefixes could break nested media query blocks (#29761)
  • Fixed: Viewport detection for pages that throw exceptions in window.scrollTo (#29486)
  • Fixed: On errors, pass original HTTP status code to the client even if debugging is enabled (#28592)
  • Fixed: HTTP status code of image scaling requests to non-existent or unreadable local resources (#28366)
  • Fixed: HTTP status code (403) for unreadable, local FIDJ documents (#28707)
  • Fixed: Due to client parsing mishaps, the HTML minifier option optional-tags is disabled automatically for PPL requests (#29184)
  • Fixed: Prevent duplication of request parameters on parallel requests (#29382)
  • Fixed: Reading of charset parameters from Content-Type HTTP response headers (#29300)
  • Fixed: Passing of charset parameters from Content-Type HTTP response headers to the client for unchanged content (#29461)
  • Fixed: DC properties css/viewport and html/attribute/async for Microsoft Edge browsers (#26212)
  • Fixed: Value type of custom DC properties set with the set-dc action (#26526)
  • Deprecated: The prioritization attribute of Image Delaying is renamed from data-ai-priority to ai-priority (#29194)

Operation & Administration

  • Fixed: fit_alert.log messages for content that cannot be parsed to XML (#29231)
  • Fixed: fit_alert.log messages if the response body contains only whitespace(s) (#29232)

Third Party

Version 14.1.3

Release date: 2015-10-07

FIT 14.1.3 comes with a host of exciting new features.

At the core of FIT, there has always been a lot of HTTP functionality, and now there is even more. The new HTTP Cache partially implements RFC7234: FIT will store publicly cacheable responses from source servers according to their cache-related headers (e.g. Cache-Control). That means that fewer resources have to be retrieved from the origin servers, the time-to-first-byte decreases and inlining features will work out of the box. Since the feature is enabled by default, you will automatically benefit from cacheable backends. However, you can still configure caching rules manually or disable caching altogether in your sources.xml.

Besides caching, FIT now supports simple HTTP Range Requests on the client connection. Downloading partial documents has become a popular way to load video files. Thus, FIT now supports video playback and seeking in most browsers/players.

To maintain a readable configuration even for complex settings, the sources.xml file is now filtered. That enables you to use dynamic expressions that for example set different origin servers for development and production setups.

Furthermore, the filtered config files (sources.xml, urlmap.xml, flow.xml) now support Dynamic Attribute Values with the shorthand syntax: attribute="{expression}". This enables you to use DC properties or arbitrary strings computable with XPath in any setting.

For proxy-like setups, especially for the Web Accelerator, you can now configure the FIT frontend domain to have the same name as your origin server. That means, you just have to change your DNS to point to FIT and your setup is ready!

On the feature side, the Web Accelerator has interesting news as well. FIT now incorporates mozjpeg as a bundled third party library. On average, it encodes JPEG images into 25% smaller output files. This can significantly speed up the transfer and rendering of your Web page.

Many CSS files contain redundant, browser specific code. The CSS minifier can now strip unused CSS code with vendor prefixes (like -webkit) that do not apply to the requesting user agent. You have to enable the feature in config.xml.

The head reordering component can now remove duplicate scripts if the same URL is used in more than one script element. You have to enable the feature in config.xml.

All CSS files stored in Adaptive Components can now be combined into a single request with the new option <style-concat>. This may save a lot of HTTP requests in projects that use ACs to modularize their code.

Developers will find that the updated SDK will apply strict XML parsing to configuration files. FIT will throw an exceptions if your configuration is not well-formed. The debug output and log files will provide detailed information regarding the cause of the error.

Also, the vagrant user in the SDK can now write FIT configuration and cache files. Thanks to that, you can e.g. empty the cache of a project without entering the guest system: vagrant ssh -- fitadmin maintenance clearcache <project>


  • Changed: HTML Minifying doesn’t remove the input[@type=text] attribute anymore (#28968)
  • Changed: Instead of discarding Set-Cookie headers with wrong domain= directives, the Cookie Handling now restricts them to the originating source (#28978)
  • Fixed: advanced-cache-control does not cause redundant sub-resource requests after the first page view anymore (#29195)
  • Fixed: Animated GIFs containing varying frame sizes are not scaled anymore (#26579)
  • Fixed: dump action retains HTTP status code 204 when received from a backend (#29123)
  • Fixed: Fixed a timing issue in PPL CSS loading for Windows Phone (#28457)
  • Fixed: Replacement of zero-sized matches in EXSLT regexp:replace and XPath replace (#28841)
  • Fixed: Minifying CSS code containing very large strings (#28614)
  • Fixed: Insufficient XML escaping leading to unterminated strings and comments in inline CSS after minifying. (#28942)
  • Fixed: The placeholder image URL of the delayed images feature was changed from about:blank to an inlined GIF because some browsers tried to request about:blank. Therefore delayed images will not be delivered to clients without data URI support. (#28973)
  • Fixed: Allow cookies to be processed after a Location header has been registered to be sent to the client, e.g. by a default-request action or a set-header action. (#29035)
  • Fixed: DC property value encoding, now returning space-characters instead of + (#29093)
  • Fixed: Additional namespaces declared in XSLT for Adaptive Components are now available. (#28885)
  • Fixed: Setting snapToCurrent for stages that do not use the slide effect could provoke JavaScript errors. (#28807)

Operation & Administration

  • Changed: The Load Brake is now disabled by default (#29001)
  • Fixed: Adapted web server configuration examples, e.g. in domains.xml, for Apache httpd 2.4 (#28977)

Third Party

Version 14.1.2

Release date: 2015-09-09

FIT 14.1.2 contains a lot of bug fixes and improvements, many of which aim to ease the integration step – that is integrating FIT into your environment. But there also some interesting new features and important changes.

After a slow start of more than a decade, SVG has finally become a popular choice among Web Developers to deliver site decorations and icons. Scalable vector graphics look good in any size and solves the DPR problem en passant. But SVGs come at a price, too. Many graphics tools create cluttered XML including redundant data that weighs heavy on your site’s payload. The new SVG Minifier reduces the file size of SVGs on-the-fly by removing hidden elements, redundant whitespace and comments.

The set-attributes actions provides a lightweight means of manipulating DOMs. It may be used to set CSS class attributes or control URL Rewriting. Now, you can target DOM elements with CSS Selectors like #main or .documentation a.

Besides that, we still hope you’ll love XPath as much as we do. That’s why we have broadened our XPath function library with replace(). It is a powerful tool to augment Adaptation Instructions or for use in your Flow.

The pass-cache-headers setting controls the caching headers that flow between client and source servers. On one hand, these headers can make a document cacheable, which may benefit some performance metrics. On the other hand, they control privacy and may forbid reusing content between users. Thus, the new default value is now true to retain the origin’s cache settings.

Alongside FIT 14.1.2 we have updated our SDK to ease development. You may now access your local sites at http://<project> or http://<site>.<project> (and https accordingly). This lets you develop in an environment that more closely matches live deployments.

Also, the XSLT compiler cache is now turned off in the SDK so that XSLTs with includes are always fresh. In production setups the cache should remain switched on. This way, you don’t have to tamper with the cache attributes e.g. in xslt actions.


  • Improved: set-attributes action supports css-selector (#27592)
  • Improved: The value _auto_ in the option <headers pass="..."/> can now be combined with other headers (#28289)
  • Improved: Image Scaling now supports scaling images to only fit the viewport in either landscape or portrait orientation (#27410)
  • Improved: Image inlining is disabled for requests made by bots (#28679)
  • Improved: Script Manager will include requested scripts at most once, even if requested multiple times (#28628)
  • Improved: Effectiveness of the CSS minifier (#27592)
  • Improved: AC-Stage now has the snap-to-current option (#27456)
  • Improved: Documentation of the request action (#28780)
  • Improved: Documentation on using EXSLT with FIT (#28487)
  • Changed: http/pass-cache-headers now defaults to true (#28489)
  • Changed: The default-request automatically passes the Content-Disposition header to the client (#28488)
  • Changed: The Detection JS API methods ai.detection.create, Detection.byEvent and Detection.byInterval and the AC-Stage JS API methods, Stage.addElement, Stage.removeElement and Stage.setSlots don’t throw errors any more; the Detection JS API methods ai.detection.add and ai.detection.remove throw fewer errors (#28295)
  • Fixed: Passing cookies to the backend source in pass mode (#28288)
  • Fixed: Passing X-… headers in pass mode (#28313)
  • Fixed: 304 handling in directories backed by fit://-URLs if /index.html or /index.xml is picked automatically (#28844)
  • Fixed: The media query filtering now correctly processes media queries with multiple expressions (#28385)
  • Fixed: The Detection Page will never be served for special URLs like robots.txt or favicon.ico (#28485)
  • Fixed: The Detection Page will instruct bots not to index it or follow links (#28715)
  • Fixed: Values for the delivery context properties html/attribute/async, html/a/call, html/a/mms and html/a/sms have been corrected for several clients (#27849)
  • Fixed: Partial Page Loading causing the body content to revert to a previous state after a few seconds in Firefox (#28691)
  • Fixed: Reduce side-effects of debugging with target page when handling HTTP status codes other than 200 (#28514)
  • Fixed: Invalid Adaptive Component XSLT disk cache entries are removed automatically (#28454)
  • Fixed: Elements of an AC-Stage will not overlap anymore if dragged too far (#28717)
  • Fixed: Autosize mechanism for nested AC-Stages with option sizing='true' set: The inner stage is now resized before the outer stage’s height is recalculated (#28675)
  • Deprecated: FIT Session System (#28580)

Operation & Administration

  • Updated: Update SSL configuration according to version 3.8 of the intermediate compatibility level of the Mozilla Server Side TLS recommendation (#28830)
  • Deprecated: FIT Session System (#28580)

Third Party

Version 14.1.1

Release date: 2015-08-05

14.1.1 focusses on performance improvements and stability.

Media files account for the lion’s share of a Web site’s payload. Images make up two thirds of a site’s weight. FIT now uses 4:2:0 chroma subsampling for JPEG images, which may significantly reduce the file size depending of the image. An update of the palette calculation shrinks transparent PNG images by up to 10%.

14.1.1 has improved the handling of conditional requests. These are requests with an If-Modified-Since header, indicating that a copy of the desired resource already exists in the client’s cache. If the Last-Modified date of a response is equal or older than the client’s document, the document has not changed and is still valid. HTTP provides the special response code 304 Not Modified for this situation. It instructs the client to use its cached file instead of downloading the document again. FIT not only forwards 304 responses from backend servers, but also also synthesizes a 304 from a regular 200 backend response if the modification time is old enough.

Developers should look into the new dynamic request parameters. At times you cannot define request parameters or options statically in sources.xml. The dynamic options can be defined at runtime in your requests action with XSLT. This allows you to continue to use the default-request definition, so you don’t have to deal with the request details.

Creating a RESS site can quickly become a chore. Data needs to present in both client and server to get the most of both realms. Now you can register your own JS feature detection code with the new JS Detection API. FIT will manage the data in the client, handles the transport back to the server and finally makes your data available in the Delivery Context to be at hand for e.g. filtering. This API is in Beta state and may change in upcoming releases.

The release comprises more performance optimizations like reduced CPU usage for URL Rewriting and request actions or a reduction of the number of HTTP requests for Delayed images, and a lot of bug fixes.

Finally, we have updated our documentation in many places, especially the Administration section.


  • Improved: Reduced payload of JPEG images by using 4:2:0 chroma subsampling (#28125)
  • Improved: Reduced payload of quantized PNG images with transparency (#25925)
  • Improved: Cache speeds up images loaded with the JavaScript URL API (#27828)
  • Improved: URL Rewriting is up to 30% faster (#28084, #28238)
  • Improved: A 200 OK response is turned into a 304 Not Modified response if the document is considered unchanged according to the client’s If-Modified-Since and the backend’s Last-Modified header (#28151)
  • Improved: If-Modified-Since requests to local FIDJ resources with a lm URL Mark will immediately terminate with 304 Not Modified if applicable without entering the Flow (#28151)
  • Improved: Request option encoding (#27471)
  • Improved: FIT now saves whether the client has already cached the AI scripts in its cache in the detection cookie (#28310)
  • Improved: Delayed images no longer use placeholder images, therefore saving one HTTP request. (#28436)
  • Improved: Image Scaling now supports smaller breakpoints (60px and 120px) for icon sized images. (#28452)
  • Improved: Microsoft Edge browser detection. (#28463)
  • Improved: Debug output of XSL transformations and HTTP requests in various flow actions (#27390, #27595)
  • Improved: Documentation of set-header action (#25718)
  • Changed: FIT will no longer automatically disable JavaScript for bot clients. Hence, the Google Bot, that is known to process JavaScript, is served dynamic content. (#28162)
  • Changed: With http/pass-cache-headers enabled, a 304 Not Modified main response will immediately terminate the request rather than continuing the Flow to the parse action (#28151)
  • Fixed: SSLv3 version identifier (#26654)
  • Fixed: Request option history (#28465)
  • Fixed: An error introduced in FIT 14.1.0 causing no viewport dimensions to be read from an existing detection cookie and thus e.g. preventing Media Query Filtering to remove width-based media queries, was fixed. (#27879)
  • Fixed: Whitespace and comments in CSS media query conditions no longer impede media query filtering (#28219)
  • Fixed: URL normalization in error documents defined in the conf/config.xml (#27894)
  • Fixed: AC-Stage will now correctly autosize itself when navigating through a PPL site. (#28170)

Operation & Administration

  • Fixed: Plugged some trivial memory leaks in mod_fit (#26984)
  • Fixed: FIT used busy wait until curl finished name resolution since the switch to the system curl library in FIT 14.1.0 (#28455)

Third Party

  • Updated: pngquant / libimagequant 2.5.0, including improved integration in FIT (#25925)
  • Updated: PHP 5.6.11 (#28424)

Version 14.1.0

Release date: 2015-07-08

14.1 is the first major update in the 14 line. It comes with significant changes for both developers and administrators.

Adaptive Components

First of all, we are proud to open the Adaptive Components system for users. Until now, you know ACs as the generic term for some content-driven functionality in FIT. But it is much more! ACs provide a means to encapsulate frontend functionality in a discrete, reusable component. As you know from the built-in ACs like ac-stage, ACs can register custom elements that can be used like any regular HTML element. This is a crucial part in the concept: The implementation is hidden inside the AC, while usage remains opaque. In our experience, this helps teams break a project’s code into readable, maintainable and reusable chunks. An AC mainly comprises an XSL transformation that resembles a server-side Shadow DOM, and arbitrary asset files.

The completely rewritten Script Manager plays well with ACs in that it combines all local (blocking) JavaScript files into a single request – no matter in what combination the files are needed and even if the <script> elements are not siblings in <head>. Nevertheless, it is still a good idea to have a well ordered head.

Furthermore, we have relaxed the naming scheme for ACs a bit: While it still requires a hyphen (-), you are now free to choose a prefix other than ac-. We recommend using your own prefix, if your ACs are local to your project or if you provide a set of ACs that are meant to be used together.

Transparent Cookies

Another interesting new feature is the transparent cookie option. This lets you choose a main source and have cookies from that source passed to the client as is. This stands in contrast with encoded cookies (default), where the original cookie is encoded as a “FIT cookie” to ease content aggregation. Choose transparent cookies if you have just one source that you want to “proxy” with FIT. The cookies will then be available to JavaScript and other servers in your domain.

Web Server & Security Updates

FIT 14.1 no longer bundles the Apache web server 2.2 but now instead supplies its own configuration and start scripts for the Apache 2.4 web server provided by the distribution. Thus, Apache httpd is now a system requirement and you will now receive security updates from your Linux vendor, e.g. Red Hat or Ubuntu.

Keep in mind that the configuration syntax has slightly changed between Apache 2.2 and 2.4. Refer to our upgrading notes for more information.

With the new web server come new log formats. Especially the access_log was relieved of clutter. All performance metrics have moved into to the enriched phpfpm_access_log. Please contact us if you are interested in our logstash configuration for FIT logs.

We have further streamlined the FIT packages by removing our own builds of libcurl and CA certificates. Both of them are now system dependencies. Security updates are provided by the OS vendor and responsibility therefore is shifted to system administrators.


  • Improved: The Script Manager now works with all local scripts, including AC and user scripts (#27395)
  • Improved: CSS is minified in style attributes, too. (#27924)
  • Improved: Head Reordering now moves async scripts to the end of the body if they the client doesn’t support asynchronous loading. (#27172)
  • Improved: Revised the URL API documentation to make it more approachable (#25985)
  • Changed: Resolving order of request options and params (#26685)
  • Changed: For redirect responses, the flow is not terminated by requests actions anymore, but later-on by the next dump or parse action. Thus, developers can modify redirects, too. (#26959)
  • Changed: The prefix ac- for Adaptive Component names is no longer required. The name must contain at least one hyphen (-). (#27466)
  • Changed: All Adaptive Components debug messages are now consolidated in the ac channel (instead of ACProcessor and register-ac). (#28024)
  • Changed: Private files in FIT extensions are made accessible via fit://extension/{myExtension}/.... (#27367)
  • Changed: The fap* cookies were combined into the new fitdetection cookie. (#27879)
  • Changed: The fapref cookie was renamed to fitreferrer. (#27879)
  • Fixed: A new necessary condition for the delivery of the Detection Page is the presence of text/html in the Accept request header. This prevents redundant detection page responses. (#27424)
  • Fixed: Redundant log messages for register-xslt (#27896)
  • Fixed: Creating an empty or invalid DOM, e.g. with the XSLT Action, now raises an exception. (#27296)
  • Fixed: The viewport prefix used in a system stylesheet is now set correctly. (#26831)
  • Fixed: An error with creating wrong viewport detection cookies in Android clients. (#27490)
  • Fixed: The Delivery Context Property css/transform/prefix contained boolean values but was documented with strings. Adjusted the code to reflect the documentation. (#27713)
  • Fixed: The translate-fidj config option can no longer potentially break the output HTML when HTML Minifying is activated. (#27777)
  • Fixed: JavaScript errors in the detection page have been fixed. (#28097)
  • Fixed: A problem with ac-stage and Partial Page Loading in iOS 9 has been fixed. (#27805)
  • Fixed: ac-stage now works with swipe gestures in Microsoft Edge. (#28129)
  • Fixed: The XPath function rewrite-url() could crash if used in nested function calls. (#27964)
  • Removed: Numerous currently unused DC properties were removed. (#27474)
  • Removed: The unnecessary src attribute was removed for the register-ac Flow Action. (#27468)
  • Removed: Removed the option certificate-file to specify custom CAs from sources.xml. (#27974)

Operation & Administration

  • Changed: Compiler optimizations have been changed to be compatible with more CPUs. (#20267)
  • Changed: Log format of access_log and phpfpm_access_log, to remove redundancy. All system metrics are now in the FPM log. (#27441)
  • Changed: The log format of the error_log now includes the unique ID and is otherwise identical to the HTTPD 2.4 default format. (#27934)

Third Party

  • Updated: Update PHP 5.6.10 (#27869)
  • Removed: The bundled Apache 2.2 web server. FIT now uses Apache 2.4 of the distribution (#27789)
  • Removed: The bundled root CA certificates have been removed from the FIT distribution. FIT now uses the certificates supplied by the respective Linux distributions. (#27886)
  • Removed: libcurl has been removed from the FIT distribution and is now an operation system requirement (#22390)
  • Removed: SPDY protocol support in favor of HTTP/2 (#27462)

Version 14.0.8

Release date: 2015-06-03

FIT 14.0.8 focusses on acceleration features and introduces the Media Query Filter component.

CSS Media Queries are used to apply rules only if certain conditions are met, e.g. @media (min-width: 800px) {..}. This is a common technique in Responsive Web Design (RWD), since this allows the layout to automatically adapt to the client. The Media Query filter analyzes CSS for conditions that can never be true for the requesting client, such as the min-width condition above in a 320x480px handset browser. The filter removes those dead rules and hence reduces the CSS payload.

Another technique to reduce payload is the new visibility prioritization for delayed images. Instead of simply lazy-loading images after the document is complete, the images are requested when they should become visible in the current viewport. This automatically favors above-the-fold content, and may in turn cause way-below-the-fold images (at the end of long pages) never to be sent through the wire.

Built-in system scripts are now delivered inline for a visitor’s first page view. This eliminates blocking in the critical path and may reduce the number of requests needed to render the page. For subsequent page requests, the scripts are “outlined” into the regular HTTP browser cache in an asynchronous manner.

Developers should take note of our new XPath function has-class() that makes it easy and less cumbersome to express CSS selectors in XPath: //div[has-class("header")]. This is easier to read and more robust than naïve implementations that usually don’t take multi-class attributes into account.

Enjoy the release, and keep in mind that some features have to be activated in the config!


  • New: Added a Media Query Filter to remove @media rules from CSS that will never be applied on the requesting client (#20349)
  • New: XPath function has-class() (#27059)
  • New: visibility prioritization delays loading of images until they are scrolled into the viewport (#27247)
  • Improved: FIT scripts are inlined on the first request and “outlined” afterwards, in order to balance first view performance and repeat view caching (#27074)
  • Improved: Images in PPL requests will only be delayed if priority is set to visibility. (#27363)
  • Improved: Null byte handling in HTML parser (#27426)
  • Improved: Documentation added for ai.images.loadHQImages() to load delayed images (#27366)
  • Fixed: ai.urls.composeUrl() now returns correct URLs when called with schemeless URLs (// (#27338)
  • Fixed: Avoid errors when inlining (broken) resources with empty URLs (#27404)
  • Fixed: Private FIDJ URIs should be removed from output (url-rewriting/translate-fidj) (#27509)
  • Fixed: Nested ac-stage elements with sizing=auto set, need an additional resizing for the outer stage when the inner stage changes. As long as the inner stage is not visible, it shouldn’t get a calculated height as the calculated height will be 0. (#26930)
  • Fixed: ac-stage elements will now be correctly destroyed when navigating a site with PPL (#27653)
  • Removed: Web server default favicon.ico to enable sites to fully control custom favicons (#27400)


Release date: 2015-05-19

FIT is a security release that updates the bundled PHP release to 5.6.9. It fixes a possible DoS attack vector introduced by improper multipart/form-data parsing in PHP.

Third Party

Version 14.0.7

Release date: 2015-05-06

The HTTP/2 specification is mostly finished and finally in an “almost done” state. It defines ways to better utilize network and bandwidth, thus providing huge benefits to Web performance. The FIT 14.0.7 release is the first to contain optimization measures that take an HTTP/2 client connection into account.

FIT does not act as an h2 server itself, because the usual deployments contain a dedicated offloading layer, e.g. a load balancer or an offloader like nghttpx. However, FIT uses the Via header that may be easily configured in HTTP2 intermediate nodes, to determine whether the client employs an h2 connection. This information is accessible as the request/http2 DC property.

In the first round of HTTP/2 features, FIT “unoptimizes” some of the HTTP/1 performance measures. They do not necessarily harm HTTP/2 connections, but we believe that less is more and therefore get out of the way to let the browser do its work. Especially inlining is not a sure shot optimization, because it may bloat repeat views. Thus, script/style inlining, image inlining and the Script Manager will be disabled automatically.

Furthermore, 14.0.7 introduces support for processing HTML fragments that are often used to refresh partial content via AJAX. Since fragments are not clearly distinguishable from ordinary HTML5 documents, FIT requests have to be marked accordingly to enable fragment parsing. The HTML5 parser was also improved in order to parse non-JavaScript <script> elements.

Image Scaling now lets you choose between speed and splendor: Setting the new viewport-fitting option to current results in images being scaled to the current viewport size and orientation only. This may in turn lead to much smaller image payload on your site. The default for this option remains max, which causes images to be scaled for the larger of the possible viewports (i.e. bigger files but better quality for users who rotate their device).



  • Changed: FIT URLs lacking a trailing slash after the site path or URL Marks are now redirected. (#26497)
  • Changed: Paths in URLs beginning with /static/ are not reserved anymore. (Static content is now identified by the ;pass URL Mark). (#26953)
  • Changed: Local public resources are encoded as local URLs unless mapped (#27018)
  • Changed: Set-Cookie headers are stripped from the response if accepting backend cookies is turned off. (#27223)
  • Changed: Mandatory URL maps without mapping rules are forbidden (#26850)
  • Fixed: Minification, inlining, deferred document.write and other features possibly spoiling scripts different from text/javascript (e.g. text/html) will no longer be applied to <script> content with a type attribute that does not contain javascript. (#25769)
  • Fixed: Textfilters are now applied to inlined CSS (#26380)
  • Fixed: Enabling debug output whilst navigating with Partial Page Loading no longer leads to JavaScript errors. Additionally, the debug output of the pageend target is updated between requests. (#26739)
  • Fixed: Reserved characters like ~ will now be URL encoded correctly in x-www-form-urlencoded POST requests (#26897)
  • Fixed: Evaluate the X-Forwarded-Proto header to correctly set the request information in the Delivery Context (#26942)
  • Fixed: Flow conditions no longer automatically evaluate to false() if their XPath expressions emit warnings. (#27144)
  • Fixed: The XPath functions content and fit-document now return an empty node-set if the requested FIDJ resource does not exist. (#27295)
  • Fixed: The JavaScript Delivery Context API does not trigger errors on Internet Explorer 8 anymore. (#26454)
  • Fixed: Browsers will no longer unintentionally follow links in an ac-stage-element. (#27022)
  • Fixed: Galaxy S II devices running older android versions before 4.1 had problems rendering a smooth slide effect for ac-stage elements. They now use the swap effect instead. (#26973)
  • Fixed: The placeholder fallback of ac-input has been fixed and should now behave as close as possible to native input placeholders. (#26982)

Third Party

Version 14.0.6

Release date: 2015-04-09

For 14.0.6, we have enhanced and polished many details, resulting in a large number of small improvements.

The Delivery Context now contains information about response image capabilities, improves WebP detection via Accept headers in a RESSful way, automatically detects and corrects erroneous viewport data generated by clients, and has more accurate information about touch events. The latter results in gesture support in AC-Stage for a broader range of browsers, especially in the Android universe.

Developers can now attach to the new dcupdate event that is triggered whenever a DC property changes its value in the client. That could be the user rotating her device or a script calling the DC JS API to set a property in the client.

As XPath is ubiquitous in FIT, we have put more work into our custom XPath functions. The new rewrite-url() function takes a URL and optionally URL Marks and rewriting attributes and returns a FIT URL. The function is most useful when you need to process a URL that is not in a DOM attribute, e.g. to create a JS snippet. The existing functions tolower() and toupper() have matured to support Unicode characters.

Operators may like the new XSLT Cache behaviour: Although the compiled XSLT is held in process memory (and not on disk), FIT now uses a reference file in the project cache dir (/var/cache/fit14/engine/projects/myproject). Whenever the cache is cleared with fitadmin maintenance clearcache myproject (or rm -r) the reference file is deleted, too. The existing XSLT cache entries are then considered stale and renewed. This could be a useful addition for deployment scripts.


Operation & Administration

  • Improved: fitadmin maintenance clearcache now also clears the XSLT cache. (#26352)
  • Fixed: No fatal errors when non-existing AC files are requested. (#26725)

Third Party

  • Updated: PHP 5.6.7 (#26892)
  • Updated: GeoIP 1.6.5 (#26916)

Version 14.0.5

Release date: 2015-03-11

Sevenval FIT 14.0.5 contains a lot of new functionality. In the FEO corner, we have a brand new HTML Minifier that reduces the transfer size of your HTML document – play around with its options to see how much you can save!

ac-stage can now display multiple elements at once with the slots feature.

The Flow is more powerful than ever with its two new actions: set-attributes is a straight-forward method to set attributes on DOM elements. It provides a handy way for fine-grained control of URL rewriting, e.g. in JSON or XML documents. register-xslt reaches way beyond the Flow and adds an XSLT filter step right before the content is sent to the client. This allows you to apply fixes after AC processing, URL rewriting and anything else that happens after the Flow hands off control to the engine.

The new transport mapping enables you to avoid SSL handshakes and latencies by using HTTP instead of HTTPS inside a data center. It is also useful for debugging purposes or development situations as it lets you rewire remote servers to local mocks without changing any URLs in your site.



  • Improved: The HTML parser now supports the (empty) source element and no longer complains about unknown elements (#26029)
  • Improved: FIT now rewrites URLs in more attributes with proper roles: srcset, cite (on blockquote, del, ins, q), data (on object), formaction (on button, input), longdesc (on img), poster (on video), src (on video) (#25720, #26029)
  • Improved: AC-Stage only delivers the used effects, thus reducing the required bandwidth (#25975)
  • Improved: Client specific scripts will no longer be transported via the document itself, but instead be delivered through a cacheable request. (#26082)
  • Improved: Detection of viewport dimensions on clients with unknown hardware vendors (#26149)
  • Improved: fapucm cookie for updating the delivery context when the client changes (e.g. with a browser update) (#25661)
  • Improved: JavaScript DeliveryContext API gets updated values for most viewport properties on resize events. (#26269)
  • Improved: Documentation of conf/sources.xml (#25096)
  • Fixed: FIT no longer terminates with a status code 502 when the main response is empty (#25744)
  • Fixed: Parse and process uploads and post data from clients only as required by the Content-Type header (#26603)
  • Fixed: Request Web fonts with appropriate HTTP Accept header. (#26327)
  • Fixed: When FIT rewrites URLs with role js or css the backend’s Content-Type is no longer considered (#25415)
  • Fixed: Errors when requesting XML or JSON resources with head reordering enabled (#26225)
  • Fixed: Fixed problems with the script manager in private browsing mode. (#26181)
  • Fixed: JavaScript URL API could return an erronous URL if fragments were used (#26262)
  • Fixed: WebP support for transparent input images is correctly determined for Image Scaling (#26266)
  • Fixed: The JavaScript DeliveryContext API method ai.dc.getProperty correctly returns false, not undefined, if the value is false. (#26394)
  • Fixed: Active properties will now respect different browser behaviour in standards and quirks mode and check the doctype of the document to determine what properties to use to detect viewport dimensions. (#26589) (#26589)
  • Fixed: AC-Scroll support on the Dolfin2 browser needed a fix for vertical scrolling. (#26193)
  • Fixed: AC-Scroll support has been improved and now uses the dc property js/touchmove. (#26398)
  • Fixed: AC-Stage in Partial Page Loading with Fragments are recognized even as descendants of the fragment. (#26281)
  • Fixed: AC-Stage event handling support has been fixed for HTC One X and Samsung Galaxy Tab2 devices. (#26479)
  • Fixed: Vertical AC-Stage elements with ´sizing=’auto’´ set now get the correct height. (#26538)

Operation & Administration

Third Party

  • Updated: PHP 5.6.6 (#26501)
  • Updated: curl 7.41.0 (#26577)

Version 14.0.4

Release date: 2015-02-02

The first FIT 14 release of the year 2015 is out! 14.0.4 incorporates some interesting features that help you meeting your frontend performance goals. Head Reordering is a well-known but hard-to-maintain performance technique that aims at the browser’s critical rendering path – Watch your waterfalls!

Furthermore, you can now get rid of IE comments by sorting them out on the server-side.

Under the hood we have made many performance improvements, including response cachability, JS code reduction and asynchronous loading. Furthermore a lot of bug fixes and stability improvements round up the release.


  • Improved: Documentation for Adaptation Instructions and Image Adaptation (#25580)
  • Improved: Amount of scripts delivered to the client is reduced based on settings and request information (#25504)
  • Improved: FIT assets like JavaScript or the preview image used in the delayed images feature are now publicly cacheable. This improves the performance of your site and pagespeed scores. (#24352)
  • Improved: JavaScript for property detection is now loaded asynchronously when possible. (#25650)
  • Improved: The JavaScript Image URL API now makes use of the FIT image scaler cache. (#25752)
  • Improved: Performance and stability of CSS minifier (#25676, #22141)
  • Fixed: Posting JSON data with the default-request action (#26034)
  • Fixed: Rewriting role for link rel="alternate stylesheet" is now css, the rel attribute value is treated in a case-insensitive way (#25601)
  • Fixed: Rewriting of HTML5 manifest attributes (#25463)
  • Fixed: When converting incoming WebP images into alternative formats transparency will be retained (e.g. by using PNG). (#24201)
  • Fixed: Reloading pages that use Partial Page Loading will no longer trigger an unnecessary request. (#26091)
  • Fixed: Async loaded scripts no longer block the pplend event (#25579)
  • Fixed: Vertical scrolling of the viewport on an AC-Stage (#24860)
  • Fixed: AC-Stage now works with BlackBerry RIM browser 4.6 (#26105)
  • Fixed: A click on a button element in AC-Stage now fires only one click event (#25582)
  • Fixed: Buttons in an AC-Stage now get a proper button styling on HTC Flyer devices running Android 3.x (#25535)
  • Fixed: A non infinite AC-Stage will stop on its border elements even when tricked by changing the swipe direction during a swipe (#25830)
  • Fixed: Clicks in AC Stage will no longer be executed twice (#25582)
  • Fixed: Some devices running on Android 4.0.x have problems with the translate3d styles used in AC-Stage effects. Those devices now use translate2d. (#25170)
  • Fixed: iOS devices will now have correct values in the Delivery Context properties client/hw/display/width and client/hw/display/height. (#24591)
  • Fixed: The script manager will no longer reuse resources from older fit versions (#26233)
  • Fixed: Delayed images now work on iOS in private browsing mode with Script Manager enabled (#26181)
  • Fixed: Partial Page Loading now works on iOS in private browsing mode with Script Manager enabled (#26197)

Operation & Administration

  • Improved: The maximum size (in megapixels) of a source image can now be configured in the fit.ini (#26161)
  • Changed: PCRE package dependencies: On SLES the pcre system package is now used, the formerly bundled package has been removed. On Ubuntu the libpcrecpp0 system package is no longer required. (#25676)
  • Fixed: Virtual host generation for _path/_path domain routing (#25524)
  • Fixed: No more PHP warnings for temporary test file entries in the extensions directory by running in multiple parallel instances. (#25274)

Third Party

  • Updated: PHP 5.6.5 (#26175)
  • Updated: curl 7.40.0 (#25998)

Version 14.0.3

Release date: 2014-12-01

FIT 14.0.3 brings RESS to SLES! We are happy to announce that SLES 12 is now among the supported operating systems. Check the installation instructions for more details.

Frontend developers now have access to our image scaling features from JavaScript through the URL API. ac-stage provides more API functions and better interoperability with ac-scroll.

The core components have received some love, too: Our HTML parser supports more HTML5 elements, the JavaScript minifier is more robust and respects license comments, more WebP images for everyone, faster page loading thanks to less inline code. Last but not least, we hunted down a lot of bugs and updated third party libs.

As always, please read the full changelog and pay attention to the Changed and Removed keywords.


  • Changed: Disable SSLv3 support for outgoing requests to sources by default due to the POODLE weakness. If required, SSLv3 can be re-enabled for specific requests using the ssl/@version request option (#25347)


  • Changed: The AC-Stage show() method now throws a RangeError if the given position is not in the valid range (#25390)
  • Changed: The ac-stage element may now be empty (#25390)
  • Changed: The properties newNode and oldNode of the pplcontentready event were renamed to newNodes and oldNodes; their values are an array of Nodes (#24988)
  • Removed: The property contentReplacedCallback of the pplcontentready event and the function definition ai.ppl.ContentReplacedCallback are no longer necessary and were removed (#24988)


  • Improved: HTML5 parser supports section, article, header, footer, main, aside, nav and template elements (#24828)
  • Improved: Several scripts provided by FIT are turned into external scripts to benefit from caching and reduce download size, some of them are loadable with the script-manager (#24938)
  • Improved: Nesting of AC-Stage and AC-Scroll behaves much more reliable (#25062)
  • Improved: JavaScript minifier now preserves comments starting with /*! (#25105)
  • Improved: Regex detection in JavaScript minifier (#24706)
  • Improved: Viewport Detection works more reliably for the inactive orientation (#26280)
  • Changed: WebP is now always preferred over JPEG for WebP-capable clients (#25207)
  • Changed: Conditional comments intended for Internet Explorer are now parsed as comments (#23107)
  • Changed: HTML parser removes CDATA sections outside of script or style elements (#25631)
  • Fixed: Form values are now correctly encoded when a form is submitted with ppl (#25372)
  • Fixed: AC-Stages with the same id within two states of a PPL fragment are now destroyed and correctly initialized during transition (#24988)
  • Fixed: ac-stage handling on some clients that had problems with slight vertical movement (#25474)
  • Fixed: ai-rewriteurl now works better using HTML comments (#25337)
  • Fixed: ac-scroll in emulation mode will now scroll correctly to the element borders (#24970)
  • Fixed: Automatic inlining for external JavaScript and CSS resources when caching is enabled in sources.xml (#25428)
  • Fixed: HTTP status code 404 on requests to local non-existing resources in pass mode (#23147)
  • Fixed: Handling of HTML comments in JavaScript minifier (#24902)
  • Fixed: Pass mode was enabled by default when rewriting content links to local non-DOM resources, such as .json (#23840)
  • Fixed: URL rewriting respects fragments in image and font URLs (#25264)
  • Fixed: A click on an input label (checkboxes) in AC-Stage now fires only one click event (#25487)
  • Fixed: Superfluous warnings and notices (#25180) (#25262)

Operation & Administration

  • Fixed: fit_engine.log and phpfpm_access_log are now always group readable (#24196)
  • Fixed: fitadmin validate domain shell command now can read/load domains configuration files (#25321)

Third Party

  • Updated: curl 7.39.0 (#25347)
  • Updated: libxml 2.9.2 (#25076)
  • Updated: libwebp 0.4.2 (#25254)
  • Updated: PHP 5.6.3 (#25512)
  • Updated: APCu 4.0.7 (#25256)

Version 14.0.2

Release date: 2014-11-03

This feature release brings a lot of new functionality. The performance toolkit now features automatic inlining for external JavaScript and CSS resources and deferred document.write execution – your site’s life-saver, if 3rd party scripts fail.

AC-Stage improves support for less capable browsers that do not handle animations well. It also has a handy new auto-size feature that sizes the stage according to its content.

The Delivery Context offers more properties. Especially the request properties make it easier to filter content or functionality based on URL information. The new version-compare() XPath function allows for more robust version comparisons with browser or OS versions.

We have revisited the debugging facilities: They help you to spot configuration problems, find bugs in your XSLT or – with the new debug action – output your own variables.



  • Improved: Image Adaptation no longer uses hardware pixel but viewport pixel for scaling images with px values (#24893)
  • Improved: Rewriting of CSS fonts URLs (#24879)
  • Improved: AC-Stage now works in the OSS browser (#25045)
  • Improved: Debug logging is now isolated from document CSS definitions that could made the debug hard to read (#24731)
  • Improved: Debug logging now summarizes which configuration files exist and whether they are wellformed (#22232)
  • Improved: Debug logging displays the current values of site configuration settings each time they are used (#24278)
  • Improved: The set-config action now logs to the config debug channel, too (#24780)
  • Improved: JavaScript Event API now offers a comprehensive list of reserved event types (#24786)
  • Changed: Resizeable browser used to get viewport dimension snapped to breakpoints to enhance caching hits (matching ucm). This is changed and the usage of breakpoints must first be enabled in the config.xml. (#24925)
  • Changed: stageinit event of AC-Stage (#24786)
  • Fixed: Attributes on head and body elements are preserved during processing of Adaptive Components (#25041)
  • Fixed: Conversion and formatting of dump action output by content type (#25104)
  • Fixed: Delete autofocus attribute on AC-Input elements for clients that don’t support autofocus (#25092)
  • Fixed: Proper distinction between SVG images and SVG fonts (#24582)
  • Fixed: Text filter item ai-rewriteurl accepts leading characters and whitespaces, too (#24930)
  • Fixed: XSL messages no longer discard the result of the AC XSLT Transformation (#24733)
  • Fixed: AI text filter erroneously discarding ai-end tags (#24881)
  • Fixed: ai-…/ac-… elements no longer raise HTML parser errors (#24828)
  • Fixed: type datetime-local for AC-Input (#24950)
  • Removed: Undocumented FIDJ URI fit://request/entryURL removed (#25006)


  • Improved: Requests sending an x-purpose: preview or x-moz: prefetch header will not get the DC Detection page (#24725)
  • Improved: DC Apple iPhone detection – use iPhone 6 and iPhone 6 Plus as client/hw/name (#24712)
  • Fixed: set-config action caused a fatal PHP error if the site’s config.xml was invalid (#24793)

Operation & Administration

  • New: Apache HTTPd now denies access to any local directories and files with names starting with . (#22933)
  • New: fitadmin config check now ignores the permissions of any directories and files with names starting with ., as well as lost+found (#22933)
  • New: fitadmin validate domain shell command to validate the domains configuration (#22232)
  • Improved: fitadmin config generate now gives information about virtual host generation (#24744)
  • Fixed: Virtual host generation for HTTPS-only domains (#24717)

Third Party

  • Updated: PHP 5.6.2 (#25058)

Version 14.0.1

Release date: 2014-09-24

FIT 14.0.1 is the first official update in the 14 series. With ac-stage and ac-scroll it introduces the first set of adaptive components that help developers mitigate the complexity of today’s ultra-wide range of Web clients.

Developers will also enjoy the new content() XPath function and more improvements like a default URL map.

In the ops section, 14.0.1 features apt repositories for easy installation and updates on Ubuntu, PHP 5.6 and a new update mechanism for the CDR, that will from now on be automatically updated in every package release (in addition to the weekly extension releases).



  • Improved: Enabled deflate encoding for TTF, OTF and EOT fonts (#24414)
  • Fixed: Buffer over-read in JavaScript minifier (#24290)
  • Fixed: Wrong content type for error documents under certain circumstances (#24381)
  • Fixed: PPL links to non-HTML resources (#24418)
  • Changed: Adaptive Components have a different caching behaviour (#23605)
  • Fixed: Missing font support for SVG image processing (#23541)
  • Improved: Better recognition and handling of external links when using PPL (#24413)


  • Fixed: Prohibit incomplete IP addresses in cookie domain directive (#24482)

Operation & Administration

  • New: apt repository for convenient installation under Ubuntu (#24309)
  • Improved: FIT automatically (de)activates the CDR extension on updates and downgrades if the CDR version is not compatible with the FIT version (#24429)
  • Fixed: Basic-Auth for debug logging in fit.ini (#24333)

Third Party

  • Updated: curl 7.38.0 (#24481)
  • Updated: PHP 5.6.0 (#24284)
  • Updated: Apache httpd 2.2.29 (#24310)
  • Updated: libwebp 0.4.1 (#24551)

Version 14.0.0

Release date: 2014-09-01

We are proud to announce the availability of FIT 14. This version is major release aiming at developer usability. The focus has moved from mobile only sites to easing development and maintenance of RWD and One-Web projects that deliver content to all devices including tablets and desktop browsers.

Following our your tools, your rules paradigm, the architecture has changed to seamlessly integrate into your development and deployment tool chains. We have revisited all components and reduced the system to a slim and manageable software layer, that is easier to install, configure and automate than ever.

The new version includes a ready-to-use developer box and a bunch of new technologies as Adaptation Instructions, Flow Actions, a new Delivery Context and much more. We have also launched a new and comprehensive documentation site:

You will find in-depth information on all FIT 14 topics there.