This documentation is for an outdated version: 14.6.13. The current version is 14.6.17 - get the documentation here.

Sevenval FIT 14 – Changelog

Version 14.6.13

Release date: 2018-12-05

FIT 14.6.13 is a maintenance release comprising bug fixes and third party updates.

Web Accelerator

  • Improved: HTTP Cache now implements heuristic calculation of freshness from the Age HTTP header field. (#40258)
  • Improved: HTTP Cache by ignoring the HTTP header fields from the origin response with status 304 Not Modified. (#41839)
  • Improved: HTTP Cache caches expired responses to be able to revalidate these responses via conditional request. (#41907)
  • Fixed: Correctly update the HTTP Status Line to 200 OK on cache revalidation. (#38482)
  • Fixed: Missing directory when the HTTP Cache tries to touch the remove-me-to-invalidate-request-cache file. (#42022)
  • Fixed: Origin HTTP response header fields that contain forbidden characters are dropped. (#42108)

Third Party

Version 14.6.12

Release date: 2018-10-04

FIT 14.6.12 is a maintenance release with bug fixes and third party updates.

Web Accelerator

  • Changed: Multipart POST boundary in Content-Type header line will be sent unquoted to broaden compatibility. (#41544)
  • Fixed: HTTP POST field names will no longer be sanitized (e.g. changing . to _). (#41603)
  • Fixed: Location HTTP header fields are sent in pass mode. (#41486)
  • Fixed: Unassigned HTTP status codes are passed to the client, too. (#40600)
  • Fixed: Fatal error when calling text filter in the parse action. (#41389)
  • Fixed: PHP Warnings when minifying nested script or style elements. (#41452)
  • Removed: Removed the FDX experiment API and other code related to FDX experiments. (#41106)

Operation & Administration

Third Party

Version 14.6.11

Release date: 2018-08-08

FIT 14.6.11 is mainly a maintenance release comprising bug fixes and third party updates.

However, developers will find some smaller improvements that make it easier to create custom requests for REST or SOAP APIs.

Web Accelerator

  • Improved: HTTP Cache now supports proxy-revalidate and must-revalidate directive and ignores all Cache Control Extensions (#40909)
  • Improved: If a server sends an 304 response that forbids caching (e.g. Cache-Control: private) upon revalidation, the cache entry in question will be deleted (#40454)


  • Improved: If written without a type attribute, the JSON XML notation element <json-document> now defaults to object type ({}) (#40972)
  • Improved: request body mode json automatically converts JSON XML notation before sending (#40972)
  • Improved: request body mode xml allows to POST an inline XML document without escaping (#40972)
  • Improved: The new fit:// filter xml2json converts the JSON XML notation into JSON text while reading from a resource (#40972)
  • Improved: The response XML now includes a method attribute reflecting the HTTP method used for the request (#40856)
  • Fixed: Transformations of fit://request/cookies could result in doubled cookies when the path field was missing (#40301)
  • Fixed: XPath functions using the wrong DOM document when dealing with different XSLT document contexts (#40527)
  • Fixed: The Delivery Context property client/version for SamsungBrowser now reflects the Chrome version number (#41202)

Third Party

Version 14.6.10

Release date: 2018-06-06

14.6.10 introduces new XPath functions for developers working with JSON data.

The new lookup() function implements key based lookups from either JSON files or our open sourced SHMT database format. Especially the latter is very fast at runtime. The function’s purpose is to perform pain free “value-value” replacements from XSL transformations such as mapping IDs to strings or implementing translation tables.

The returned value of lookup() may be an arbitrary string, such as JSON data. This plays nicely together with the new json-to-xml() and xml-to-json() functions that are loosely based upon the new XPath 3.1 functions for handling JSON data. They translate JSON strings into an XML representation that is returned into the XPath or XSLT context as a ready-to-use DOM tree. This is especially handy when working with API services.

As usual, there are also a couple of third-party updates and bug fixes.


  • Fixed: Foreign cookies are no longer converted to Encoded Cookies (#40301)
  • Fixed: Index numbers of Encoded Cookies are retained after writing to fit://request/cookies to allow for sending updated cookies to the client. (#40301)
  • Fixed: The expires attribute in fit://request/cookies may be set 0 (i.e. the UNIX epoch) to signal the browser to delete the cookie (#40301)

Web Accelerator

  • Fixed: Cached responses are correctly updated with 304 refreshes containing multiple headers with the same name (#40399)
  • Fixed: Transport mapping now skips DNS resolving for valid IPV4 adresses (#40028)
  • Fixed: Memory leaks in various XPath functions (#40183)
  • Fixed: Handling of invalid ImageScaler URLs if the last path component did not contain an extension (#40021)

Third Party

Version 14.6.9

Release date: 2018-04-04

14.6.9 is a maintenance release comprising bug fixes and third-party updates.

Image Compression produces smaller WebP results from PNG input files with few colors. Such files often carry graphical images that are more susceptible to compression artifacts. However, even natural photos may be quantized to a small color palette. Instead of relying on WebP lossless compression to avoid artifacts, a lossy compression with higher quality is carried out. This saves a lot of bytes for photo-like images while preserving quality for logos and icons.

Web Accelerator

  • Improved: Image Compression uses lossy WebP compression (instead of lossless) for PNG images with few colors or palettes in order to further reduce their weight (#39325)
  • Fixed: Erroneously re-sending message body when following redirects after POST requests (#39487)
  • Fixed: Image Compression never provided ZorroSVG images with a PNG mask (#39815)
  • Fixed: A better detection of SVG fonts in the default namespace excludes these from the Image Scaling (#39700)


Third Party

Version 14.6.8

Release date: 2018-02-07

14.6.8 is a maintenance release with improvements, bug fixes and third party updates.

For the folks operating FIT servers, we are happy to finally ship a solution for the issue with excessive memory use due to brotli compression. It turned out that neither mod_brotli nor libbrotli were leaking memory. However, the way libbrotli malloc()s and free()s leaves behind a fragmented heap that libc is not willing to return the OS. With the right parameters, we could tune the allocator to avoid this memory bloat, reducing memory usage by 500 MB per httpd process on Red Hat based systems (and up to 100 MB on Ubuntu or SLES).

From time to time, one needs to clear the HTTP cache, e.g. when resources in the origin change. Instead of deleting all cached files, fitadmin maintenance clearcache --http now sets a reference file that instantaneously invalidates all files. The origin then may send lightweight 304 responses to revalidate the existing caches.

After another round of data crunching we have tuned the parameters for our image quality prediction algorithm in order to obtain smaller files with Image Compression.

Web Accelerator

  • Improved: Prediction of image quality in the Automatic Image Quality Assessment to obtain smaller images (#37049)
  • Improved: Unless otherwise prohibited, the HTTP Cache stores responses where a HTTP header field Cache-Control contains a max-age=0 or s-maxage=0 directive to speed up revalidation and to allow optimizations, e.g. the Image Compression (#35466)
  • Improved: Responses where a HTTP header field Cache-Control contains a no-cache="Set-Cookie" directive are now cacheable by the HTTP Cache (#39077)

Operation & Administration

  • Fixed: Tune parameters for glibc malloc to workaround a memory bloat issue with mod_brotli caused by heap fragmentation (#39024)


Third Party


Release date: 2017-12-14 is a hotfix release for FIT 14.6.7.

The updates of Apache mod_brotli and Brotli 1.0.1 both had memory leaks resulting in excessive memory usage of httpd processes. These third party libraries have been reverted to the versions shipped with FIT 14.6.6.

Operation & Administration

  • Fixed: Memory leaks in both Apache mod_brotli and Brotli (#39024)

Third Party

Version 14.6.7

Release date: 2017-12-06

FIT 14.6.7 rounds up this year’s line of releases with a long list of improvements. We have touched all Web Acceleration components in order to improve run-time performance, compression efficiency and standard compliance. In short: we do a better job in less time!

We have a passion for Image Compression and constantly research new ways of improving our compression results. A new detection step in our Image Compression identifies redundant transparency in image files. If the alpha channel of a PNG file marks every pixel as opaque, the channel may be removed altogether. This alone may lead to smaller file sizes. However, the main benefit of removing transparency is the possibility to achieve much higher compression ratios by using the JPEG format. Thanks to greyscale support and better quality prediction, AIQA can asses more JPEG candidates, leading to smaller file size.

At the same time the CPU needed for image processing was reduced. One seemingly simple task is counting colors. Larger images may contain millions of distinct colors. However, in many cases the exact number is not necessary. Taking a short cut when counting colors can cut processing times from seconds to milliseconds!

We have also improved our markup processors. The HTML Minifier runs much faster as it is now completely written in C. HTML5 parsing with Gumbo is faster, too. Also, its parsing results are better, because we have implemented a server-side version of noscript handling. HTML5 specifies parsing rules for scripted and non-scripted contexts. However, when pre-processing HTML documents the client’s execution context is unknown. Therefore we handle noscript in a way that, while actually parsing its content, has only local effects on the DOM structure. This is especially important if noscript blocks in the document’s head contain palpable content. Reordering head elements now also handles Internet Explorer’s Conditional Comments. The CSS Minifier handles redundant HTML comments better and provides “bug compatibility” for IE problems.

Besides quite a few bug fixes we have updated many bundled third party software to keep you safe over Christmas :)


  • Fixed: potential write past the end of a buffer as well as a potential NULL pointer dereference in libxml2 (#38804)

Web Accelerator

  • New: Setting the new noscript option for the HTML Minifier to false disables the minifying for noscript elements (#38108)
  • Improved: Detection and removal of redundant transparency for better Image Compression (#38452)
  • Improved: AIQA quality prediction (#38533)
  • Improved: AIQA supports greyscale images in JPEG format (#38533)
  • Improved: HTML Minifier retains ko comments (#38563)
  • Improved: Unless otherwise prohibited, the HTTP Cache stores Cache-Control: no-cache responses to speed up revalidation in subsequent requests (status 304) (#37763)
  • Improved: Responses with Cache-Control: pre-check or post-check are now considered to be cacheable (#38529)
  • Improved: Responses with multiple Cache-Control: max-age or s-maxage directives are now considered to be cacheable (The shortest time to live will be used) (#38289)
  • Improved: HTTP Cache ignores Content-Type headers in 304 backend responses that differ from the original header (#38417)
  • Improved: Performance of HTML5 parser (#38406)
  • Improved: Performance of JavaScript minifier (#36148)
  • Improved: Performance of HTML Minifier (#38154)
  • Improved: CPU usage is reduced when scaling images (#38123)
  • Improved: CPU usage is reduced if DSSIM is used in Image Compression (#38217)
  • Improved: Uploads are no longer limit by RAM due to buffering (#37899)
  • Improved: If FDX scripts are inserted into a page, private is added to the Cache-Control header (#38260)
  • Improved: FDX does not count HTML fragments as a delivered page (#38243)


Operation & Administration

Third Party

Version 14.6.6

Release date: 2017-10-04

14.6.6 is an optimization release comprising quite a few improvements and bug fixes. You will find improvements to many of our acceleration features.

The HTML Minifier runs faster to bring down TTFB. The HTTP Cache supports Cache-Control: proxy-revalidate to satisfy more responses from cache.

We have removed on-the-fly Image Compression. That means an image that is not cacheable will not be processed at all. Until now, we would perform a compression experiment without storing the result. However, we have decided to trade TTFB for download size.

Our HTML5 parser now fully adheres to the W3C Recommendation to detect the encoding. Most of the time, the character set is determined from a byte-order-mark or the Content-type header field. If neither of those are present, our new scanner reads the encoding from the <meta> tags in the document itself.

As usual, the update ships fresh 3rd-party libraries to carry on upstream security and stability fixes.

Web Accelerator

  • Improved: If no character encoding was specified in the Content-Type header field, the HTML5 parser now uses the algorithm specified by the W3C Recommendation to detect the encoding (#37364)
  • Improved: Responses where a HTTP header field Cache-Control contains a proxy-revalidate directive, are now cacheable by the HTTP Cache (#37589)
  • Improved: The FDX event clientTiming now contains the property navigationType in case the browser provides the windows.performance.navigation API. Possible string values are undefined, navigate, reload, back_forward and reserved. (#37632)
  • Improved: Performance of HTML Minifier (#38038)
  • Changed: Image Compression does not perform on-the-fly image optimization for non-cacheable (e.g. Cache-Control: private) responses. Such responses are passed unchanged to the client and will never be processed. (#37061)
  • Changed: CSS Concat is no longer supported for Internet Explorer 9 and older because of technical limitations of the browser (#37730)
  • Fixed: Image Compression does not create WebP variants for non sRGB images in order to avoid changes in color appearance (#36088)
  • Fixed: Webfont compression no longer breaks embedded fonts in CSS files (#38106)
  • Fixed: Removal of newline characters when minifying JavaScript (#37834)
  • Fixed: Script Manager no longer generates warnings if scripts with a redirect are requested (#37492)
  • Fixed: A form with enctype="multipart/form-data" set now contains the correct submit button information when sent via PPL (#37322)


  • Fixed: FDX custom events scripts, provided by an extension, are now delivered with a correct src attribute in case a mandatory URL map is used (#37485)

Operation & Administration

  • Improved: To reduce hard disk space use, Image Compression experiment results are removed if they would never be used because they are larger than other results or the original image (#37054)
  • Improved: fitadmin --version --short prints the clean version string like 14.6.6 (#37990)

Third Party

Version 14.6.5

Release date: 2017-08-02

Doing nothing at all is better than doing something fast. That’s what caching is all about. This release has a lot of features to avoid unnecessary work. FIT has had a HTTP Cache for a long time. But when the time-to-live of a cached resource has passed, the content had to be requested again. While it is mandatory to contact the origin server again, it is not necessary to actually download an unchanged resource. HTTP provides conditional requests and the status code 304 for an intermediary cache to check whether the local copy a file is still valid. In many cases this check is much faster than a fresh download. Especially for short-lived resources this can greatly reduce bandwidth use and network traffic for origin servers.

There is also CPU time to save. FIT carries out CPU intensive work on image files. System operators now have better control how the disk cache is managed. The new option CACHE_DISK_MIN_FREE_PERCENT avoids premature cache cleanups. As long as the regular automatic check finds enough free disk space, no files are deleted. Only if the configured threshold is exceeded, files are deleted. If you have enough disk space, this can reduce CPU usage significantly by eliminating repeated calculations.

Sometimes it is necessary to manually purge a cache. For example, if a resource changes but its URL stays the same. The fitadmin maintenance clearcache command now offers to delete only parts of the cache. For example --http clears the request cache but leaves the precious Image Compression cache untouched.

With improved handling for character encoding, we take the HTML5 parser out of beta. The parser, based on Google’s Gumbo, has proven its stability and conformance.

Besides that, 14.6.5 brings fresh 3rd-party libraries, shorter TTFB for image requests and bug fixes.


  • Improved: The filenames specified by the client are not used anymore for storing uploaded files locally (#36747)

Web Accelerator

  • New: HTML5 parser is now an official (non-beta) feature (#37120)
  • New: HTTP Cache revalidation by using conditional requests for expired cache entries (#26609)
  • Improved: Shorter Time-to-first-Byte for images processed by image-compression (#36806)
  • Improved: HTML5 parser now detects character encoding according to (#35965)
  • Fixed: The HTTP cache will now cache origin responses sent with Cache-Control: No-Transform (#36978)
  • Improved: FDX AJAX requests are sent with a Content-Type header field (text/plain;charset=UTF-8, as with FDX beacon requests) in order to satisfy security checkers (#37063)


  • Fixed: A bug in Image Delaying with SamsungBrowser 5.x that could cause the browser to crash (#37273)
  • Fixed: Evaluating XPath expressions with literal & in Dynamic Attribute Values (#37186)

Operation & Administration

  • New: CACHE_DISK_MIN_FREE_PERCENT option to skip cache maintenance as long as sufficient disk space is available (#36686)

Third Party

Version 14.6.4

Release date: 2017-06-07

With this release we are proud to take our Automatic Image Quality Assessment out of beta. We have made three significant improvements to this Web Accelerator module. In order to find the highest acceptable compression ratio, AIQA ensures that the visual quality is not degraded. Therefore it is essential that the assessment score closely correlates with human perception. The SSIM algorithm provides good results in many cases. However, especially commercial product images often have a very uneven distribution of image details. Consider a cut-out, in-focus product framed by a passe-partout. Conventional algorithms tend to dilute the errors introduced in complex image areas with the “perfect reproduction” of large background areas.

We have created a Saliency Weighted variant of the SSIM algorithm that is almost immune to this kind of overrating. For example, enlarging the monochrome backdrop around a product should not change the calculated image distance introduced by distortion. Images in natural settings benefit, too, by correcting the weight of errors in background areas. This produces very accurate distance values that help us minimize visible compression artifacts.

To ease the use of this technique, we have compiled a set of Compression Presets that makes configuration as simple as deciding between performance and quality – or using the balanced default values.

Image Assessment is a very CPU intensive task, because finding the optimal compression settings usually involves multiple compress-and-assess cycles. We have analyzed the compression characteristics of thousands of images in order to train a prediction model. It estimates near optimal settings after a single cycle with a very low reject rate.

For developers we have created more possibilities to control HTTP requests: Super fine-grained timeouts and origin response header injection. The latter can be used to correct erroneous or provide missing Cache-Control headers.

There are a lot of smaller improvements, bug fixes and third party updates, too. The changelog provides a thorough list.

Web Accelerator

  • Improved: Image Quality Assessment uses improved prediction mechanism to determine the compression parameters (#34683)
  • Improved: Image Compression does not reduce the configured quality for WebP images anymore (#35789)
  • Improved: Performance of color counting for Image Scaling (#36736)
  • Improved: CSS Concat now uses hashes to determine if the concatenated stylesheets have changed (#36048)
  • Improved: FDX beacon requests are combined to minimize the number of requests (#36204)
  • Fixed: Incoming query params with unescaped % literals no longer cause the request to be aborted (#36089)
  • Fixed: HTML5 parser - parsing of HTML id attributes (#36501)
  • Fixed: Content type detection for TrueType, WOFF and WOFF2 fonts in order to avoid destructive optimizations (#36508)
  • Fixed: The detection page is now sent with Cache-Control: private in addition to Cache-Control: no-cache, no-store in order to avoid problems with some CDNs (#36703)


  • Improved: Image Scaler ai-scaling parameters are now ignored unless they specify positive decimal numbers with % or px as their units. (#36047)
  • Improved: Request timings debug output (#36146)
  • Improved: Content-Type detection for local files (#34901)
  • Fixed: The option <cache enable="false" /> now works as documented and deactivates both the HTTP and the Interval cache (#36187)
  • Fixed: Superfluous or misleading debug error message Bad FIDJ URI: <URI> is removed from the debug output (#36455)

Third Party

Version 14.6.3

Release date: 2017-04-05

April’s 14.6.3 release comes with a host of new tools for developers. It is now much easier to deal with JSON backends with the <json-parser> option. If set, the parse action will convert a JSON response into a DOM representation for easy manipulation. In case the backend sends an HTML response, the parser is chosen accordingly. When accessed from the fit-document() or document() function, JSON content is now always parsed into a DOM.

The new XPath functions fit-log() and fit-serialize() are handy for debugging and for instrumentation, e.g. feeding run-time messages into a logging and monitoring chain.

Improvements of the acceleration features are centered around image handling. We have added support for ICC profiles for JPG and PNG images, the performance of image quality assessment is much better, there are improvements for image delaying and rewriting of image URLs in CSS code as well as fixes for image scaling.

To avoid manual configuration of URL encoding options, we have changed how the default-request handles query strings. Whenever possible, the incoming query string is forwarded unchanged to the backend.


  • Fixed: Invalid numeric Image Scaling URL options (e.g. quality, width or height) are ignored (#35757)
  • Fixed: A User-Agent header value containing Windows NT results in client/hw/type desktop regardless of Touch support (#35522)
  • Deprecated: Image URL API config setting image-scaling renamed to images (#35327)

Web Accelerator

  • Improved: The default-request now uses the unchanged query string whenever possible in order to avoid problems due to changes in URL encoding (#34899)
  • Improved: ICC color profiles are now respected when compressing images (#34429)
  • Improved: If image-delaying prioritization=”visibility” is enabled, the attribute ai-priority= 0|1|2|3 is not overwritten with visibility to ensure images in hidden container can be delayed but are loaded before the container is shown. (#35707)
  • Improved: CSS URL Rewriting performance (#35746)
  • Improved: Deferred document.write now skips script elements that are empty, contain only whitespace or have a src attribute. (#34078)

Operation & Administration

  • New: New color management functionality requires (LCMS) package installed (lcms2 on RHEL/CentOS, liblcms2-2 on SUSE and Ubuntu). (#34429)
  • New: FIT_USE_PERSISTENT_CONNECTIONS in fit.ini can be used to completely disable HTTP persistent connections (HTTP keep-alive) for all origin servers (#35577)
  • New: FIT_FETCH_DEFAULT_CONNECT_TIMEOUT in fit.ini can be used to set a default connection timeout for outgoing HTTP requests (#35868)

Third Party

Version 14.6.2

Release date: 2017-03-08

FIT 14.6.2 focuses on stability and security.

We have replaced our existing CSS minifier by an entirely new implementation. The CSS parser provides better standard compliance and is a lot faster, especially for CSS files with large embedded images. On top of that, the minifier produces smaller results. As part of our open source effort we have made our PHP7 CSS3 extension available at

We have improved system stability with a couple of new knobs for admins. Image compression refuses to optimize images that are larger than the configured maximum area in order to avoid excessive memory and CPU usage. Furthermore, we have added a new fit.ini setting that limits the number of concurrent image optimization processes. This is an effective means to protect your cluster from image compression overload, e.g. caused by an in-rush after a cache flush.

Last but not least, 14.6.2 is the first release to be shipped with PHP 7.1.

Web Accelerator

  • Improved: Faster and more robust CSS minifier that provides smaller results (#35360)
  • Improved: More reliable detection of SVG images (#35658)
  • Improved: The HTTP cache removes Set-Cookie headers when serving a cache hit (#35669)


  • Changed: force-client-https redirects HTTP client requests to HTTPS with status 301 Moved Permanently (previously 302). (#35121)
  • Fixed: The hostname part was dropped from some URLs if trailing URL Marks were enabled (#34821)

Operation & Administration

  • New: fit.ini option FIT_ALLOW_OPEN_ACL can be used to override the allow-all="true" option of sites’ acl.xml (#35444)
  • New: fit.ini option FIT_MAX_IMAGE_PROCESSES to limit the number of concurrently running image optimization processes. (#35258)

Third Party

Version 14.6.1

Release date: 2017-02-08

FIT 14.6.1 is the first release for 2017. And, while being packed with lots of bug fixes and improvements for existing features, it even brings a few new features for both, development and administration.

First off, we added the function ends-with to our stack of XPath functions. starts-with was already accessible everywhere in FIT where an XPath expression is supported, adding ends-with rounds off the set of string checks available.

For operation and administration we also have 2 new features. We now officially support systemd, so you can use the native init management tools in state of the art Linux systems. And to prevent huge content from being processed and overly stressing your CPU resources we added the fit.ini setting FIT_MAX_CONTENT_SIZE. With that you can specify a maximum size (in MiB) for content processing. When a resource exceeds that size, it will not be processed, but passed through unoptimized.

On the improvement front, we worked a lot on our image optimization.

The image compression engine, that was introduced in FIT 14.6.0, will now perform the optimization experiments after the actual requests have been handled. So when an image is requested, FIT will respond with either the original or the best experiment result so far. After the response is sent to the client, FIT will run its experiments, so the next request can be responded with an optimized version of the image, while neither user had to wait for an experiment to finish. This only works for images that are cacheable by FIT. Images that may not be cached are still processed live.

To reflect the new compression options in our JavaScript APIs, we added new functions that let you either explicitly generate image compression (composeImageCompressionUrl) or image scaling (composeImageScalingUrl) URLs. And the already established function composeImageUrl will now create URLs according to your config settings.

Image delaying received some updates, too. While we now opt-out of delaying for img tags within, for example, noscript or template tags, FIT is now able to delay images that use the srcset attribute.

On a side note, we tweaked the performance of many features, from analytics over image processing up to resource loading.

Web Accelerator

  • Improved: Images with srcset attribute can now also be delayed. (#34447)
  • Improved: Now the Image Compression runs offline for cacheable responses. (#35082)
  • Improved: Performance of image compression quality assessment (#34040)
  • Improved: The script manager now responds with Cache-Control headers that never expire. (#33406)
  • Improved: Increased script manager performance by limiting the write operations to localStorage. (#34608)


  • New: XPath function ends-with (#34275)
  • New: The URL API function composeImageUrl now respects the config settings for image compression and image scaling. We also added composeImageScalingUrl and composeImageCompressionUrl to create a scaling URL or a compression URL regardless of config settings. (#34816)
  • Improved: Image Scaler does not retry to scale an image in subsequent requests if the first try is failed (#30778)
  • Improved: fit://local URLs can be rewritten without an URL map (#34517)
  • Improved: FDX data is now transmitted asynchronously when sent via AJAX. (#34501)
  • Improved: FDX now has a maximum request limitation to avoid sending out a huge number of duplicates. (#35249)
  • Improved: Updated list of undocumented URL marks. (#34164)
  • Changed: MIME type image/ for .cur files (#34901)
  • Fixed: script, link and style elements of enabled adaptive components are now inserted into the document’s head right in front of the first element with the same node name, such that the order of existing head elements remains unchanged. (#25202)
  • Fixed: AC-Stage JavaScript errors that occurred on older IEs. (#33012)
  • Fixed: Partial page loading now works properly with trailing marks. (#34776)
  • Fixed: Touch events are preferred over pointer events for ac-stage handling on all browsers using Blink as render-engine. (#34809)
  • Removed: Support for the attribute ai-url-caching (#28475)
  • Removed: Interval caching option max-stale – after expiry, one request will revalidate the resource while all others wait (#34659)

Operation & Administration

  • New: systemd support for PHP and Apache on Red Hat/CentOS systems (#33053)
  • New: FIT_MAX_CONTENT_SIZE in fit.ini limits the input object size to prevent excessive CPU usage by preventing optimization of very large resources (#34547)
  • Improved: FIT requires an UTF-8 locale for consistent collation results. Clarified domain documentation accordingly. (#34728)

Third Party

Version 14.6.0

Release date: 2016-12-07

This year’s last release is a big one. FIT 14.6 introduces our next-generation Image Compression engine.

To find the optimal representation for an image, the Image Compression engine performs a number of optimizations suitable for the input image. For example, lossy compression techniques (WebP/JPEG) may be applied to a photograph for substantial size improvements. Transparent PNGs may benefit from ZorroSVG mapping, or graphics from WebP lossless coding or quantization. The experiments are traffic-aware, so that frequently requested images are taken care of with higher priority.

<image-compression> can be used if Image Scaling is disabled. As a bonus, the handling of Image Compression URLs in HTML (and CSS) documents is much faster, which reduces the footprint of HTML processing in the critical path.

As a BETA feature, we publish an automatic image quality assessment tool. Lossy compression usually achieves the highest byte savings. However, it is impossible to find a compression level (ironically often called “quality”) that balances compression and quality for all images. Different images show different patterns of degradation if the compression level is increased. While some images still look good with JPEG “quality” 30, other images may start showing visible artifacts already at high levels like 90. The common solution is to raise the quality for all images. You can now define the compression level by means of quality: “Compress an image as much as possible, as long it looks like the original”. This can be a real byte-saver! It allows us to apply lossy compression to input images in lossless formats without the risk of quality degradation. As this is beta, we would love to hear your feedback about this!

Another interesting beta feature is the HTML5 compliant parser. It parses HTML documents exactly like your browser, and you can still use all FIT development features like XSLT and XPath.

As this is a major release, the various bug fixes, 3rd party updates and smaller improvements are accompanied by a couple of removals of previously deprecated features. So please pay close attention to the changelog.

Web Accelerator

  • Improved: Smaller WebP lossless files (#29976)
  • Improved: Head Reordering now supports link elements with rel="preload" (#31081)
  • Improved: Backend response headers (such as CORS) are now passed to the client in Webfont Compression responses (#34054)
  • Changed: The script manager is disabled for bots to avoid errors when requests are repeated out-of-context (#33903)
  • Fixed: Fatal error when trying to create WebP images with width or height greater than 16383 pixels. (#34046)
  • Fixed: The Image Scaler retains unknown image formats to prevent accidental loss of transparency (#34053)
  • Fixed: When following redirects internally, the HTTP Cache now ignores headers of intermediate responses to determine the cacheability of the latest response (#33620)
  • Fixed: add-size-attributes calculation now ignores relative size specifications instead of treating them as absolute values to avoid incorrectly sized images (#33965)
  • Fixed: Delaying of Elements now works on older versions of Internet Explorer (< 9) (#34248)


  • New: fit://local allows to use absolute URLs for local sources (#34250)
  • Improved: Reduced FDX JavaScript code for non PPL responses (#32989)
  • Improved: The delaying of elements now makes less calculations related to ac-stage animations (#33567)
  • Changed: Requesting non existing local assets will yield a response with HTTP status 404 instead of 500 (#34240)
  • Changed: The Delivery Context property client/fit/cdrid now has only 1 part (representing the browser) instead of 3 parts (representing hardware, operating system, and browser) (#34326, #34101)
  • Changed: The Delivery Context properties client/hw/display/height and client/hw/display/width now depend on the device’s orientation (#34326)
  • Changed: CSS Concat requests using old URL-Marks are now redirected to a URL with corrected marks (#33004)
  • Fixed: The HTML parser no longer changes SVG image tags into HTML img tags. (#27065)
  • Fixed: Error messages of the CSS minifier are cleared after minifying. (#34169)
  • Fixed: Pre-loading of visibility delayed images in AC-Stage now works correctly (#34553)
  • Deprecated: Time based Delayed Images are deprecated. The default config value for prioritization is now visibility, resulting in all images being visibility-delayed. If ai-priority attributes should be respected, prioritization="auto" must be set. (#33190)
  • Removed: Delivery Context property client/os/vendor (#34101)
  • Removed: Delivery Context properties client/hw/display/default-orientation, client/hw/input/touchscreen, server/cdr-version, viewport/orientation-switchable, and viewport/resizeable (#34443)
  • Removed: Beta Feature Ajax Detection Page (#34359)
  • Removed: beta feature PPL Cache (#34387)
  • Removed: ac-input (#34469)
  • Removed: ac-mobileemulator (#34470)

Third Party

Version 14.5.3

Release date: 2016-11-03

In addition to fixing bugs FIT 14.5.3 introduces new and improved Web Accelerator features.

In many modern projects, iframes are used for social media widgets and user tracking. They usually have no impact on the perceived performance of a web page. But there are also sites that have iframes with heavy-weight media content such as youtube videos. Loading megabytes of videos slows down page loading tremendously, even in iframes.

To ensure that users will only load content they are about to see, we introduce delayed iframes. The delayed loading for iframes works exclusively with visibility based loading: The source of the iframe is going to be loaded when the iframes comes close to or into the browser’s viewport, for example by scrolling the page. Due to the unknown nature of the included content of iframes (small tracking and social media vs large videos), the feature cannot be activated globally. You have to enable it in config.xml and mark the individual iframe element with the ai-delay="true" attribute.

Probably even more exciting is an improvement we made for delayed images. If the dimensions of images are already known (i.e. the image is in the FIT cache) FIT will generate an SVG image with the same intrinsic size as the final image (instead of a transparent 1x1px GIF). Hence, the layout of the page will remain unchanged when the final image is loaded and replaces the placeholder. This saves a lot of browser reflows and avoids “jumping pages”. The SVG placeholder also clears the way for more promising improvements to the delayed image placeholders, so stay tuned for further news on the topic in upcoming releases.

Web Accelerator

  • Improved: If supported by the client, placeholders for delayed images are now delivered as inline SVGs to improve page rendering (#33303)
  • Improved: webfont-compression now also creates WOFF or WOFF2 fonts from TrueType fonts. (#33553)
  • Improved: The HTTP Cache now supports caching of backend responses containing Vary header fields (#33301)


  • Fixed: When no fitdetection cookie is present, the viewport size DC properties now correspond better with the hardware size and the device pixel ratio. (#33319)
  • Fixed: A bug where an AC-Stage registered multiple listeners for touch events. (#33597)
  • Fixed: Visible elements in a multi-slot stage are positioned accurately if preceding elements in the non visible area are removed or added. (#33788)
  • Fixed: Requests with URL-Marks in non-canonical order are redirected with 307 instead of 301 to avoid losing POST request parameters. (#34099)

Operation & Administration

  • Improved: Name lookups used if the server is modified by transport mapping are now more resilient. (#33613)

Third Party

Version 14.5.2

Release date: 2016-10-05

FIT 14.5.2 is another release bringing mostly bug fixes and improvements for existing features.

Delayed images prioritized to be loaded when they are going to become visible considerably reduce traffic. But if visitors want to print sites, they are basically missing every image that neither is nor has been in the viewport. The new parameter of the loadHQImages function makes the client load all images, whether they are in the viewport or not. And the new event delayedimagesloaded informs you when the client finished doing so. So this combination offers means to prepare the site for printing and lets you know when preparing has finished.

FIT 14.5.1 already addressed noise in the logs. We identified another source for noise, namely overly greedy bots (such as Google spiders) interpreting JavaScript strings starting with a / as relative URLs. So when you write something like <script>var foo = '/bar';</script> into your document, it will not take long until you notice said spiders requesting the resource /bar. This will probably lead to unnecessary 404 responses, inflating the FIT server logs and backend server logs, thus probably hiding real problems from you. FIT 14.5.2 will no longer generate JavaScript strings starting with a /.

Additionaly, fixing issues with the image scaling cache has reduced the CPU usage noticeably.

Web Accelerator

  • New: The new event delayedimagesloaded is fired after all delayed images have been loaded. (#32720)
  • Improved: The SVG Minifier now omits the XML declaration. (#33293)
  • Improved: The script manager splits URL strings in inline JavaScript to hide them from greedy search engine spiders. This prevents unnecessary logging of errors e.g. in the Google Search Console. (#33329)
  • Fixed: In partial page loading a bug with refreshing scripts, when the script code removes the script element itself, was fixed. (#25861)
  • Fixed: Head reordering with remove-duplicates="true" will no longer break if the rel attribute of link elements contains uppercase letters. (#33410)
  • Fixed: Enabling image delaying does no longer implicitly enable the JavaScript Delivery Context API. (#33423)
  • Fixed: DOMParser now correctly parses in Internet Explorers with delayed images activated or AC-Stage initialized. (#33505)
  • Fixed: Correctly set expiry time when updating certain Image Scaling cache entries, such that they are not expired immediately. (#33594)
  • Fixed: Compression of PNG images generated by Image Scaling by correctly setting the encoding filter and compression level. (#33304)


  • New: The query-encoding option can be used to specify a list of characters that are not to be percent-encoded in the query string. (#30863)
  • Changed: The changes made in the Versions 14.4.2 and 14.3.1 regarding the encoding of query parameters were reverted. Use the new query-encoding option instead. (#30863)
  • Changed: The names of the FIT JavaScript snippets (undocumented JavaScript functions used by the FIT JavaScript APIs varying with the requesting client) were changed. They should not be used in project code anyway. (#32998)

Operation & Administration

  • Improved: Cache hit rate for Image Scaling by eliminating dimensions from the URL if the image will not be scaled. (#33232)
  • Improved: Proxies are disabled automatically if Transport mapping is used. (#33601)
  • Fixed: Some requests answered with HTTP status code 304 are now logged as sub instead of main requests in the log files. (#33598)

Third Party

Version 14.5.1

Release date: 2016-09-07

This release is mostly a “smoothing” release comprising a lot of bug fixes and smaller improvements, as well as 3rd party updates and security patches.

One of the most common errors that we have encountered in our log files was a complaint about source images being too large: … image area exceeds limit of 8 Mpixels. Of course, 8 million are a lot of pixels. But with the proliferation of high resolution cameras (in smartphones) and high density displays (also in smartphones), prepare to encounter large images in Web sites more frequently. However, the worst part of the error message was: Continue with original source. That means that of all things the largest images on your Web site are “too large to optimize”. The client has to load all these big files as they are. Even if those might be the outliers of your image files, a single large image with megabytes of data will outweigh every little byte saved by thoroughly optimizing everything else.

Acknowledging this problem, the Web Accelerator now supports sources images with up to 100 mega pixels. Image Scaling will drastically reduce the file size of large images by allowing optimizations such as format conversion or lossy compression. On our systems, we have seen savings of multiple mega bytes per image. To mitigate the operational costs of processing huge pixel arrays, images with more than 8 mega pixels are processed with an algorithm that is less precise but faster than our usual scaling method. Given so many pixels, there is no noticeable difference.

Don’t let the legendary Bigimage eat your bandwidth! Update today!

Web Accelerator

  • Improved: Tiny HTTP responses will be delivered uncompressed, because gzip or brotli compression would typically enlarge them (#33181)
  • Improved: Media Query Filtering for desktop clients can now be enabled with the desktop option (#32419)
  • Improved: Media Query Filtering is now performed even if the client could not be recognized (#32419)
  • Improved: Parsing of incorrectly nested HTML5 documents (#33168)
  • Changed: HTML5 fragment detection now treats documents that imply a head element (e.g. if first tag is script or link) as complete documents rather than fragments (#32611)
  • Changed: Filtering device-pixel-ratio or resolution media queries is only performed if the device pixel ratio was detected (#32419)
  • Fixed: To avoid cache poisoning, responses with lm-marks that would normally be cacheable for long durations are now flagged as uncacheable if their Last-Modified header indicates content changes (#33036)
  • Fixed: Reduced the size of the detection script by reducing the size of the included test images (#32883)
  • Fixed: Media Query Filtering now correctly filters resolution queries with dpi units (#33268)
  • Fixed: Webfont Compression ensures the loaded file to be WOFF before converting it to WOFF2 (other file types will be passed unchanged) (#33298)
  • Fixed: The HTML minifier no longer removes quotes from HTML5 source URLs containing = (#32967)
  • Fixed: Exceptions when resizing images with extreme proportions such as 1x1000px such that the resulting width or height would be rounded to zero (#33107)
  • Fixed: Arbitrary key=value parameters received in the Content-Type header are passed to the client. This ensures that the boundary is not lost for multipart/mixed content. (#33131)
  • Fixed: Delayed images added or removed by DOM operations occurring after page load (#33253)


  • Improved: The media query filter now logs which media queries are removed and which media queries are retained. (#32419)
  • Fixed: hqimageloaded events, which may have been fired multiple times for each delayed image, are now fired only once. (#32674)
  • Fixed: A crash when processing invalid request definitions dynamically created by a XSLT in the requests action (#33081)
  • Fixed: HTTP request headers sent by FIT were not visible in debug output in FIT 14.5.0 (#33189)
  • Fixed: Rewriting errors when using Trailing Marks with main URLs that start with a ; or in combination with PPL or the AJAX API (#33346)
  • Deprecated: The DC property viewport/resizeable is now considered deprecated (#32419)
  • Removed: The Delivery Context Property server/cdr-version is removed, due to the fact that the Client Description Repository (CDR) is no longer released separately from FIT. (#32813)

Adaptive Components

  • Fixed: An AC-Stage configured to scroll in parallel to a scrolling ancestor element no longer scrolls both areas on iOS 10 (#33202)


  • Fixed: Temporary directory (/var/cache/fit14/tmp) is created on-the-fly, if missing (#32925)
  • Fixed: The “duration” field in fit_request.log may have been incorrect for certain timeouts and other errors (#33034)
  • Fixed: A race condition during the installation of extensions that may leave extensions in an invalid state (#33166)

Third Party

Version 14.5.0

Release date: 2016-08-03

FIT 14.5 is a feature release for the Web Accelerator.

Brotli is a new data compression library that shrinks Web payload better than proven methods such as gzip or deflate. The Web Accelerator now includes brotli as an Apache module. We have seen an improvement of over 10% of the average compression ratio compared to gzip. This means that compressible payloads (almost all formats except images) are transferred to clients in less than a third of its original weight.

Brotli also accounts for much of the benefits of the WOFF2 font format. Those font files load significantly faster than the predecessor format WOFF or the old TTF format. The Web Accelerator beta feature webfont-compression converts WOFF fonts on-the-fly into the WOFF2 format, resulting in 20% or more reduction in payload. As fonts are usually loaded in the critical render path, this is a welcome diet. To keep things simple, the Web Accelerator handles the necessary changes to your CSS font definitions as well!

To further accelerate loading of CSS files, we have improved our style-concat feature to work with any external CSS files. All adjacent <link rel=stylesheet> definitions within the same media query selector are combined into a single request. This not only frees up request slots in HTTP/1 setups, it also allows for more efficient data compression than single requests would have. Furthermore, style-minifying now removes even more redundant code and has improved runtime performance.

In 1999 Microsoft gave birth to the infamous favicon.ico. Of course everyone loves icons, but what made the favicon so annoying was that it was a request the browser conducted itself without the developer referencing it in the page. That makes it so easy to forget. Later, Apple tuned in with its apple-touch-icon.png that some (interestingly non-iOS) clients attempt to load from every single site visited. If your site does not handle those well-known icon URLs, it may result in unnecessary requests and wasted bandwidth. For example, the 404 error document may be much larger than a regular favicon. Many Web sites have developed the habit of sending redirects (to potentially better suited URLs) instead of 404s. In this case, the browser could be redirected to the home page in search for the favicon, resulting in two (or more) requests which may return lots of unnecessary HTML. Our new error handling for missing-icons does not paint an icon for you, but it replaces all non-icon answers for well-known icon URLs with a tiny error document.

To save even more bytes, more clients including Microsoft Internet Explorer and Mozilla Firefox now qualify to use Zorro images as a replacement for transparent PNG images with photo characteristics.

There are many more improvements and bug fixes in this release. And as usual, you will find all third-party libraries freshened up.

Web Accelerator

  • Improved: style-concat now works with all CSS files referenced as <link rel=stylesheet> (#32268)
  • Improved: The CSS minifier now removes rules having empty blocks (#30493)
  • Improved: CSS minifier vendor prefix stripping now also removes keyframe at-rules (#30493)
  • Improved: FIT now delivers Zorro images to more clients that are not WebP-capable including Microsoft Internet Explorer, Mozilla Firefox and Google Chrome on iOS (#31528, #32176)
  • Improved: Fonts being served by source servers with content type font/* are passed compressed using gzip or deflate compression (#26870)
  • Improved: Detection of binary data like images or fonts that were loaded with content type text/html in parse action (#32964)
  • Improved: The FDX event clientTiming is now also bound to the window‘s pagehide, the document‘s visibilitychange, the pplnavstart and pplnavend (instead of pplend) events. Additionally, its structure has changed: the mode parameter was dropped in favour of the new parameters source (default|ppl) and type (load|unload|pagehide|visibilitychange|pplnavstart|pplnavend). (#32486)
  • Fixed: Exceptions when handling SVG fonts in the parse action (#33055)
  • Fixed: Visibility delayed images in elements with overflow are now correctly loaded (#31138)
  • Fixed: CSS minifier vendor prefix stripping now correctly honors strings and URLs (#30493)
  • Removed: Support for the formerly deprecated attribute resolve-ie-comments of the <text-tilter/> config element has been removed. (#32582)


  • Improved: The new loadAll parameter of the ai.images.loadHQImages() JavaScript function can be used to load all delayed images (including visibility delayed) (#31285)
  • Improved: When calling the ac.stage.stage(id,options) method with the optional options parameter, the specific AC-Stage object is now destroyed and reinitialized with the new options. (#32552)
  • Changed: The delivery context property client/hw/type is no longer read from the DDB export but calculated from the User-Agent header field and the fitdetection cookie. (#32770)
  • Fixed: The pplnavstart event is now fired when submitting a form. (#32649)
  • Fixed: PPL will no longer move scripts to the document head that were falsely identified as pagejs debug script. (#32955)
  • Fixed: a elements in AC-Stage elements will no longer get a href attribute if they did not already have one. (#32717)
  • Fixed: The AC-Stage addElement function now works correctly on Windows Phone 8 (#32082)
  • Removed: Support for the formerly deprecated attribute data-ai-priority has been removed. (#32582)

Operation & Administration

  • New: FIT_MAX_PARSE_SIZE in fit.ini limits the HTML/XML parser’s input size to prevent excessive CPU usage when processing large DOMs (#32800)
  • Changed: The Content-Length field in the fit_request.log now contains the number of originally transferred bytes, even when the response was read from the internal cache (#32521)
  • Changed: In order to distinguish erroneous requests in the fit_request.log, backend request timeouts that occur after the HTTP response headers have been loaded are now logged with HTTP status code 0 (#32588)

Third Party

Version 14.4.2

Release date: 2016-07-06

https:// should be considered the norm for Web traffic. It allows for secure communication, the green padlock looks cool, and most important: it enables the efficient and fast data transfers of HTTP/2. However, switching your site to HTTPS may not be trivial. The force-https feature removes the hassle of changing URLs in your backend. But what can you do about URLs pointing to other domains, like ad scripts, social media or user images? Your browser will show mixed protocol errors and block the loading of these assets. The new force-https option external-media handles this by rewriting foreign http:// URLs to their secure counterpart. Switch to https:// now!

Speaking of security, we have improved our transport mapping feature, which is crucial when using the same domain name for Web Accelerator and source, to validate TLS certificates on mapped traffic. E.g. your certificate is accepted when the requests are routed to the IP resolved for

Besides a lot of bug fixes, this version ships ImageMagick 7 to be up-to-date with the frequent upstream updates, many of which are security related.

Web Accelerator

  • New: external-media option for the url-rewriting/force-https setting to prevent mixed-content warnings (#31318)
  • Improved: Transport mapping now allows for TLS certificate checks. (#30151)
  • Improved: The characters $!*'()-_.~/?:@[] will now remain unencoded in query parameters in backend requests (#30863)
  • Improved: The parsing of the fitdetection cookie was improved to better cope with clients sending multiple Cookie headers. (#32187)
  • Changed: JavaScript and CSS Minifying is now disabled by default (as documented before) (#30498)
  • Changed: FDX tracking cookies are no longer sent to backend servers. (#32476)


  • Improved: Added script for easier SDK updates (#32482)
  • Improved: PPL navigation by left mouse click in combination with Ctrl, Shift, Cmd or Alt key, as well as middle and right mouse click, has been changed to behave like the browsers default. (#32548)
  • Improved: The new JavaScript function ai.ppl.clearCache allows to remove all cache entries from the PPL Cache. (#32229)
  • Improved: The new detectioninit event can be used to register custom detection code. (#31628)
  • Improved: Support for XInclude in ACLs (#32318)
  • Changed: The deprecated DC property client/hw/input/touchscreen now always has the value true (#32372)
  • Changed: The deprecated DC property viewport/orientation-switchable now always has the value true. As a result, filtering of media queries with the orientation media feature is not possible anymore. (#32380)
  • Fixed: Extended checks added to the Script Manager to avoid exceptions caused by corrupt requests or missing files (#32321)
  • Fixed: Premature garbage collection in EXSLT regexp:match() (#32766)
  • Deprecated: The DC property viewport/orientation-switchable is deprecated. (#32380)

Operation & Administration

  • Fixed: Redundant writes of extension cache files (#32478)
  • Fixed: Cleanup of invalid extension cache files (#32480)

Third Party

Version 14.4.1

Release date: 2016-06-08

This release is a maintenance release comprising mostly bug fixes, security patches and 3rd party updates. However, there are some interesting improvements, too.

But security comes first! The Web Accelerator uses the ImageMagick library for image scaling. Recently, a number of security vulnerabilities were discovered in ImageMagick. With this release, we address these with a policy.xml as recommended by the vendor, as well as some patches that remove potentially exploitable code that we do not use. This is why we recommend all customers to update to 14.4.1 as soon as possible.

Until now, the cache for scaled or compressed images was valid for one day – regardless of the resource’s actual caching headers. Now these headers are respected, allowing shorter TTLs. However, you may still override this with the interval cache.

With the new scaling option add-size-attributes, the width and height attributes of images are set in the HTML document. This allows browsers to render the page quicker, because no reflows are necessary after the images have been downloaded. For pages with delayed images, this avoids “jumping pages” if image dimensions are missing.

Still in Beta, but nevertheless exciting, we provide an optional new URL scheme. With trailing marks enabled, the URL marks needed for URL optimization (such as caching) are moved to the last path segment. In 1:1 setups where a single origin is mounted onto /, all paths are identical to the origin. In combination with the new force-transparent switch, this allows for transparent cookies with arbitrary path directives.


Web Accelerator

  • Improved: Image Scaling and Image Compression now respect origin caching headers (#28476)
  • Improved: FIT now tracks the hardware vendor for FDX in clientInfo.hwVendor (#32257)
  • Improved: FIT now tracks more client-side JavaScript errors for FDX (#32178)


  • Improved: The pplnavstart event and pplnavend event were added to Partial Page Loading to improve usability of the use-cache feature (#32149)
  • Improved: PPL now has the new pplready event, that is triggered immediately when the Partial Page Loading session is initialized, even before the load event (#31809)
  • Improved: Generation of proper HTML5 document type declaration (#32102)
  • Fixed: popstate events in PPL after POST requests or redirects will now be processed by PPL (#31953)
  • Fixed: PPL now retains fragment identifiers in both the URL and document.location (#31973)
  • Fixed: form element parsing on Mobile Safari (on iOS 8) after navigating with PPL (#32129)
  • Fixed: Case-insensitive hostname matching in sources.xml (#32307)
  • Fixed: Segmentation faults in the XPath function version-compare() (#32036)

Adaptive Components

  • Fixed: AC-Stage needed an enhancement for swipe gestures via touch-action (used on IE Mobile and Edge browser) (#32002)
  • Fixed: Initialized AC-Stage elements will no longer claim to be uninitialized under certain circumstances (#32012)

Operation & Administration

Third Party

Version 14.4.0

Release date: 2016-05-04

This release brings a performance update to the “rear side”. When communicating with an origin server, a TCP connection needs to be established. This comprises multiple round trips. For encrypted connections, an additional TLS handshake is necessary to setup parameters for secure communication. Depending on the network latency this adds up to a significant amount of waiting time in the critical path. Furthermore, the throughput of a freshly established TCP connection is limited. Only after a number of network packages have been exchanged, the throughput increases.

With 14.4. we start recycling TCP connections to avoid these performance penalties. This reduces connection overhead and improves request performance. The savings are especially high for TLS backends and (very) remote origins. On our production systems we have seen average speed-ups of up to 20%. But even in low latency environments with plain HTTP there are some milliseconds to scrape. Check your fit_request.log to see what’s in it for you!

Besides that, we have fixed a number of bugs. But in case something goes wrong nevertheless, you can now fail with grace with a custom error page.

Please note that this major release includes deprecations and removals.

In the Beta section we have introduced a page cache for PPL: When navigating back and forth in the browser history, no HTTP request or HTML parsing will be required. Instead, the previous pages’ DOM objects may be reused, resulting in much faster and less interruptive history navigation.

Web Accelerator

  • Improved: FDX scripts are delivered without the need for an additional Adaptive Component (#31592)
  • Improved: The display properties for unknown clients were changed to better default values (#31261)


  • Deprecated: The client/hw/display/default-orientation property has been deprecated (#31663)
  • Deprecated: The client/hw/input/touchscreen property has been deprecated (#31664)
  • Removed: HTTP Digest authentication for backend requests. You may use Basic authentication (preferably under TLS) instead (#31292)


Third Party

  • New: PHP extension pecl_http 3.0.1 (#31292)
  • New: PHP extension propro 2.0.0 (#31292)
  • New: PHP extension raphf 2.0.0 (#31292)
  • Updated: PHP 7.0.6 (#31952)
  • Updated: imagick 3.4.1 (#31389)

Version 14.3.1

Release date: 2016-04-06

We have learned a lot from analyzing our image traffic. Therefore, this minor release focusses on bug fixes and enhancements of image processing.

Many images are small enough, in terms of dimensions, to fit into current clients’ viewports. That is because many mobile devices have high density displays (e.g. Apple’s retina display) resulting in lots of pixels. Therefore, Image Scaling and Compression are now separately configurable. This can be useful for CSS documents with image sprites that should not be scaled but still be compressed.

If an image is known to be small enough for the requesting client, FIT will automatically switch from Image Scaling to Image Compression. The latter uses image URLs without sizing parameters, resulting in a better cache hit rate (in FIT and in downstream caches) and reduced disk and CPU usage.

Another finding in our image statistics is that in certain cases image weight (i.e. file size) may be increased by our image processing. Then, the smaller original image will be sent to the client instead of the processed image. We call that pass-on-enlargement. Since animated GIF images are hard to optimize and are practically never scaled, they are no longer processed at all.

We have further improved SVG as a replacement for transparent PNGs (also known as “ZorroSVG”). The alpha mask is smaller. And a bug showing artifacts at image borders was fixed.

Developers will find some interesting enhancements, too. The content DC properties for example let you run Flow actions depending on the type of content (e.g. html or js). The detection page can now be disabled on a per-URL basis.

Web Accelerator

  • Improved: Head reordering will position the base and most meta tags directly after the first title tag (#31097)
  • Improved: Delayed images with visibility prioritization will no longer scroll the page after navigating to anchor targets (#30961)
  • Improved: Performance of URL rewriting for images (#30674)
  • Changed: If the image file size increases during image processing, the smaller source image is delivered instead. Set the Image Scaling option pass-on-enlargement in the config.xml to false to revert to the behaviour of FIT before 14.3.0. (#29896)
  • Fixed: Fringe artifacts in Zorro SVG images between the image and mask (#31047)
  • Fixed: Attributes from body elements are moved to the implicit body element created by the HTML5 parser (#30997)
  • Fixed: Viewport dimensions will now be detected correctly even if pages are rendered in quirks mode (#26728)
  • Fixed: Calculation of the position of position: fixed elements for delayed images with visibility prioritization. (#31197)
  • Removed: Animated GIFs will no longer be scaled or compressed (#30456)
  • Removed: FIT will no longer inline its JavaScript code on the first request (#31029)


  • Fixed: Detection of JSON content received with the content type text/html (#31211)
  • Fixed: The characters $!*'()-_.~ will now remain unencoded in query parameters in backend requests (#30863)
  • Fixed: HTML5 doctype output (#31054)
  • Fixed: If enabled, the Interval Cache ignores the presence of Authorization header in the request to the source server (#31031)

Adaptive Components

  • Fixed: A bug where autosized stages were too small to fully display contained images after a PPL navigation. (#29737)

Operation & Administration

  • Improved: Decreased the variability of image URLs when source images are too small for image scaling. This should improve the cache hit rate for result images. (#31059)
  • Changed: The client properties data is now stored in a single file to ensure consistency during updates (#30980)

Third Party

  • Updated: PHP 7.0.5 (#31593)

Version 14.3.0

Release date: 2016-03-09

This update brings a significant performance boost to the server-side! The overall CPU usage is reduced by 25% on average. Depending on the features in use, sites may see even larger savings in CPU time. This is not only a benefit in terms of hardware savings. Since the responses are generated more quickly, resulting in shorter times-to-first-byte, it can be a major improvement to your site’s critical render path. These performance gains result from the update of the underlying PHP engine to the much acclaimed version PHP7.

The Web Accelerator was improved, too. As images are a very important part of the user experience, support for WebP and SVG images is now determined automatically by the client feature detection. Before 14.3, these capabilities were taken from our Client Description Repository. With the new on-the-fly detection we have more accurate information when dealing with new, unknown clients. FIT now uses URL encoding instead of base64 when Inlining SVG images, which results in more efficient transfer compression and a reduced payload for the client.

The documentation now has a section on beta features. It offers an overview of experimental features that we make available for pre-production use. Any developer feedback on these features is highly appreciated!

With this major release, we have also removed some formerly deprecated features. Please note that Session Management and the Load Brake have been removed.

Web Accelerator

  • Improved: The detection mechanisms will update the delivery context with detected values for webp and svg support (#31055)
  • Improved: Desktop bots now get DC properties similar to a recent desktop browser (#30705)
  • Improved: Inlined SVGs are now use URL encoding instead of base64, thereby reducing the transfer size (#30398)
  • Improved: Internal scripts preceding the first external script element are inserted before styles (with head reordering enabled and, under certain circumstances, without head reordering) in order to reduce Chrome developer audit messages while retaining low page load times. (#30950)
  • Improved: noscript elements are now removed in PPL requests (#30844)
  • Fixed: Under certain conditions an exception could be thrown if an opening tag in the <head> element was misspelled (#30947)
  • Fixed: Do not add spurious content attributes to meta tags where a charset attribute already exists (#30769)
  • Fixed: cookie path directives with (superfluous) quotes are accepted (#31109)
  • Fixed: The Script Manager now works correctly with scripts using the 'use strict' directive (#30673)
  • Fixed: Iframes are no longer removed from head element during PPL transition (#30944)
  • Fixed: When PPL is not enabled, ai-fragment tags are now stripped from the output document, to prevent interference with CSS relying on their absence (e.g. child selectors) (#31086)
  • Fixed: A bug fix for edge browsers on WindowsPhone is now applied to all edge browsers. It is needed for PPL fragments wrapping thead elements in combination with HTML minifying. (#30284)
  • Fixed: Detection of SVG images containing a DOCTYPE declaration (#30760)
  • Fixed: Zorro SVG gamma correction issues (#30970)
  • Fixed: quality:-1 now works properly with the image url API (#31078)
  • Fixed: Image rewriting in CSS containing unresolved text filter instructions (#31131)
  • Fixed: Image rewriting with ai-rewriteimage now respects the image-scaling settings defined in config.xml (#30875)
  • Fixed: WhatsApp’s rich preview got confused by our util.js snippet, resulting in a wrong preview title (#30864)


  • Improved: The debug target errorlog is now less verbose to be better “tailable” (#30803)
  • Changed: The XPath function urlencode() does not encode the ~ (tilde) character anymore (#30796)
  • Changed: The XPath function md5() no longer implicitly converts the UTF-8 input to ISO-8859-1. This may lead to different result hashes! (#30796)
  • Removed: FIT Session System (#23764)

Adaptive Components

  • Improved: Visibility image delaying will now consider images in not yet visible AC-Stage elements. The number of stage elements considered for preloading can be configured using the preload-count attribute. (#30215)
  • Fixed: AC-Stage touch event handling on Samsung Galaxy Tab 2 devices (#31035)
  • Fixed: A client bug on some iOS 7.x clients prevents touch event capturing when -webkit-overflow-scrolling:touch is used in AC-Scroll (#28462)

Operation & Administration

  • Changed: Due to the removal of the Session System, the fit.ini setting FIT_JOB_HOST_URL has been renamed to FIT_STATUS_URL. It is only used for apachectl/phpfpmctl (full)status. (#30415)
  • Removed: Load Brake (the built-in mechanism to limit the system load) (#29117)

Third Party

Version 14.2.0

Release date: 2016-02-10

The first release of 2016, FIT 14.2.0 primariliy brings a set of new features regarding image optimization.

First and foremost we have implemented a new algorithm that allows us to reduce the transport size of truecolor PNGs with transparency by up to 80%. This is especially interesting for relevant browsers that do not support WebP images (looking at you, Apple Safari). While we were inspired by Mario Klingemann’s Zorro SVG we were able to take the idea several steps ahead and not only resolve issues that it raised, but also improve methods further and in consequence produce even smaller result images without the need of JavaScript.

FIT now also uses 16-bit algorithms for internal image calculation and a better gamma correction. Better handling for truecolor PNGs that are transcoded to WebP format was implemented and developers now may use ai-scaling-width/height values that will scale images bigger than the target viewport. Additionally bringing new scroll speed dependent loading of visibility delayed images and options to control the viewport offset for loading these, FIT 14.2.0 arguably offers the best automated image optimization we ever had.

For assuring high quality in development and maintenance of projects we introduced an XPath function and a fit.ini setting. The watch() XPath function allows you to watch XPath expressions and in case of errors will create entries in the fit_alert.log. In combination with the new fit.ini option FIT_DEPRECATION_EXCEPTION, which will cause exceptions to be thrown when deprecated features are used, you can minimize the chance that your projects will run into future issues.

We also did a rework of our user agent detection. FIT now uses the common UA Parser project for client matching. It provides a robust set of regular expressions that are less sensitive to the frequent version updates (of both operating systems and browsers) seen in user agent strings. However, we still maintain our own Client Description Repository that stores client capabilities, features and properties. After identifying the client, our CDR data is accessed to build up the Delivery Context.

Updates of third party software and bugfixes complete this release.

Web Accelerator

  • Improved: Image Scaling now supports scaling images to sizes bigger than the viewport (#30370)
  • Improved: Image Scaling will now reduce the quality according to the specified scaling size of the image on devices with a high density display (#30640)
  • Improved: For PNG images transcoded to WebP via the Image URLs JS API FIT now always uses lossless compression and therefore sets the quality parameter to -1 in the created URL (#30267)
  • Improved: The load event of delayed images is now dependent on the current scroll speed (#30198)
  • Improved: Delayed images visibility offsets are now configurable (#30182)
  • Improved: Script Minifying now supports scripts with json content types (e.g. application/json or application/ld+json) (#29764)
  • Improved: For Media Query Filtering, it is no longer necessary that the dimensions for both orientations have been detected (#29804)
  • Improved: Correct passing of HTTP status and headers for HEAD requests and replies with various non-200 HTTP status codes when the parse action performs image scaling (#30300)
  • Improved: Head Reordering removes link elements with rel="stylesheet" and the same href (#29433)
  • Improved: Head Reordering remove-duplicates preserves ai-load and id attributes of script elements (#30377)
  • Changed: FIT inserts its own scripts only first if it is necessary for the features activated in the config.xml, for example any of the js-api features, partial-page-loading or document-write-deferring (#30217)
  • Changed: The fitdetection cookie no longer contains the unified caching mark (#30602)
  • Fixed: Inadequate handling of UTF-8 characters in CSS style sheets (#30325)
  • Fixed: The character encoding of HTML is not changed by HTML minification. HTML content is transcoded to UTF-8 when an Adaptive Component is registered. The Content-Type header is set accordingly (#30507)
  • Fixed: An error triggered by scaling an img element with src attribute containing a data URI and a srcset attribute (#30569)
  • Fixed: A bug where custom error handling for images that are loaded delayed with visibility prioritization would cause FIT to load the erroneous image multiple times (#30701)
  • Fixed: A bug in Partial Page Loading with fragments that caused broken redirects (#30426)
  • Fixed: JavaScript minifier removes code after certain regular expressions (#30484)
  • Fixed: Head reordering ignores style elements that contained @import rules (#30634)
  • Fixed: A bug on WindowsPhone 10 devices was fixed caused by HTML minifying in combination with PPL fragments wrapping thead elements (#30284)
  • Fixed: The HTML parser no longer complains about duplicate IDs (#30070)

Development & SDK

  • New: XPath function watch() (#29948)
  • New: It is possible to abort further processing of a request if a deprecated feature was used by enabling FIT_DEPRECATION_EXCEPTION in fit.ini – this is activated by default in the SDK (#30099)

Operation & Administration

  • Fixed: SSL Mutex set to sem in Apache configuration to avoid restart errors on CentOS 7.2 (#30391)

Third Party

  • Changed: FIT now uses the GeoLite2 database to determine the request/country (#30312)

  • Updated: PHP 5.6.17 (#30571)

  • Updated: libxml 2.9.3 (#30070)
  • Updated: imagick 3.3.0 (#27430)