The Website Specification

"Agent Readiness" will likely age as well as "Web 4.0 Blockchain Integration" has.

(To be entirely clear, not because agents won't be a relevant thing, although certainly I have my doubts, but because I believe even if they are a relevant thing, requiring special allowances from sites undermines the whole point, and such things will only end up used by bad actors to mismatch what agents see to what humans see, and so will be intentionally ignored.)

I'd love best practices around, say, login forms, e.g.:

- use standard input field names password managers recognize - disable autocompletion and autocapitalization on the login field

- if it's an email, use the correct HTML5 input type

- don't have a form with just a login email and force the user to click to enter the password

- follow NIST SP 800-53, e.g. no SMS 2FA and no arbitrary password rotation and composition rules

Or how many sites that have a form with only one input don't automatically focus on it.

Some good parts, some bad practices, and a few missing pieces. I spent a lot of time auditing websites and brought all issues down to zero.

Many web and SEO agencies have let technical debt build up over the years. I raised some issues to them, but didn’t hear back.

After auditing a million websites, can we fix them? We could rebuild the web.

https://validator.w3.org/nu/?doc=https%3A%2F%2Fspecification...

I don't get the goal of the website. It's averted as a specification, but to spec what ?! Everything is sourced to another "source of truth".

Hmm wondering how common some of these are ... I'd love /.well-known/change-password but it looks like https://news.ycombinator.com/.well-known/change-password and google.com/.well-known/change-password don't seem to be implemented?

What a great resource. As someone who’s been making websites for 30 years, it’s amazing to still be picking up some of the basics. Though to be fair many of these didn’t exist back then.

I’ll be using this to add some extra tags to my pages.

It looks like there are some features noted as “required” that are actually required by the spec (e.g. a title tag), and others that are required by opinion (e.g. https) so there’s an element^ of pragmatic best practice being recommended.

I find it curious that setting a colour hint for the browser is recommended. I’m one for letting the browser look as vanilla as possible and letting my pages do the talking.

^Pun not intended, blink and you’ll miss it

This looks like slop from a slop factory. "SEO", "Agent-readiness". That's precisely what a good website doesn't do (to paraphrase the homepage).

Oh yes, it's produced by a Wordpress "SEO" expert and private investor using Claude LLM. What a surprise. A man who built a fortune destroying the internet we loved with advertisement slop now working on destroying whatever's left with LLM slop.

Some of this is pretty good stuff, but I hope standardizing on a 128 item checklist doesn't discourage people from making websites

This would be a really great resource website in 2016.

But right now, when AI can just spit out everything you have on website faster and in a more personalized way then i dont think that people would wanna use this much.

Just my perspective, dont wanna be rude

This seems good especially as beginner still face deep in the weeds of just the pure introductory functional concepts

.well-known/security is listed as a prominent example, but is not in the well-known category.

I heavily assume this is at least partially AI generated... but I have to admit, this is actually useful (aka, human driven). Nice work.

This is pretty cool, didnt even know of half the options under well-known urls. Thanks!

Let’s look at the Git history: https://github.com/jdevalk/specification.website/commits/mai...

Yeah, mostly slop. I wonder why the slop slingers never disable Claude's self-attribution, and are too lazy to commit themselves, are they proud that they're delegating everything to a slop machine?

Having such a list is great. I am all for such lists.

BUT

Some people memorize these things. Take them too seriously. You are thought stupid if you don't know them. Somewhere someone then makes a story on Jira to verify that your product does all of these things and you have to convince them that we are fine without them or we don't need all of them etc.

Looks interesting, can you convert it to a skill with bunch of scripts to validate those guidelines and use it to build the websites?

llms.txt is supported by 0 of the relevant ai providers and must be seen as harmful

.. as the webmaster implemented something that they might thought has an impact (false sense of impact), but has zero

so net gain negative

i consider such lists harmful - a good website is one that supports the goal of the website providers and its desired users (some of these users might be bots)

a bad website is a website that does everything for everyone just because

See also: https://www.iana.org/assignments/well-known-uris/well-known-...

[dead]

[dead]

Great!

I haven't seen this much bullshit in a long time. Can we just run a webserver, write the html and whatnot and call it a day? It's not like a webdev didn't have anything to do already.