Plain-English definitions for the terms you encounter every day.

W3C standard defining how to make web content perceivable, operable, understandable, and robust for users with disabilities.

Pattern that grounds language-model answers in retrieved documents — typically more reliable than fine-tuning for institutional search.

U.S. federal law requiring government information and communication technology to be accessible to people with disabilities.

AICPA audit framework evaluating a service provider's controls around security, availability, and confidentiality.

U.S. federal law protecting the privacy of student education records at any institution that receives federal funding.

U.S. government program standardizing security assessment and authorization for cloud services used by federal agencies.

HIPAA contract between a covered entity and a vendor that handles protected health information on its behalf.

U.S. law setting privacy and security standards for protected health information held by covered entities and their vendors.

A globally-distributed network of edge servers that cache and serve a site's static assets close to users — the single biggest perf win for international sites.

The internet's address book — translates human-readable domain names (nessimworks.com) into IP addresses servers can route to.

Running application code at CDN edge locations close to users, instead of from a single origin region.

The cryptographic protocol securing HTTPS connections — TLS 1.3 is current; SSL is deprecated terminology still used colloquially.

A set of three Google metrics measuring real-user page experience: loading (LCP), interactivity (INP), and visual stability (CLS).

Core Web Vital measuring how much visible content unexpectedly moves during page load. Target: under 0.1.

Core Web Vital measuring how long the page takes to visually respond to a user interaction. Target: under 200ms.

Core Web Vital measuring when the largest visible element finishes rendering. Target: under 2.5 seconds on mobile.

Deferring the load of resources until they're needed — typically images and iframes below the fold.

How long it takes the browser to receive the first byte of HTML from the server — a server-side performance signal upstream of LCP.

A permanent server-side redirect — passes ~all link equity to the new URL and tells search engines to update their index.

Google's generative AI summary that appears at the top of many SERPs, synthesizing information from multiple sources.

The text alternative for an image — read by screen readers, used by search engines to understand image content, and shown when an image fails to load.

The visible, clickable text of a hyperlink — a relevance signal for both the linking page and the destination.

A link from another website pointing to yours — historically the strongest off-page ranking signal in search.

The single preferred version of a page when multiple URLs serve identical or near-identical content.

Mentions of a business's NAP across directories and websites — quantity and quality both signal local relevance to Google.

The percentage of users who click a result after seeing it — a visibility-conversion metric tracked in Search Console.

The number of URLs Googlebot will crawl on a site in a given period — limited by site authority, server capacity, and demand.

Software that browses the web and downloads pages to be indexed — Googlebot is the most consequential one.

Experience, Expertise, Authoritativeness, Trust — the framework Google's quality raters use to evaluate content quality, especially on YMYL topics.

A summary answer Google extracts from a high-ranking page and displays at position zero on the SERP.

Google's current analytics product, replacing Universal Analytics in July 2023 — event-based rather than session-based.

Google's free local-business listing that powers the Local Pack, Knowledge Panel, and Maps results — formerly known as Google My Business (GMB).

Google's free dashboard showing how a site appears in search — queries, clicks, impressions, indexing status, and crawl errors.

The primary heading on a page, typically the page's main title — both an on-page SEO signal and an accessibility landmark.

Google's site-wide quality classifier, launched 2022, that demotes content created primarily for search engines rather than people.

An HTML attribute or sitemap field telling search engines which language and region a page targets — critical for multilingual sites.

The process of a search engine storing a page's content in its index so it can be returned for relevant queries.

Links between pages on the same site — distribute authority, define site structure, and aid both crawlers and users.

The card-style information box Google shows on the right of the SERP for entities — people, businesses, places, organizations.

The map-plus-three-listings module Google shows for local-intent queries — usually the most clicked-on result for service businesses.

A specific, multi-word search query with lower volume but higher conversion intent than a broad head term.

The HTML meta tag that suggests a SERP snippet — Google may use it verbatim or rewrite it from page content.

Google's policy of using the mobile version of a page as the primary version for indexing and ranking, with desktop as fallback.

Name, Address, Phone — the consistency of these three fields across the web is a top local-SEO signal.

An HTML meta directive telling search engines not to include a page in their index, even if they crawl it.

Meta tags that control how a URL appears when shared on social platforms — title, description, and preview image.

The expandable Q&A module Google shows in the SERP, listing related questions users commonly ask.

A long-form page that comprehensively covers a broad topic and links out to detailed sub-topic pages — the hub in a topic-cluster strategy.

A plain-text file at the root of a domain that tells crawlers which paths they're allowed (or disallowed) to fetch.

Structured data added to HTML (usually as JSON-LD) that describes a page's content in a vocabulary search engines understand — schema.org.

The practice of improving a site's visibility in organic (unpaid) search results by aligning content, structure, and signals with what search engines reward.

The page Google (or any search engine) returns after a query — the mix of organic results, ads, and feature blocks like Local Pack and AI Overviews.

What the user actually wants when they type a query — informational, navigational, transactional, or commercial.

An XML file listing the URLs a site wants indexed, plus optional metadata about update frequency and priority.

The HTML `<title>` element — the clickable headline that appears on the SERP and in browser tabs.

Topics where bad information could harm users' health, finances, safety, or major life decisions — held to higher quality and E-E-A-T standards by Google.

A build tool that combines source files into optimized production bundles — handles transpilation, tree shaking, minification, and asset hashing.

The HTTP header that tells browsers and CDNs how long to cache a response and under what conditions to revalidate.

Continuous Integration / Continuous Deployment — automated pipelines that build, test, and deploy code on every commit.

Rendering UI in the browser via JavaScript — fast subsequent navigations, but slow first load and bad SEO without workarounds.

Breaking the JavaScript bundle into smaller chunks loaded on demand — pays the cost of a feature only when it's used.

Adobe's tag-based application server platform (originally Allaire's) that remains in production at many state agencies and back-office systems despite predating modern JS/Node runtimes.

A small piece of data the browser stores per-domain and sends with subsequent requests — the original mechanism for sessions and preferences.

Cross-Origin Resource Sharing — the browser security policy that controls which web pages can read responses from which APIs.

A way to package an application with all its dependencies into a portable container that runs the same anywhere.

The browser's in-memory tree representation of an HTML document — what JavaScript reads and modifies to make pages interactive.

Open-source PHP content management system known for complex content modeling, multilingual delivery, and strong adoption in government, education, and large institutional sites.

A query language for APIs that lets clients request exactly the fields they need — alternative to REST, especially good for complex front-ends.

The protocol that web browsers and servers use to exchange data — HTTPS is HTTP with TLS encryption, now standard for all sites.

The browser process of attaching JavaScript event handlers to server-rendered HTML, making a static-looking page interactive.

A hybrid rendering mode that serves cached static HTML and regenerates pages in the background on a schedule or on-demand.

Open-source PHP content management system with strong multilingual support and access control — common in association, education, and nonprofit deployments.

JavaScript Object Notation — a lightweight text format for structured data, the default payload format for modern APIs.

A self-contained, signed token format used for authentication and authorization — common in stateless APIs.

Browser key-value storage tied to the origin, persistent across tabs and sessions — useful for user preferences and small client-side caches.

Open-source ColdFusion CMS — a community fork of Mura that emerged when Mura transitioned to closed-source licensing.

ColdFusion-based commercial CMS that powers many state agency and enterprise CF deployments. Transitioned from open-source to closed-source/commercial licensing.

An authorization framework that lets users grant a third-party app limited access to their account without sharing the password.

A library that translates between database tables and application code objects — common ones: Prisma, Drizzle, TypeORM, Sequelize.

A web app with native-app-like features — installable to home screen, offline support via service workers, push notifications.

Constraining how many requests a client can make in a given window — prevents abuse and protects backend capacity.

Representational State Transfer — the dominant convention for HTTP APIs, organizing resources as URLs and verbs as HTTP methods.

Generating HTML on the server for each request — fast first paint, fresh data on every load, but more server load than static rendering.

Pre-rendering pages to HTML at build time — fastest possible delivery via CDN, but content updates require a rebuild.

A bundler optimization that removes unused code from the final bundle by analyzing import graphs.

An HTTP callback — when something happens on a remote system, it sends a POST request to a URL you provide.

A persistent two-way connection between browser and server — enables real-time push without polling.

Open-source PHP content management system that powers a majority of the public web; the primary platform for Nessim Works content-led builds.