What is HTTP Strict Transport Security? HTTP Strict Transport Security, commonly referred to as HSTS, is a Web standard that aims to ensure all web resources off a domain are fetched over a secure transport layer. The core objective of HSTS is to protect users against passive and active network attacks. To this end, it prevents protocol downgrade attacks and blocks insecure click throughs. From a configuration perspective, HSTS is an easy to deploy HTTP header. Its format is: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Unfortunately, many companies who have tried to deploy HSTS have experienced various challenges, some of which resulted...

Continue reading

Starting today, Yelp Events data will be available through our Fusion API and GraphQL API to provide rich, local events data in our API as part of our developer beta program. Since launching Yelp Fusion last September, we’ve seen developers use our business data in unique and interesting ways and are excited to see what our developer community will do with the addition of events data. If you’re not already familiar, Yelp Events is a place where you can create, share and discover upcoming events happening worldwide. Events range from everything from beer festivals to art shows to Shakespeare in...

Continue reading

Introducing The Yelp Open Dataset About five years ago, we announced the Yelp Dataset Challenge: a competition that lets students explore and research with the help of our large corpus of data. Each participant can also formally submit their projects for the chance to win prizes. Over the years we’ve seen incredible interest and usage of our dataset for educational purposes. We’ve had teachers use it to teach their classes about databases, engineers use it learn graph databases, and students use it to understand machine learning. We’re very proud of this type of usage and are continuing to encourage more...

Continue reading

Automated testing is really important for ensuring your code is bug-free and works as expected but UI tests are particularly challenging as they tend to be flaky and unreliable. For an app like Yelp, a lot of tests are needed so developers will often see tests flake. You can look at test history to try and figure out if a test failure is your fault or not - and building tools to do so has been something we’ve invested time into - but you might be wrong and it takes time and effort to figure this out. This leads to...

Continue reading

Brotli is a compression algorithm from Google that has been making waves recently. You may have heard about its average 10-20% filesize savings over gzip, at comparable decompression speeds. This makes it a very irresistable format for serving static content, but it still has immature support from CDNs, which puts it out of reach for general widespread availability. A search run over HTTP Archive data indicates that there are around 25 web properties serving Brotli Content-Encoding URLs from Fastly, the CDN we use to host our static content, as of July 25th. While Fastly does not automatically convert content to...

Continue reading

Fred Wang has already done a lot. He graduated from U Penn’s Wharton School with degrees in Finance and Operations Management and then headed to New York City to co-found a startup. No big deal. Finding himself at a crossroads a few years later, he decided to try his luck on the west coast and joined Yelp’s new (at the time) Associate Product Manager (APM) program. Since his two-year anniversary at Yelp Eat24 is right around the corner, we decided to ask him a few questions about his experiences. Here’s what he had to say. Q: As a recent grad,...

Continue reading

At Yelp, pagelets are a server-side optimization to parallelize the rendering of web pages across multiple web workers (loosely inspired by Facebook’s Big Pipe). We’ve implemented this and have been running it successfully in production for a while now. This blog post is about our journey implementing and rolling out pagelets, including what we’ve learned since the initial rollout. Pagelets at Yelp: an overview Main and pagelet workers Usually a request made to Yelp is fulfilled by a single web worker. This worker is in charge of generating a response (in the form of an HTTP packet, with headers and...

Continue reading

While newer search engines at Yelp typically use Elasticsearch as a backend, Yelp’s core business search used its own custom backend, built directly on top of Lucene. This system was one of the oldest systems at Yelp to still be deployed in production. Some features of this custom search engine were Distributed Lucene instances Master-slave architecture Custom text analysis support for various languages Custom business ranking which relied mostly on using business features (think business attributes like reviews, name, hours_open, service_areas, etc.) Derived Yelp analytics data to improve quality of search results; e.g. most popular queries for a business Problems...

Continue reading