Ask HN: Any stats on how many users browse your sites with javascript disabled?

7 points by doctorosdeck ↗ HN
Are there still valid reasons for browsing sites with javascript disabled?

13 comments

[ 2.2 ms ] story [ 39.1 ms ] thread
Valid reasons? You mean other than to defend against the constant barrage of high profile XSS vulnerabilities reported to exist on large numbers of major websites?
I suppose. I never do any developing with javascript so I don't really have any first hand experience for people not using it.
I don't have many stats, but I believe some IT installations (where the browser is supposed to connect only to intranet sites) will severely restrict the allowed use of JS.

Also, I've had JS randomly break in firefox sometimes, and it doesn't get turned back on until the next install.

I think graceful degradation is still the key word here. Not just because it will allow non-JS users to access your site, but also because it helps force you to realize the semantic separation of the HTML versus JS layers.

I only enable js on sites I trust, and only when needed.
I used to do this a year or two ago but nowadays 90% of sites dont work properly without javascript. Is your whitelist so big that you dont notice it anymore?
Not really. I run Opera (or as my co-workers pronounce it, Oprah), so it's F12 and a click to turn JS or cookies on if a site doesn't seem quite right.
What are you trying to save yourself from?
I'm afraid of the unknown, I guess.

I did notice some weird javascript in an email virus attachment the other day. It used a bunch of escaped (hex?) values and other obfuscation techniques. Point being, it didn't look like anything you'd want to run with an accidental double-click.

Being that I run winders on the desktop, running Opera with JS off gives me a (possibly false) sense of security.

Please forgive me my near-off-topic answer:

Sure there are users out there without JS. There are still some IE6 users out there. But in most cases you need just look at your target: If you build a SaaS service you probably focus on the early adopters, first movers or whatever you call them.

Old browser or obscure security settings are a niche. If your product focus on that niche - great, consider it in your technical setup.

After attending a horrible freelance project as a ruby/rails guy in 2009 I finally made a decision for all of my hopefully upcoming projects:

* focus on the early adopters who may understand your product without a big introduction. these people usually have the best and modern browsers available.

* optimize for Safari/Mac, Firefox and maybe Chrome

* optimize only for iPhone

* forget the rest until you have 100 paying customers. Then decide again. (100 is just a number, maybe 50, maybe 1000 — you decided)

BUT: If you know for sure, that most of your taget customers are using IE6/have no javascript support/whatever: Support it. But I doubt it.

And don't think that your startup will have the same % amounts of browsers/settings like the big sites on the web. Also keep in mind that people need to be able and willing to spend money. I can imagine someone without javascript and cookies will never (be able to) enter her/his payment information over the web into a form.

They'll be very conservative and in my opinion it's not worth the time to try to "convert" them.

TL;DR

Try to focus the easiest reachable solution only. Know your potential customer's setup. Be selective.

My guess (though no stats) is that a decent proportion of the early-adopter/techie crowd actually has JS purposely off, via an extension like NoScript. Probably a bigger proportion than among "normal" people, though I assume still a smallish minority.
This, exactly. Don't assume I can't fill out a js-only form. I will if I decide to trust you. But I'm not likely to, when you have just demonstrated a lack of web authoring competence. In fact seeing who knows what they're doing is part of why I don't leave js enabled.
To channel patio11: any stats on how many users have no idea what JavaScript is, let alone how to disable it?

Sorry for the slightly flippant response (but thank you to patio11 for training me to think that way). I just couldn't help myself, since you phrased it as 'disabled' rather than 'not JavaScript capable'. In regards to the latter, you might find this StackOverflow post useful: http://stackoverflow.com/questions/121108/how-many-people-di...

I'm working for one of the world's biggest web hosting companies. The percentage of users accessing our pages with JavaScript disabled is around 0.2%. Couple years ago, it was around 1%. I assume this number might not be correct for all target groups (naturally, ours is rather tech affine).

And for your question: Personally, I wouldn't support non-JS users for most cases at all. There are security reasons to switch it off, but I hardly see any aspect of life where you get 100% security. JavaScript is an essential part of the web, if someone has a problem with that: don't surf and don't expect me to emulate things that I can solve easily in the client on the server (if at all possible).