HTTPArchive · tunetheweb · Jan 21, 2026 · Jan 20, 2026 · Jan 20, 2026 · Jan 21, 2026
diff --git a/.github/workflows/predeploy.yml b/.github/workflows/predeploy.yml
@@ -14,7 +14,7 @@ name: Predeploy script
 
 env:
   # Update periodically from https://www.princexml.com/latest/
-  PRINCE_PACKAGE: 'prince_20250207-1_ubuntu24.04_amd64.deb'
+  PRINCE_PACKAGE: 'prince_16.1-1_ubuntu24.04_arm64.deb'
 
 on:
   workflow_dispatch:

diff --git a/src/content/en/2021/caching.md b/src/content/en/2021/caching.md
@@ -119,40 +119,43 @@ When using the `Cache-Control` header, you specify one or more _directives_—pr
 
 Below is a table showing the most common `Cache-Control` directives:
 
-<table>
-  <tr>
-    <th>Directive</th>
-    <th>Description</th>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">max-age</code></td>
-    <td>Indicates the number of seconds that a resource can be cached for relative to the current time. For example, <code>max-age=86400</code>.</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">public</code></td>
-    <td>Indicates that any cache can store the response, including the browser and the CDN. This is assumed by default.</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">no-cache</code></td>
-    <td>A cached resource must be revalidated before its use, via a conditional request, even if it is not marked as stale.</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">must-revalidate</code></td>
-    <td>A stale cached entry must be revalidated before its use, via a conditional request.</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">no-store</code></td>
-    <td>Indicates that the response must not be cached.</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">private</code></td>
-    <td>The response is intended for a specific user and should not be stored by shared caches such as CDNs.</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">immutable</code></td>
-    <td>Indicates that the cached entry will never change during its TTL, and that revalidation is not necessary.</td>
-  </tr>
-</table>
+<figure>
+  <table>
+    <tr>
+      <th>Directive</th>
+      <th>Description</th>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">max-age</code></td>
+      <td>Indicates the number of seconds that a resource can be cached for relative to the current time. For example, <code>max-age=86400</code>.</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">public</code></td>
+      <td>Indicates that any cache can store the response, including the browser and the CDN. This is assumed by default.</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">no-cache</code></td>
+      <td>A cached resource must be revalidated before its use, via a conditional request, even if it is not marked as stale.</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">must-revalidate</code></td>
+      <td>A stale cached entry must be revalidated before its use, via a conditional request.</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">no-store</code></td>
+      <td>Indicates that the response must not be cached.</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">private</code></td>
+      <td>The response is intended for a specific user and should not be stored by shared caches such as CDNs.</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">immutable</code></td>
+      <td>Indicates that the cached entry will never change during its TTL, and that revalidation is not necessary.</td>
+    </tr>
+  </table>
+  <figcaption>{{ figure_link(caption="<code>Cache-Control</code> directives.") }}</figcaption>
+</figure>
 
 {{ figure_markup(
   image="cache-control-directives.png",

diff --git a/src/content/en/2021/ecommerce.md b/src/content/en/2021/ecommerce.md
@@ -181,7 +181,7 @@ As we continue down the leaderboard, there are few surprises in this space. Quit
 
 It is hard to compare the total number of ecommerce sites found across years. As described earlier, this is because the ability to detect whether a site is ecommerce has been improved substantially. In part through the use of secondary signals such as Google Analytics Enhanced Ecommerce integration.
 
-So instead, [last year's report](./../2020/ecommerce#covid-19-impact-on-ecommerce) focused on a small number of platforms to see how their use had changed. The early signs in the first half of 2020 were that there were measurable and notable increases in Shopify and WooCommerce use. The growth was in the region of 20% between January 2020 and July 2020 while other platforms like Magento did not see the same growth. These platforms are known for their low entry costs and ease of use, while Magento is not.
+So instead, [last year's report](../2020/ecommerce#covid-19-impact-on-ecommerce) focused on a small number of platforms to see how their use had changed. The early signs in the first half of 2020 were that there were measurable and notable increases in Shopify and WooCommerce use. The growth was in the region of 20% between January 2020 and July 2020 while other platforms like Magento did not see the same growth. These platforms are known for their low entry costs and ease of use, while Magento is not.
 
 Fast-forward to 2021, people and businesses around the world have continued to adapt. Ecommerce in the US in 2020 saw revenue growth of 32.4% <a hreflang="en" href="https://www.digitalcommerce360.com/article/coronavirus-impact-online-retail/">according to a report</a> by the Commerce Department. In the UK, the <a hreflang="en" href="https://internetretailing.net/industry/industry/ecommerce-grew-by-46-in-2020---its-strongest-growth-for-more-than-a-decade--but-overall-retail-sales-fell-by-a-record-19-ons-22603">Office of National Statistics reported</a> a 46% growth.
 

diff --git a/src/content/en/2021/security.md b/src/content/en/2021/security.md
@@ -303,7 +303,7 @@ We see that 58.5% of all first-party cookies with a `SameSite` attribute have th
 
 Cookie prefixes `__Host-` and `__Secure-` help mitigate attacks to override the session cookie information for a <a hreflang="en" href="https://owasp.org/www-community/attacks/Session_fixation">session fixation attack</a>. `__Host-` helps in domain locking a cookie by requiring the cookie to also have `Secure` attribute, `Path` attribute set to `/`, not have `Domain` attribute and to be sent from a secure origin. `__Secure-` on the other hand requires the cookie to only have `Secure` attribute and to be sent from a secure origin.
 
-<figure>
+<figure>
   <table>
     <thead>
       <tr>

diff --git a/src/content/en/2022/performance.md b/src/content/en/2022/performance.md
@@ -676,7 +676,7 @@ There are other, more direct ways site owners can improve their CLS. Setting `he
 
 Effectively all websites have "good" FID for desktop users, and this trend has held firm over the years. Mobile FID performance is also exceptionally fast, with 92% of websites having "good" FID, a slight improvement over last year.
 
-While it's great that so many websites have good FID experiences, developers need to be careful not to become too complacent. Google has been <a hreflang="en" href="https://web.dev/better-responsiveness-metric/">experimenting with a new responsiveness metric</a> that could end up replacing FID, which is especially important because sites tend to perform much worse on [this new metric](./#interaction-to-next-paint-inp) than FID.
+While it's great that so many websites have good FID experiences, developers need to be careful not to become too complacent. Google has been <a hreflang="en" href="https://web.dev/better-responsiveness-metric/">experimenting with a new responsiveness metric</a> that could end up replacing FID, which is especially important because sites tend to perform much worse on [this new metric](#interaction-to-next-paint-inp) than FID.
 
 ### FID metadata and best practices
 

diff --git a/src/content/en/2024/accessibility.md b/src/content/en/2024/accessibility.md
@@ -371,7 +371,7 @@ Tables present data and relationships using two dimensions. For accessibility, t
         <th scope="colgroup" colspan=2>All Sites</th>
       </tr>
       <tr>
-        <th></th>
+        <td></td>
         <th scope="col">desktop</th>
         <th scope="col">mobile</th>
         <th scope="col">desktop</th>

diff --git a/src/content/en/2024/security.md b/src/content/en/2024/security.md
@@ -1425,7 +1425,7 @@ For CMS's that can be easily self-hosted such as Plone or Wagtail, it is more di
 Large websites often have a high number of visitors and registered users, of which they might store highly sensitive data. This means they likely attract more attackers and are thus more prone to targeted attacks. Additionally, when an attack succeeds, these websites could be fined or sued, costing them money and/or reputational damage. Therefore, it can be expected that popular websites invest more in their security to secure their users.
 
 {{ figure_markup(
-  image="security-headeers-by-rank.png",
+  image="security-headers-by-rank.png",
   caption="Security header adoption by website rank according to the April 2024 CrUX.",
   description="Bar chart showing in top 1,000 sites, 64% have XFO, 60% have HSTS and 56% have X-Content-Type-Options headers. In top 10,000, 54% have XFO, 46% have HSTS and 54% have X-Content-Type-Options headers. In top 100,000, 51% have XFO, 42% have HSTS and 50% have X-Content-Type-Options headers. In top 1,000,000, 45% have XFO, 36% have HSTS and 47% have X-Content-Type-Options headers. Among all sites, 29% have XFO, 31% have HSTS and 43% have X-Content-Type-Options.",
   chart_url="https://docs.google.com/spreadsheets/d/e/2PACX-1vTxTTMlFFSMT3mZgw2awA0wl3F68gzU1OLuyMaZXscSFq-Pa5ev_qTXx8ZaGEOl_ox_aHsraAGMXZ9Y/pubchart?oid=256464807&format=interactive",

diff --git a/src/content/en/2024/sustainability.md b/src/content/en/2024/sustainability.md
@@ -27,7 +27,7 @@ doi: 10.5281/zenodo.14065377
 
 ## Introduction
 
-In the current chapter, we will rely as much as possible on [the 2022 Sustainability chapter](./../2022/sustainability). If you haven't yet, you should read it right now. Yes, recycling/reusing is a major part of sustainability.
+In the current chapter, we will rely as much as possible on [the 2022 Sustainability chapter](../2022/sustainability). If you haven't yet, you should read it right now. Yes, recycling/reusing is a major part of sustainability.
 
 Since the 2022 Almanac, the field of digital sustainability has advanced considerably. That said, it is very much in its infancy, as this is a complex problem. We cannot know, with absolute certainty, what the full effects of our digital lives are on our physical planet. What we can be confident in is that the full impacts are bigger than generally accounted for. Water, land, rare minerals, and electricity are all consumed by our "clean" digital interfaces, and toxic waste is often produced.
 
@@ -630,7 +630,7 @@ Automatically preloading videos is a concern for web sustainability. This practi
   sql_file="video_preload_values.sql"
 ) }}
 
-Comparing the usage of the preload attribute between [2022](./../2022/sustainability) and 2024, we observe some changes. The percentage of websites not using preload has slightly decreased, from 58% to 55% on desktop and from 60% to 56% on mobile. This shift suggests a small increase in the use of preload attributes, which could have implications for sustainability.
+Comparing the usage of the preload attribute between [2022](../2022/sustainability) and 2024, we observe some changes. The percentage of websites not using preload has slightly decreased, from 58% to 55% on desktop and from 60% to 56% on mobile. This shift suggests a small increase in the use of preload attributes, which could have implications for sustainability.
 
 It's important to remember that the preload attribute only has three valid values: none, auto, and metadata (default). Using the preload attribute with no value or an incorrect value may be interpreted as 'metadata', which can still involve loading up to 3% of the video to retrieve metadata. From a sustainability standpoint, 'none' remains the most environmentally friendly option.
 
@@ -653,7 +653,7 @@ It's important to note that the autoplay attribute can override preload settings
   sql_file="video_autoplay_values.sql"
 ) }}
 
-Comparing the usage of autoplay between [2022](./../2022/sustainability) and 2024, we see some notable changes. The percentage of websites explicitly not using autoplay has decreased, from 53% to 45% on desktop and from 53% to 45% on mobile. This could be a concern for sustainability efforts. Also, we notice a slight increase for websites using an empty value for this attribute, which also triggers autoplay (and is bad for sustainability).
+Comparing the usage of autoplay between [2022](../2022/sustainability) and 2024, we see some notable changes. The percentage of websites explicitly not using autoplay has decreased, from 53% to 45% on desktop and from 53% to 45% on mobile. This could be a concern for sustainability efforts. Also, we notice a slight increase for websites using an empty value for this attribute, which also triggers autoplay (and is bad for sustainability).
 
 It's crucial to remember that autoplay is a Boolean attribute, meaning its presence, even with an empty value, triggers autoplay behavior. The combined percentage of explicit autoplay usage (including `autoplay`, `TRUE` and other values) has remained relatively stable, around 8% for both desktop and mobile.
 
@@ -888,7 +888,7 @@ For further information, refer to:
   sql_file="stylesheet_count.sql"
 ) }}
 
-When we compare this year's data to [2022 data](./../2022/sustainability) we can see the following:
+When we compare this year's data to [2022 data](../2022/sustainability) we can see the following:
 1. Increase in inline stylesheet usage:
     - Desktop: from 25% in 2022 to 31% in 2024.
     - Mobile: from 25% in 2022 to 32% in 2024.

diff --git a/src/content/en/2025/pwa.md b/src/content/en/2025/pwa.md
@@ -161,7 +161,8 @@ Let's examine how individual members rate in the totality of manifest files scan
     <thead>
       <tr>
         <th>Manifest field</th>
-        <th class="numeric">Sites</th>
+        <th>Desktop</th>
+        <th>Mobile</th>
       </tr>
     </thead>
     <tbody>

diff --git a/src/content/ja/2019/cdn.md b/src/content/ja/2019/cdn.md
@@ -332,7 +332,7 @@ CDNプロバイダーには、汎用CDNと目的別CDNの2つのカテゴリが
       </tr>
     </tbody>
   </table>
-  <figcaption>表5のデータを示すツリーマップグラフ。</figcaption>
+  <figcaption>{{ figure_link(caption="表5のデータを示すツリーマップグラフ。") }}</figcaption>
 </figure>
 
 上位CDNプロバイダーの構成は、サードパーティのリソースに対して劇的に変化します。サードパーティのリソースをホストするCDNが頻繁に監視されるだけでなく、Facebook、Twitter、Googleなどの目的に合ったCDNプロバイダーも増加しています。

diff --git a/src/content/ja/2021/caching.md b/src/content/ja/2021/caching.md
@@ -119,40 +119,43 @@ CDNとブラウザの両方において、HTTPヘッダーは開発者がリソ
 
 以下は、もっとも一般的な `Cache-Control` ディレクティブを示した表です。
 
-<table>
-  <tr>
-    <th>ディレクティブ</th>
-    <th>説明</th>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">max-age</code></td>
-    <td>現在時刻を基準として、リソースのキャッシュが可能な秒数を示す。たとえば、<code>max-age=86400</code>などです。</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">public</code></td>
-    <td>ブラウザや CDN を含む、任意のキャッシュが応答を保存できることを示します。これはデフォルトで想定されています。</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">no-cache</code></td>
-    <td>キャッシュされたリソースは、たとえそれが古いとマークされていなくても、使用前に条件付きリクエストによって再検証されなければならない。</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">must-revalidate</code></td>
-    <td>キャッシュされた古いエントリは、使用前に条件付きリクエストによって再検証されなければならない。</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">no-store</code></td>
-    <td>レスポンスがキャッシュされてはならないことを示す。</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">private</code></td>
-    <td>このレスポンスは特定のユーザーを対象としたものであり、CDNなどの共有キャッシュに保存されるべきものではありません。</td>
-  </tr>
-  <tr>
-    <td><code class="no-wrap">immutable</code></td>
-    <td>キャッシュされたエントリがその TTL の間、決して変更されず、再バリデーションが必要ないことを示す。</td>
-  </tr>
-</table>
+<figure>
+  <table>
+    <tr>
+      <th>ディレクティブ</th>
+      <th>説明</th>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">max-age</code></td>
+      <td>現在時刻を基準として、リソースのキャッシュが可能な秒数を示す。たとえば、<code>max-age=86400</code>などです。</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">public</code></td>
+      <td>ブラウザや CDN を含む、任意のキャッシュが応答を保存できることを示します。これはデフォルトで想定されています。</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">no-cache</code></td>
+      <td>キャッシュされたリソースは、たとえそれが古いとマークされていなくても、使用前に条件付きリクエストによって再検証されなければならない。</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">must-revalidate</code></td>
+      <td>キャッシュされた古いエントリは、使用前に条件付きリクエストによって再検証されなければならない。</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">no-store</code></td>
+      <td>レスポンスがキャッシュされてはならないことを示す。</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">private</code></td>
+      <td>このレスポンスは特定のユーザーを対象としたものであり、CDNなどの共有キャッシュに保存されるべきものではありません。</td>
+    </tr>
+    <tr>
+      <td><code class="no-wrap">immutable</code></td>
+      <td>キャッシュされたエントリがその TTL の間、決して変更されず、再バリデーションが必要ないことを示す。</td>
+    </tr>
+  </table>
+  <figcaption>{{ figure_link(caption="<code>Cache-Control</code>ディレクティブ。") }}</figcaption>
+</figure>
 
 {{ figure_markup(
   image="cache-control-directives.png",
-Original file line number
+Diff line change
@@ Expand Up @@
     Cookie prefixes `__Host-` and `__Secure-` help mitigate attacks to override the session cookie information for a <a hreflang="en" href="https://owasp.org/www-community/attacks/Session_fixation">session fixation attack</a>. `__Host-` helps in domain locking a cookie by requiring the cookie to also have `Secure` attribute, `Path` attribute set to `/`, not have `Domain` attribute and to be sent from a secure origin. `__Secure-` on the other hand requires the cookie to only have `Secure` attribute and to be sent from a secure origin.
-    <figure>
+    <figure>
       <table>
         <thead>
           <tr>
@@ Expand Down @@