Skip to main content
GrN.dk

Main navigation

  • Articles
  • Contact
  • Your Digital Project Manager
  • About Greg Nowak
  • Services
  • Portfolio
  • Container
    • Excel Freelancer
    • Kubuntu - tips and tricks
    • Linux Apache MySQL and PHP
    • News
    • Image Gallery
User account menu
  • Log in

Breadcrumb

  1. Home

Speculative Loading: A Practical CMS Operations Checklist

By Greg Nowak. Last updated 2026-06-24.

Speculative loading is no longer a browser experiment that only performance engineers need to watch. It now appears in places that ordinary website teams actually use: WordPress core, Cloudflare settings, and Drupal modules. That changes the job. The question is not simply whether speculative loading is fast. The question is whether the right parts of your site are being accelerated, safely, measurably, and with someone accountable for the rollout.

In plain terms, speculative loading lets a browser fetch, or in some cases prerender, a likely next page before the visitor clicks. Used carefully, that can make a service page, product page, article, or contact form feel almost instant. Used carelessly, it can request URLs that should never be touched in the background, distort analytics, waste cache capacity, or run scripts before a person has really navigated.

Why This Became an Operations Issue

The business case is straightforward. Many conversions depend on the second or third click, not the first page view. If a visitor moves from a homepage to a service page, from an article to a case study, or from a product listing to a product page, the perceived speed of that next page matters. It makes the site feel competent at the moment the visitor is deciding whether to continue.

The operational issue is that speculative loading may not be introduced by the same team that owns analytics, consent, cache rules, or risky application routes. WordPress can generate rules from core behavior. Cloudflare can add speculation at the edge. Drupal teams may add it through contributed tooling. A developer can also add inline rules or response headers. If nobody maps the source of the rules, several well-intentioned optimizations can overlap.

Where to Look First

Start by finding where speculation rules are coming from. Look for inline <script type="speculationrules"> markup, a Speculation-Rules response header, CMS defaults, plugins, modules, and CDN features. More than one source can be active, so do not stop after finding the first one.

On WordPress, speculative loading was introduced in core in version 6.8 with a conservative default: frontend prefetching rather than aggressive prerendering. It is disabled for logged-in users and for sites without pretty permalinks. That is a sensible baseline for many public content sites, but it still needs review against your routes and tracking setup.

At the edge, Cloudflare Speed Brain can add a Speculation-Rules header and ask Chromium-based browsers to prefetch likely next navigations with conservative eagerness. Cloudflare applies safeguards around cache eligibility, Workers, and origin fetches, but that does not remove the need to document who owns the setting and how it is tested.

Route Type Good First Action Reason
Public, anonymous, cacheable content Allow same-origin prefetch Low risk and often commercially useful
Homepage to service or product pages Test targeted prefetch Improves common decision journeys
Login, logout, account, cart, checkout, payment Exclude by default Often personalized, sensitive, or stateful
Search, filters, previews, admin paths Review before enabling Can create wasteful or misleading requests
High-confidence next page with tested scripts Consider selective prerender Higher reward, but higher analytics and consent risk
A practical first-pass matrix for deciding where speculative loading belongs.

The Risks to Test

The first risk is unsafe GET behavior. A background request should not log someone out, add an item to a basket, trigger a workflow, mark something as read, or change a record. If a URL changes state merely because it was requested, speculative loading will expose that design problem quickly. Exclude those paths first, then fix the underlying route behavior where possible.

The second risk is measurement drift. Prefetching is usually lighter because it fetches resources for possible later use. Prerendering is more powerful because the browser can prepare a page more fully before activation. That also means client-side code may run earlier than expected. Analytics, pixels, heatmaps, A/B testing, CRM scripts, and consent-dependent tags need explicit testing, especially if reporting drives marketing spend or sales decisions.

The third risk is unclear ownership. CMS teams, CDN administrators, developers, and marketing teams can all affect the same behavior. A safe rollout needs one route map, one list of exclusions, and one person or team responsible for checking the feature when plugins, campaigns, templates, or cache rules change.

Useful Implementation Checks

A quick header check can show whether an external rules file is being advertised:

curl -I https://example.com/

If the response includes a Speculation-Rules header, inspect the referenced file and confirm that it is served with the application/speculationrules+json MIME type. If the rules are inline, check your Content Security Policy. Inline speculation rules need 'inline-speculation-rules', a nonce, or a hash in script-src, otherwise the rollout can fail without an obvious visual symptom.

For WordPress path exclusions, keep the rule close to the operational reality of the site. For example:

add_filter(
    'wp_speculation_rules_href_exclude_paths',
    function ( $href_exclude_paths ) {
        $href_exclude_paths[] = '/cart/*';
        $href_exclude_paths[] = '/checkout/*';
        $href_exclude_paths[] = '/account/*';
        return $href_exclude_paths;
    }
);

Also check for the editor-level no-prefetch and no-prerender classes where a specific link or block should be opted out. These are useful for content teams, but they should not replace a proper path-level exclusion strategy for sensitive areas.

A Sensible Rollout Plan

For most business sites, the practical first phase is same-origin prefetch on public, anonymous, cacheable pages. Measure server requests, cache hit rate, important journey speed, analytics changes, and consent behavior. Keep the first scope small enough that you can inspect it manually in browser tooling and logs. Look for requests carrying Sec-Purpose: prefetch, and remember that unsupported browsers should simply ignore the rules.

Only then consider selective prerendering for a small number of high-confidence journeys. Good candidates are predictable next steps with clean caching, no personalization, and scripts that behave correctly when a page is prerendered and later activated. If that sounds narrow, that is the point. Speculative loading works best as a precise operational improvement, not a blanket switch.

A good deliverable should leave the business with more than a faster click. It should document where rules are generated, which paths are allowed, which paths are excluded, how analytics was validated, who owns the configuration, and when it should be reviewed again. If you need that audit across WordPress, Drupal, Cloudflare, caching, and analytics, talk to Greg about a focused performance and operations review.

Related on GrN.dk

  • Why Your Website's Third-Party Stack Needs Operational Ownership
  • Cloudflare Page Rules Debt: The Quiet Way Business Websites Break
  • Form Spam Is a Lead-Quality Problem: A Practical Hardening Playbook for Business Websites

Need help with this kind of work?

Book a performance and operations review Get in touch with Greg.

Sources

  • Speculative Loading in WordPress 6.8
  • Cloudflare Speed Brain docs
  • Chrome for Developers: Implementing Speculation Rules
  • MDN: Speculation-Rules header
  • Drupal.org: Speculative Loading module
Last modified
2026-06-24

Tags

  • Speculative Loading
  • wordpress
  • Drupal
  • Cloudflare
  • Web Performance

Review Greg on Google

Greg Nowak Google Reviews

 

Illustrated infographic summarizing: If the Facts Need JavaScript, AI Search May Miss the Full Page
If the Facts Need JavaScript, AI Search May Miss the Full Page
2026-07-14

A practical guide to finding and fixing JavaScript rendering gaps that can hide services, prices, contact details and metadata from AI search crawlers.

Illustrated infographic summarizing: Search Console Can See Social Posts—Your Reports Need a New Map
Search Console Can See Social Posts—Your Reports Need a New Map
2026-07-13

Search Console now reports how social posts perform across Google. Here’s a practical way to manage properties, permissions, baselines and exports.

Illustrated infographic summarizing: WordPress 7.0 Has an AI Client. Plugins Need Their Own Guardrails
WordPress 7.0 Has an AI Client. Plugins Need Their Own Guardrails
2026-07-12

WordPress 7.0 standardizes how plugins call AI providers, while leaving developers responsible for access control, cost limits, capability checks and graceful failures.

Illustrated infographic summarizing: Google’s AI Search toggle needs a test plan, not a gut decision
Google’s AI Search toggle needs a test plan, not a gut decision
2026-07-11

Google’s AI Search control creates a measurable publishing choice. Test visibility, traffic and leads before changing the setting across your site.

Illustrated infographic summarizing: OpenAI Is Retiring Agent Builder: Save the Workflow, Not Just Prompts
OpenAI Is Retiring Agent Builder: Save the Workflow, Not Just Prompts
2026-07-10

OpenAI retires Agent Builder on November 30, 2026. Here is what teams need to preserve, how to choose a migration path, and how to cut over safely.

Illustrated infographic summarizing: AI agents need a browser policy before they start clicking around
AI agents need a browser policy before they start clicking around
2026-07-09

Browser-using AI agents can save time, but they need clear rules before they enter CRMs, CMSs, portals, or admin tools and start taking action.

Illustrated infographic summarizing: When AI writes JSON, one bad field can break the workflow
When AI writes JSON, one bad field can break the workflow
2026-07-08

Structured AI output is useful in real workflows, but teams need schemas, validation, retries, and logs before JSON reaches production systems.

Illustrated infographic summarizing: AI search is eating the click: measure the queries before rewriting pages
AI search is eating the click: measure the queries before rewriting pages
2026-07-07

AI summaries are cutting into search clicks. Start with a practical dashboard that shows query risk, bot purpose, page value, and crawler policy.

Illustrated infographic summarizing: AI shopping visibility now depends on boring product-data plumbing
AI shopping visibility now depends on boring product-data plumbing
2026-07-07

AI-assisted shopping puts more pressure on ecommerce catalog data, feeds, schema, prices, availability, and return-policy governance.

Illustrated infographic summarizing: Drupal AI Demos Need a Permissions Rehearsal Before Launch
Drupal AI Demos Need a Permissions Rehearsal Before Launch
2026-07-07

Drupal’s July 2026 AI advisories show why agencies should test permissions, uploads, approval loops, logs, and rollback before client demos go live.

More articles
RSS feed

GrN.dk web platforms, web optimization, data analysis, data handling and logistics.