Software, web design & SEO glossary

A practical glossary of the terms we use in every project. Plain-English definitions. Useful when you read a proposal, an audit, or a developer handoff and want to know exactly what something means without three Google tabs open.

A

Accessibility a11y, WCAG
The practice of designing and building digital products so people with disabilities (visual, motor, cognitive, hearing) can use them. The standard is WCAG 2.2 AA: keyboard navigation, sufficient color contrast, alt text on images, accessible forms, screen reader compatibility. See our accessibility statement.
AEO Answer Engine Optimization
Optimizing content so AI answer engines (ChatGPT, Perplexity, Google AI Overviews, Claude) can extract and cite it. The mechanics: direct-answer boxes 40-60 words long, structured data (FAQPage, HowTo, Article), entity-clear language, fact-rich extractable content.
API Application Programming Interface
A contract that lets one piece of software talk to another. Web APIs typically use HTTP and return JSON. We design APIs as part of our backend & API development service.
AVIF
A modern image format that compresses 30-50% smaller than WebP at the same quality. Supported by all evergreen browsers in 2026. We serve AVIF with WebP and JPEG fallbacks for performance budgets.

B

Backend
The server-side part of a web application: the code that runs on a server, talks to a database, handles business logic, and exposes data via APIs. Languages typically Python, Node.js, Go, Java. See backend & API development.
Breadcrumb
A navigation pattern showing the user's path through site hierarchy (Home → Services → Web Design). Marked up with BreadcrumbList JSON-LD for SEO; helps Google show navigation rich results in SERP.

C

Canonical URL
The official version of a page when there are duplicates or near-duplicates. Declared with <link rel="canonical"> in the HTML head. Without it, Google has to guess which version to index, often picking wrong.
CMS Content Management System
Software that lets non-developers edit a website. Examples: WordPress, Sanity, Strapi, Storyblok. We use headless CMS for most projects so the editor experience is decoupled from how the site is rendered.
Conversion Rate
The percentage of visitors who complete a target action (form submit, purchase, signup). The metric most marketing sites should optimize for, not raw traffic.
Core Web Vitals CWV: LCP, INP, CLS
Google's three-metric measurement of user experience: LCP (Largest Contentful Paint, loading speed), INP (Interaction to Next Paint, responsiveness), CLS (Cumulative Layout Shift, visual stability). Targets: LCP < 2.5s, INP < 200ms, CLS < 0.1. We optimize for these in website optimization.
CSP Content Security Policy
An HTTP header that restricts what scripts, styles and resources a page is allowed to load. Defends against XSS and data exfiltration. Every site we ship has a strict CSP.
CSS
The styling language of the web. Modern CSS in 2026 includes clamp(), container queries, logical properties, color mixing — enough to handle most layout and theming without preprocessors.

D

DevSecOps
Development + Security + Operations integrated as one practice — security checks (SAST, DAST, dependency scanning, container scanning) automated in the CI/CD pipeline. See our DevSecOps service.
DNS Domain Name System
The phonebook of the internet: maps human-readable names (xplustechnologies.com) to server IP addresses. We configure DNS via Cloudflare on every project.

E

E-commerce
Online buying and selling. Software that supports it: catalog, cart, checkout, payments, inventory, shipping, returns. See e-commerce development and e-commerce web design.
E-E-A-T
Experience, Expertise, Authoritativeness, Trustworthiness. Google's quality framework. In 2026, the Experience layer is the most important — does the author have firsthand experience with the topic? Authors with verifiable credentials boost rankings.

F

FAQPage Schema
JSON-LD structured data type for marking up question/answer pairs. Eligible for Rich Results in Google SERP and heavily used by AI answer engines for citation. We add FAQPage schema to every service page.
FastAPI
A modern Python web framework for building APIs. Type-safe with Pydantic, async by default, automatic OpenAPI documentation. One of the stacks we use for backend & API development.
Frontend
The browser-side part of a web application: HTML, CSS, JavaScript, the visual interface the user sees and interacts with.

G

GDPR General Data Protection Regulation
EU regulation governing personal data: lawful basis for processing, user rights (access, deletion, portability), data minimization, breach notification within 72 hours. CCPA is the California equivalent. Privacy by design covers both.
GraphQL
An API query language that lets clients request exactly the data they need. Alternative to REST. We use GraphQL for complex frontends with many data shapes.

H

Headless CMS
A content management system that exposes content via API instead of rendering pages itself. Pairs with any front-end (Next.js, Astro). Better performance and developer experience than monolithic CMS.
hreflang
An HTML attribute / sitemap declaration telling Google which language and region a page targets. Critical for multilingual sites — without it, Google may serve the wrong language to the wrong user. We implement hreflang on every bilingual project.
HSTS HTTP Strict Transport Security
An HTTP header that forces browsers to use HTTPS for a domain. Prevents protocol downgrade attacks. Configured with max-age=31536000; includeSubDomains; preload in our deploys.
HTTPS
HTTP over TLS. The encrypted version of HTTP. Mandatory in 2026 — Google ranks HTTPS sites higher and browsers warn on HTTP.

I

IndexNow
A protocol for sites to notify search engines (Bing, Yandex, Yep) instantly when content changes, instead of waiting for crawl. Cloudflare provides one-click IndexNow integration.
INP Interaction to Next Paint
A Core Web Vitals metric measuring how fast a page responds to user input. Replaced FID in 2024. Target: under 200ms.

J

JSON-LD
JSON for Linked Data. The format Google recommends for embedding structured data (Schema.org) in pages. Goes in a <script type="application/ld+json"> tag and does not affect visible layout.

L

Landing Page
A focused, single-purpose page typically used for paid ad campaigns or product launches. One offer, one CTA. See landing page design.
LCP Largest Contentful Paint
The Core Web Vitals metric measuring how fast the largest visible element on a page renders. Usually a hero image or headline. Target: under 2.5s on mobile.

M

Maskable Icons
PNG icons designed to fill a "safe zone" so Android can crop them into rounded squares, circles or rectangles without losing the brand mark. Required for installable PWAs that look professional on Android.
Microservices
An architecture style where an application is split into small, independently deployable services that communicate over network. Tradeoff: more complexity for more flexibility. Right for some projects, overkill for most.
Mobile-First
A design and development approach that starts with the smallest viewport and progressively enhances for larger screens. Default in 2026 because of Google's mobile-first indexing and the 70%+ mobile traffic share. See mobile-first web design.
MVP Minimum Viable Product
The smallest version of a product that delivers real user value. The point: ship fast, learn from real usage, iterate. We deliver MVPs in 4-8 weeks under our custom software development service.

O

Open Graph
Meta tags (og:title, og:image, og:description) that control how a URL appears when shared on social media. Standard since Facebook introduced it; supported by every major platform.
OWASP Open Web Application Security Project
A non-profit that publishes web security guidelines. The OWASP Top 10 lists the most common web vulnerabilities. Our security audits follow OWASP ASVS and Top 10. See application security testing.

P

PageSpeed Insights
Google's free tool that measures Core Web Vitals using real-user data (CrUX) and lab simulation. Returns scores 0-100 for mobile and desktop. We aim for 95-100 mobile on every site we ship.
Penetration Testing Pen Test
Authorized simulated attack on a system to find security weaknesses before real attackers do. Manual testing complementing automated SAST/DAST. See application security testing.
Person Schema
JSON-LD type for marking up authors, founders, key team members. Includes name, jobTitle, sameAs (LinkedIn, GitHub), credentials. Critical for E-E-A-T — Google links author identity to expertise.
PWA Progressive Web App
A web app that can be installed to home screen, work offline, and receive push notifications — without an app store. Requires a service worker, web manifest, and HTTPS.

R

RAG Retrieval Augmented Generation
An AI technique: instead of relying purely on a model's training data, fetch relevant documents from your data and pass them as context. Essential for chatbots that answer accurately about your business. We use RAG in AI chatbot development.
React Native
A framework for building native mobile apps with JavaScript and React components. One codebase ships to iOS and Android. See mobile app development.
Responsive Design
A web design approach where layout adapts fluidly to viewport size. Combined with mobile-first, the default in 2026. See responsive web design.
REST REST API
Representational State Transfer — an architectural style for APIs using HTTP verbs (GET, POST, PUT, DELETE) and JSON. Most common API style on the web.
robots.txt
A plain-text file at the root of a domain telling search engine crawlers which paths are allowed and disallowed. Pairs with sitemap.xml.

S

SaaS Software as a Service
Software delivered over the internet on subscription. Multi-tenant architecture, recurring billing. Most modern web products are SaaS.
SAST & DAST
Static Application Security Testing (analyzes source code for vulnerabilities) and Dynamic Application Security Testing (probes a running application). Both run automatically in our CI/CD pipelines.
Schema.org
A vocabulary for structured data, jointly developed by Google, Microsoft, Yandex and Yahoo. The 5 most-used types: Organization, Article, FAQPage, BreadcrumbList, Product/Service. Marked up via JSON-LD.
SEO Search Engine Optimization
Practices that make a site more visible in search engines. Has three layers: technical (crawlability, speed, structured data), on-page (titles, headings, content quality), off-page (backlinks, brand mentions, citations).
Service Schema
JSON-LD type for service-based businesses. Includes serviceType, provider, areaServed, offers. We mark up every service page with Service schema.
Sitemap
An XML file listing the URLs on a site, with metadata (lastmod, changefreq, priority). Submitted to Google Search Console and Bing Webmaster to speed up indexing.
SPA Single Page Application
A web app that loads once and updates content via JavaScript without full page reloads. Pros: app-like UX. Cons: SEO and performance are harder. Use SSR or static generation when SEO matters.
SSR Server-Side Rendering
Rendering HTML on the server (vs. in the browser). Better for SEO and first-paint performance. Next.js and Astro support SSR out of the box.
Structured Data
Machine-readable annotations on a page (typically JSON-LD using Schema.org vocabulary) that tell search engines and AI engines what the content is about. Critical for AEO and Rich Results.

T

TLS Transport Layer Security
The cryptographic protocol that secures HTTPS. TLS 1.3 is the current version. Cloudflare handles TLS termination on every site we deploy.
Topical Authority
Google's recognition that a site is an authority on a specific topic. Built by covering a topic comprehensively (pillar + clusters), consistent publishing, expert authors, internal linking that reflects the topic graph. Sites with topical authority generate ~30% more organic traffic and hold rankings 2.5× longer.

W

Web Application
Software that runs in a browser instead of being installed natively. Examples: Gmail, Notion, Figma. See web application development.
Web Design
The process of planning the visual layout, user experience, content structure and brand expression of a website. Distinct from web development (which turns design into code). We do both. See web design services.
Webmanifest
A JSON file (site.webmanifest) declaring how a site should appear when installed as a PWA: name, icons, theme colors, display mode. Required for installable web apps.
WebP
An image format developed by Google that compresses 25-35% smaller than JPEG/PNG at the same quality. Universally supported in 2026. We serve WebP with JPEG fallback.
WCAG Web Content Accessibility Guidelines
The international standard for web accessibility. Three conformance levels: A, AA, AAA. We design and build to WCAG 2.2 AA on every project.

Want to put any of these into practice?

Tell us about your project. We'll respond within 24-48 hours with a fixed-scope proposal: timeline, deliverables and budget.

Start a project →