Software, web design & SEO glossary
A practical glossary of the terms we use in every project. Plain-English definitions. Useful when you read a proposal, an audit, or a developer handoff and want to know exactly what something means without three Google tabs open.
A
- Accessibility a11y, WCAG
- The practice of designing and building digital products so people with disabilities (visual, motor, cognitive, hearing) can use them. The standard is WCAG 2.2 AA: keyboard navigation, sufficient color contrast, alt text on images, accessible forms, screen reader compatibility. See our accessibility statement.
- AEO Answer Engine Optimization
- Optimizing content so AI answer engines (ChatGPT, Perplexity, Google AI Overviews, Claude) can extract and cite it. The mechanics: direct-answer boxes 40-60 words long, structured data (FAQPage, HowTo, Article), entity-clear language, fact-rich extractable content.
- API Application Programming Interface
- A contract that lets one piece of software talk to another. Web APIs typically use HTTP and return JSON. We design APIs as part of our backend & API development service.
- AVIF
- A modern image format that compresses 30-50% smaller than WebP at the same quality. Supported by all evergreen browsers in 2026. We serve AVIF with WebP and JPEG fallbacks for performance budgets.
B
- Backend
- The server-side part of a web application: the code that runs on a server, talks to a database, handles business logic, and exposes data via APIs. Languages typically Python, Node.js, Go, Java. See backend & API development.
- Breadcrumb
- A navigation pattern showing the user's path through site hierarchy (Home → Services → Web Design). Marked up with
BreadcrumbListJSON-LD for SEO; helps Google show navigation rich results in SERP.
C
- Canonical URL
- The official version of a page when there are duplicates or near-duplicates. Declared with
<link rel="canonical">in the HTML head. Without it, Google has to guess which version to index, often picking wrong. - CMS Content Management System
- Software that lets non-developers edit a website. Examples: WordPress, Sanity, Strapi, Storyblok. We use headless CMS for most projects so the editor experience is decoupled from how the site is rendered.
- Conversion Rate
- The percentage of visitors who complete a target action (form submit, purchase, signup). The metric most marketing sites should optimize for, not raw traffic.
- Core Web Vitals CWV: LCP, INP, CLS
- Google's three-metric measurement of user experience: LCP (Largest Contentful Paint, loading speed), INP (Interaction to Next Paint, responsiveness), CLS (Cumulative Layout Shift, visual stability). Targets: LCP < 2.5s, INP < 200ms, CLS < 0.1. We optimize for these in website optimization.
- CSP Content Security Policy
- An HTTP header that restricts what scripts, styles and resources a page is allowed to load. Defends against XSS and data exfiltration. Every site we ship has a strict CSP.
- CSS
- The styling language of the web. Modern CSS in 2026 includes
clamp(), container queries, logical properties, color mixing — enough to handle most layout and theming without preprocessors.
D
- DevSecOps
- Development + Security + Operations integrated as one practice — security checks (SAST, DAST, dependency scanning, container scanning) automated in the CI/CD pipeline. See our DevSecOps service.
- DNS Domain Name System
- The phonebook of the internet: maps human-readable names (xplustechnologies.com) to server IP addresses. We configure DNS via Cloudflare on every project.
E
- E-commerce
- Online buying and selling. Software that supports it: catalog, cart, checkout, payments, inventory, shipping, returns. See e-commerce development and e-commerce web design.
- E-E-A-T
- Experience, Expertise, Authoritativeness, Trustworthiness. Google's quality framework. In 2026, the Experience layer is the most important — does the author have firsthand experience with the topic? Authors with verifiable credentials boost rankings.
F
- FAQPage Schema
- JSON-LD structured data type for marking up question/answer pairs. Eligible for Rich Results in Google SERP and heavily used by AI answer engines for citation. We add FAQPage schema to every service page.
- FastAPI
- A modern Python web framework for building APIs. Type-safe with Pydantic, async by default, automatic OpenAPI documentation. One of the stacks we use for backend & API development.
- Frontend
- The browser-side part of a web application: HTML, CSS, JavaScript, the visual interface the user sees and interacts with.
G
- GDPR General Data Protection Regulation
- EU regulation governing personal data: lawful basis for processing, user rights (access, deletion, portability), data minimization, breach notification within 72 hours. CCPA is the California equivalent. Privacy by design covers both.
- GraphQL
- An API query language that lets clients request exactly the data they need. Alternative to REST. We use GraphQL for complex frontends with many data shapes.
H
- Headless CMS
- A content management system that exposes content via API instead of rendering pages itself. Pairs with any front-end (Next.js, Astro). Better performance and developer experience than monolithic CMS.
- hreflang
- An HTML attribute / sitemap declaration telling Google which language and region a page targets. Critical for multilingual sites — without it, Google may serve the wrong language to the wrong user. We implement hreflang on every bilingual project.
- HSTS HTTP Strict Transport Security
- An HTTP header that forces browsers to use HTTPS for a domain. Prevents protocol downgrade attacks. Configured with
max-age=31536000; includeSubDomains; preloadin our deploys. - HTTPS
- HTTP over TLS. The encrypted version of HTTP. Mandatory in 2026 — Google ranks HTTPS sites higher and browsers warn on HTTP.
I
- IndexNow
- A protocol for sites to notify search engines (Bing, Yandex, Yep) instantly when content changes, instead of waiting for crawl. Cloudflare provides one-click IndexNow integration.
- INP Interaction to Next Paint
- A Core Web Vitals metric measuring how fast a page responds to user input. Replaced FID in 2024. Target: under 200ms.
J
- JSON-LD
- JSON for Linked Data. The format Google recommends for embedding structured data (Schema.org) in pages. Goes in a
<script type="application/ld+json">tag and does not affect visible layout.
L
- Landing Page
- A focused, single-purpose page typically used for paid ad campaigns or product launches. One offer, one CTA. See landing page design.
- LCP Largest Contentful Paint
- The Core Web Vitals metric measuring how fast the largest visible element on a page renders. Usually a hero image or headline. Target: under 2.5s on mobile.
M
- Maskable Icons
- PNG icons designed to fill a "safe zone" so Android can crop them into rounded squares, circles or rectangles without losing the brand mark. Required for installable PWAs that look professional on Android.
- Microservices
- An architecture style where an application is split into small, independently deployable services that communicate over network. Tradeoff: more complexity for more flexibility. Right for some projects, overkill for most.
- Mobile-First
- A design and development approach that starts with the smallest viewport and progressively enhances for larger screens. Default in 2026 because of Google's mobile-first indexing and the 70%+ mobile traffic share. See mobile-first web design.
- MVP Minimum Viable Product
- The smallest version of a product that delivers real user value. The point: ship fast, learn from real usage, iterate. We deliver MVPs in 4-8 weeks under our custom software development service.
O
- Open Graph
- Meta tags (
og:title,og:image,og:description) that control how a URL appears when shared on social media. Standard since Facebook introduced it; supported by every major platform. - OWASP Open Web Application Security Project
- A non-profit that publishes web security guidelines. The OWASP Top 10 lists the most common web vulnerabilities. Our security audits follow OWASP ASVS and Top 10. See application security testing.
P
- PageSpeed Insights
- Google's free tool that measures Core Web Vitals using real-user data (CrUX) and lab simulation. Returns scores 0-100 for mobile and desktop. We aim for 95-100 mobile on every site we ship.
- Penetration Testing Pen Test
- Authorized simulated attack on a system to find security weaknesses before real attackers do. Manual testing complementing automated SAST/DAST. See application security testing.
- Person Schema
- JSON-LD type for marking up authors, founders, key team members. Includes name, jobTitle, sameAs (LinkedIn, GitHub), credentials. Critical for E-E-A-T — Google links author identity to expertise.
- PWA Progressive Web App
- A web app that can be installed to home screen, work offline, and receive push notifications — without an app store. Requires a service worker, web manifest, and HTTPS.
R
- RAG Retrieval Augmented Generation
- An AI technique: instead of relying purely on a model's training data, fetch relevant documents from your data and pass them as context. Essential for chatbots that answer accurately about your business. We use RAG in AI chatbot development.
- React Native
- A framework for building native mobile apps with JavaScript and React components. One codebase ships to iOS and Android. See mobile app development.
- Responsive Design
- A web design approach where layout adapts fluidly to viewport size. Combined with mobile-first, the default in 2026. See responsive web design.
- REST REST API
- Representational State Transfer — an architectural style for APIs using HTTP verbs (GET, POST, PUT, DELETE) and JSON. Most common API style on the web.
- robots.txt
- A plain-text file at the root of a domain telling search engine crawlers which paths are allowed and disallowed. Pairs with sitemap.xml.
S
- SaaS Software as a Service
- Software delivered over the internet on subscription. Multi-tenant architecture, recurring billing. Most modern web products are SaaS.
- SAST & DAST
- Static Application Security Testing (analyzes source code for vulnerabilities) and Dynamic Application Security Testing (probes a running application). Both run automatically in our CI/CD pipelines.
- Schema.org
- A vocabulary for structured data, jointly developed by Google, Microsoft, Yandex and Yahoo. The 5 most-used types: Organization, Article, FAQPage, BreadcrumbList, Product/Service. Marked up via JSON-LD.
- SEO Search Engine Optimization
- Practices that make a site more visible in search engines. Has three layers: technical (crawlability, speed, structured data), on-page (titles, headings, content quality), off-page (backlinks, brand mentions, citations).
- Service Schema
- JSON-LD type for service-based businesses. Includes serviceType, provider, areaServed, offers. We mark up every service page with Service schema.
- Sitemap
- An XML file listing the URLs on a site, with metadata (lastmod, changefreq, priority). Submitted to Google Search Console and Bing Webmaster to speed up indexing.
- SPA Single Page Application
- A web app that loads once and updates content via JavaScript without full page reloads. Pros: app-like UX. Cons: SEO and performance are harder. Use SSR or static generation when SEO matters.
- SSR Server-Side Rendering
- Rendering HTML on the server (vs. in the browser). Better for SEO and first-paint performance. Next.js and Astro support SSR out of the box.
- Structured Data
- Machine-readable annotations on a page (typically JSON-LD using Schema.org vocabulary) that tell search engines and AI engines what the content is about. Critical for AEO and Rich Results.
T
- TLS Transport Layer Security
- The cryptographic protocol that secures HTTPS. TLS 1.3 is the current version. Cloudflare handles TLS termination on every site we deploy.
- Topical Authority
- Google's recognition that a site is an authority on a specific topic. Built by covering a topic comprehensively (pillar + clusters), consistent publishing, expert authors, internal linking that reflects the topic graph. Sites with topical authority generate ~30% more organic traffic and hold rankings 2.5× longer.
W
- Web Application
- Software that runs in a browser instead of being installed natively. Examples: Gmail, Notion, Figma. See web application development.
- Web Design
- The process of planning the visual layout, user experience, content structure and brand expression of a website. Distinct from web development (which turns design into code). We do both. See web design services.
- Webmanifest
- A JSON file (
site.webmanifest) declaring how a site should appear when installed as a PWA: name, icons, theme colors, display mode. Required for installable web apps. - WebP
- An image format developed by Google that compresses 25-35% smaller than JPEG/PNG at the same quality. Universally supported in 2026. We serve WebP with JPEG fallback.
- WCAG Web Content Accessibility Guidelines
- The international standard for web accessibility. Three conformance levels: A, AA, AAA. We design and build to WCAG 2.2 AA on every project.
Want to put any of these into practice?
Tell us about your project. We'll respond within 24-48 hours with a fixed-scope proposal: timeline, deliverables and budget.
Start a project →