Reference
Plain-English definitions of the words we use across this site. If you've ever stared at "DSPT," "Core Web Vitals," or "EU-sovereign hosting" and wondered what's actually being claimed — this is the page. Written for the UK small-business owners I build for, not the procurement managers I sometimes have to write for.
Astro is the open-source web framework I build every site on. It ships HTML and CSS by default and adds JavaScript only where a page genuinely needs it, which is why Astro sites load faster than WordPress, React, or Wix builds. It's the same tooling The Guardian, IKEA, and Firefox's docs use. Astro 6 (the current major) is what every Lite, Maintained, Growth, and Embedded build runs on.
See also: /systems · Hosting comparison
Companies House is the UK government's registrar of limited companies. Every legitimate Ltd has a company number you can look up on find-and-update.company-information.service.gov.uk to verify its registered office, directors, and filing history. UK Web Marketing is operated by TicketWave HQ Ltd, company number 17143167, registered in Pudsey, Leeds. If a web "agency" can't give you a number that resolves, you're dealing with a sole trader behind a Gmail.
See also: /about · /credentials
Core Web Vitals are Google's three measurable page-experience signals, used as a ranking factor in UK search. LCP (Largest Contentful Paint) — time to render the largest visible element, should be under 2.5 seconds. INP (Interaction to Next Paint) — responsiveness, under 200ms. CLS (Cumulative Layout Shift) — visual stability, under 0.1. Every site I build targets sub-second LCP on a UK mobile connection. The competition is usually 3-6 seconds.
See also: /systems · 2026 SMB website guide
Cyber Essentials is the UK government-backed certification for baseline cyber-security controls — firewalls, secure configuration, access control, malware protection, patch management. Run by IASME on behalf of the NCSC. Required to bid for many UK public-sector and NHS contracts. Costs roughly £320 (self-assessed) to £1,800+ (Cyber Essentials Plus, audited). Not currently held by UK Web Marketing — the infrastructure stack independently meets most controls, but the badge itself is on the roadmap, not claimed.
See also: /compliance · /credentials
DSPT is NHS England's annual self-assessment that any organisation handling NHS patient data must complete by 30 June each year. It covers data security, staff training, sub-processors, and incident response, mapped to the National Data Guardian's ten standards. Independent clinics connecting to NHS systems (booking, referrals, e-prescribing) have to file it. Your website's hosting region, cookie banner, and sub-processor list all show up in the toolkit's questions.
See also: /clinics · Why UK clinics fail GDPR
An edge function is small server-side code that runs at the data centre closest to the visitor, instead of one fixed server. A serverless function spins up only when called and shuts down after, so you pay per request rather than per month. Vercel London (lhr1) runs both for UK visitors. The practical effect: form submissions, search, and API calls return in tens of milliseconds rather than hundreds, with no server for you to patch.
See also: /systems · /managed-website-service
EU-sovereign hosting means every system that touches your visitors' data — web server, CDN, email, analytics, CRM, payments — runs in an EU-resident data centre, operated by an EU-resident legal entity. It matters because the US CLOUD Act lets US authorities compel US-headquartered providers to hand over data regardless of where it's stored. The UK Data Protection Act 2018 + UK GDPR treat that as a transfer risk. Every tier I sell is EU-sovereign by default.
See also: /compliance · /managed-website-service
GDPR is the data-protection regulation that governs how personal data is collected, stored, and shared. Since Brexit there are two parallel versions: UK GDPR (enforced by the ICO under the Data Protection Act 2018) and EU GDPR (Regulation 2016/679, enforced by EU data-protection authorities). They're substantively almost identical. If your UK business has any EU customers — most do — you're subject to both. Fines reach 4% of worldwide turnover or £17.5m.
See also: /compliance · UK GDPR
ICAEW is the regulator for chartered accountants in England and Wales — the body behind the ACA qualification and the "Chartered Accountant" designation. Around 165,000 members. ICAEW-regulated firms must comply with the Code of Ethics, the Anti-Money-Laundering Guidance for the Accountancy Sector (AMLGAS), and Section 114 of the handbook covering professional indemnity insurance, complaints, and engagement-letter disclosures — all of which need to be reflected on the firm's website.
See also: /accountants · /compliance
The ICO is the UK's independent data-protection regulator, based in Wilmslow, Cheshire. It enforces UK GDPR, the Data Protection Act 2018, and PECR (the cookie/marketing rules). Every UK organisation processing personal data outside purely household use must register with the ICO and pay the data-protection fee (£40–£2,900/year depending on size). The ICO publishes the data-protection register, investigates complaints, and issues fines up to £17.5m or 4% of worldwide turnover.
See also: /compliance · GDPR
ISO/IEC 27001 is the international standard for information security management systems (ISMS). Certification requires a documented set of security controls covering risk assessment, access management, supplier security, incident response, and continuous improvement — audited annually by a UKAS-accredited certification body. Typical cost: £8,000–£25,000 in year one for a small business. UK Web Marketing is not ISO 27001 certified — the underlying providers (Vercel, Cloudflare, Stripe) are, and my own ISMS roadmap is published on /compliance.
See also: /compliance · Cyber Essentials
KCSIE is the Department for Education's statutory safeguarding guidance for English schools and colleges, refreshed annually (current version: KCSIE 2025). It tells schools what must be on the website: safeguarding policy, SEN report, behaviour policy, complaints procedure, designated safeguarding lead contact, and more. Ofsted inspectors check the website against KCSIE during inspections. Missing or hard-to-find disclosures are one of the most common minor-to-significant findings.
See also: /schools · /compliance
Lighthouse is Google's open-source auditing tool, built into Chrome DevTools and PageSpeed Insights. It scores a page 0–100 across four pillars: Performance, Accessibility, Best Practices, and SEO. A green score is 90+; UK Web Marketing builds target 95–100 on all four, every page. The score is a proxy, not a guarantee of ranking, but it's the closest thing to an objective benchmark you can run on any URL in 30 seconds — including your competitors'.
See also: /systems · Core Web Vitals
A managed website service is the model I sell: you pay a flat monthly fee and I handle the entire stack — design, build, hosting, security patching, accessibility compliance, content updates, SEO, backups. There's no upfront capex, no in-house webmaster, no separate hosting bill, no surprise plugin-broke-the-site invoice. The opposite is a project-build (£3–15k upfront, you own the maintenance) or a DIY platform (Wix/Squarespace — you do the work). Four tiers: Lite £295, Maintained £495, Growth £1,495, Embedded from £6,000.
See also: /managed-website-service · /pricing
The SRA is the independent regulator of solicitors and law firms in England and Wales, regulating around 200,000 solicitors at 9,500 firms. It sets the SRA Standards and Regulations, runs the Compensation Fund, and enforces the Transparency Rules and Code of Conduct. Every SRA-regulated firm must display the SRA digital badge on its website (a clickable widget that verifies the firm is currently authorised). Sanctions range from fines to strike-off.
See also: /solicitors · SRA Transparency Rules
The SRA Transparency Rules require law firms to publish, on their website, price and service information for specified work types — residential conveyancing, probate (uncontested), motoring offences, employment tribunals (unfair dismissal), debt recovery up to £100k, immigration (excluding asylum), and licensing applications. Each must include total cost (or hourly rate ranges), VAT, disbursements, what's included, timescales, and the qualifications of the people doing the work. The SRA actively sweeps firm websites for compliance.
See also: /solicitors · SRA
An SSL/TLS certificate encrypts the connection between a visitor's browser and your website, so the padlock appears in the address bar and the URL starts with https://. SSL is the older name; TLS 1.3 is what's actually used in 2026. Without it, browsers show a "Not Secure" warning that costs you conversions and Google demotes you in search. Every UK Web Marketing site gets a free, auto-renewing certificate via Vercel + Let's Encrypt — included on every tier.
See also: /systems · /managed-website-service
Static site generation pre-builds every page of your site into a plain HTML file at deploy time, so the server just serves files instead of running a database query and PHP script on every visit (the WordPress model). The result: sub-second loads, no database to hack, almost zero maintenance, and a hosting bill measured in pennies. Astro generates statically by default. The trade-off — content changes need a redeploy — takes seconds and is fully automated.
The Stripe Customer Portal is the self-serve page Stripe hosts for every subscriber on your site. From their email link, customers can update card details, change plan, view invoices, and cancel — without needing to email you. UK Web Marketing uses it for every subscription: cancel any time, one click, no friction, no awkward retention call. You log in, hit cancel, the next month doesn't bill. It's the same portal Notion, Linear, and Figma use.
The root domain is the bare name — ukwebmarketing.com. A subdomain is a prefix — analytics.ukwebmarketing.com, blog.ukwebmarketing.com. Search engines treat subdomains as semi-separate sites: link equity doesn't flow as freely as between folders on the root, so /blog usually outranks blog. for the same content. Subdomains are useful for genuinely separate apps (your analytics dashboard, a status page) where you don't want shared cookies or CSS.
See also: /systems · 2026 SMB website guide
UK GDPR is the post-Brexit British version of the EU GDPR, brought into UK law by the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. Substantively almost identical to EU GDPR; the practical differences are jurisdiction (ICO instead of EU DPAs), fines in pounds not euros, and adequacy decisions the UK government makes independently. The UK currently has an adequacy decision from the EU, valid through 27 December 2027.
WCAG 2.2 (Web Content Accessibility Guidelines, version 2.2, published October 2023) is the international standard for accessible websites. Four tiers: A (minimum, easy to fail), AA (the legal benchmark — Equality Act 2010 case law treats AA as the reasonable-adjustment threshold), AAA (the strictest — 7:1 contrast, sign language for video, no time limits). 1 in 5 UK adults has a disability. Every UK Web Marketing site is built to AAA from the first commit.
See also: /systems · /compliance
Don't see a term?
If a word on this site puzzled you and it's not here, send it over. I'll add it.
From £295/mo web · From £195/mo email · Cancel any time