How We Built Jagatab.UK — A Technical Breakdown
We tell clients we use "boring stack, fast iteration". Easy to claim, harder to demonstrate. This post breaks down how jagatab.uk itself is built — every layer, every choice, what we'd do differently. Use it to evaluate whether you'd want us to build for you the same way.
The high-level architecture
Static HTML pages served from Vercel's global edge network, fronted by Cloudflare for DNS and CDN. No backend application; no database for the site itself; no WordPress. Forms route to Formspree. Analytics via GA4 + GTM with UK GDPR-compliant Consent Mode v2. Total monthly hosting cost: about £0 because everything is in free tiers.
Stack and why each choice
Why static HTML, not a CMS
The site is a marketing site — content changes weekly, not by the minute. Generating static HTML at build time and serving from CDN means: sub-100ms response times globally, zero database to maintain, zero security patches, zero downtime risk. WordPress would have given us editor convenience at the cost of all of that. We made the trade-off explicitly: the engineering team (one person) edits HTML directly; we never wanted a non-technical content editor on this site.
Why Vercel for hosting
Vercel's edge network is genuinely fast worldwide. The free tier is generous (100GB bandwidth, 100,000 requests/day). Custom domains, SSL, GitHub auto-deploy — all included. We considered Cloudflare Pages, Netlify, and AWS S3+CloudFront; Vercel won on developer ergonomics and the rewrite/redirect configuration in vercel.json.
Why Cloudflare in front
Cloudflare sits between visitors and Vercel for DNS, caching, security, and analytics. The benefits: free SSL on apex domain, DDoS protection, basic WAF, bot management, and Web Analytics that doesn't need cookies. Plus we get Cloudflare's analytics for an outside-Google view of traffic patterns.
Why GA4 + GTM (vs Plausible / Fathom)
For a B2B services site, the Google ecosystem integration is genuinely valuable — Search Console data flows into GA4, conversion events can be tagged for Google Ads if we ever run them, and Tag Manager lets us add events without code changes. The privacy concerns are real but mitigated with Consent Mode v2 (defaults to denied; user opt-in via cookie banner; UK GDPR-compliant). We also explored Plausible and Fathom — both excellent, simpler privacy story, but the GSC integration is genuinely useful enough to keep GA4.
SEO architecture
168 indexed URLs across themed clusters
The site has 168 indexable pages organised into clear topical clusters:
- 9 service pages (/services/*)
- 10 city × service pages (e.g., /website-development-wisbech)
- 6 AI category pages + 1 hub (e.g., /gpt-integrations, /crm-automation)
- 4 industry vertical pages (law firms, accountants, estate agents, manufacturing)
- 23 niche industry pages (e.g., /ai-for-estate-agents-cambridge, /booking-automation-for-hair-salons)
- 4 case study deep dives (illustrative walkthroughs)
- 4 blog cluster pillars + 8 supporting posts
- 50+ older blog posts (mostly demo project posts)
- Plus utility pages: pricing, FAQ, care plans, credentials, free AI audit, ROI calculator
Schema.org markup on every page
Every production page has appropriate JSON-LD: LocalBusiness on geographic pages, Service + OfferCatalog on service pages, BlogPosting on blog posts, Article on case studies, FAQPage on pages with FAQs (eligible for SERP rich snippets), BreadcrumbList on every inner page, Person for founder authority on author bylines, CollectionPage + ItemList on the two hub pages. Site has 246+ valid JSON-LD blocks total, validated automatically via a Python audit script.
Clean URLs via Vercel rewrites
Geographic and category pages use clean top-level URLs (e.g., /ai-development-cambridge) — but the files actually live at /pages/ai-development-cambridge.html. Vercel rewrites map the clean URLs to the file paths server-side, so the URL bar stays clean. 39 rewrites total. We also added 60+ 301 redirects from old URL patterns to consolidate SEO equity.
Performance
PageSpeed Origin scores 90+ across LCP, INP, CLS on the homepage. Achieved through:
- Static HTML — no server rendering on each request
- Vercel edge serving the file from the geographically nearest PoP
- Hero image marked
fetchpriority="high"andloading="eager"; below-fold imagesloading="lazy" - Google Fonts loaded with
display: swapand a minimal weight set - GA4/GTM loaded async after Consent Mode default-denied
- No heavy third-party widgets (no live chat, no social embeds, no popups)
Analytics & conversion tracking
GA4 + GTM is the foundation, but the conversion-meaningful events are explicit:
whatsapp_click— fires on every wa.me link clickphone_call— fires on every tel: link clickemail_click— fires on every mailto: link clickaudit_completed— fires when someone finishes the 12-question AI audit, with the score band as a propertyroi_used— fires when someone interacts with the ROI calculator beyond a trivial threshold
These are wired into universal-components.js as delegated event handlers — they fire on any matching link or interaction across the entire site without per-page configuration. Marked as conversions in GA4.
Security & compliance
- CSP (Content Security Policy) restricting script and resource origins
- X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy headers via vercel.json
- HSTS enforced (HTTPS-only, 2-year max-age)
- Cookie consent banner with default-denied Consent Mode v2
- UK GDPR-compliant data flows (analytics opt-in, no tracking before consent)
- No fabricated trust signals or testimonials — see /credentials
What we'd do differently
Honest reflection on what hasn't gone perfectly:
- We initially set Vercel's www as primary domain. Code declared apex as canonical. Caused 307 (not 301) redirects on every page load. Spent a session fixing canonical-host alignment.
- Cloudflare email obfuscation rewrote mailto: links to /cdn-cgi/l/email-protection, which Bing crawler flagged as errors. Disabled.
- CSP initially blocked region1.analytics.google.com (the regional GA4 endpoint). Tag Assistant flagged events firing but not being received. Took 24h to diagnose; expanded CSP connect-src.
- 48 pages were built by Python scripts that didn't include GA4/GTM in the <head> — these reported zero analytics for ~24 hours until we audit-swept and added.
- Some early-built local pages didn't have map embeds, FAQs, or full depth — rebuilt to the 10-element depth template later.
Every one of those failures was a learning that's now baked into our build scripts and audit tooling. The site has been continuously audited via Python scripts: schema validity, broken links, redirect chains, fabrication markers, analytics coverage. Errors caught in scripts beats errors found by users.
What this means for clients
When you hire us to build a site or system, this is the standard we hold ourselves to. Static-first where possible. Engineering depth where it matters. Honest framing throughout (no fabricated testimonials, no inflated metrics, no certifications we haven't earned). Public methodology — see how we build for the full project lifecycle.
Got a workflow you want to talk through?
30 minutes, no pitch. We'll tell you honestly what we'd build — or whether automation isn't right yet.