Skip to content

The trouble with @font-face

All major browsers are able to display fonts that are not installed on the computer, but downloadable from the web through the CSS-technique @font-face. But there are some caveats.

Finally it seems like we’re getting rid of the shackles of webfonts. With the implementation of the CSS-technique @font-face in Firefox 3.5, Safari and Opera we’re not only able to choose between fonts like Arial, Times and Courier, but also between any TTF or OTF on our computers. IE already had an implementation of @font-face for years that only supports a proprietary format called EOT, but both 2 techniques work together perfectly in one CSS file.

If custom fonts are so great, Why isn’t anyone using it?

In case you’re already in the process of removing that lame Times New Roman from your computer: look around on the web. There’s almost no website to be found that shows non-standard fonts through the @font-face technique. They all use images or sIFR. So why is no-one using @font-face? I decided to set up a @font-face test page and try it in different browsers and found a few shortcomings:

No Chrome

Although Chrome is able to show custom fonts it’s disabled by default as reported on It appears that you can enable it by adding the option -enable-remote-fonts. It’s not clear if remote fonts are going to enabled by default soon, but I guess the Chrome team first have to address security issues that come with the use of webfonts.

Text flashing in Firefox

When loading the page, Firefox first shows the text in a default font. Only after the TTF or OTF is loaded, it will change the text accordingly. Even when I reload the page, the texts in the web page flashes from web font to TrueType font. Although it’s not a a nice effect, it’s no disaster either.

IE7+ in high security level

IE7 and IE8 in the highest security level will not show custom fonts, but will show a webfont. I’ve never ever had IE in the highest security level, but I reckon some will. And I guess many large organizations will have IE set to the highest security level. So be prepared that some people won’t see your carefully crafted website like you intended.

Deal breaker: IE6 in high security level

Well, until now the worst that could happen is that a browser won’t show a custom font but will default to a system font installed on your computer. But using custom fonts in IE6 is close to impossible. IE supports @font-face since IE4, but after the release of IE6 Microsoft decided to crank up the security. This resulted in a dialogue box that nicely asks if you’d like to download the custom font that might be a security breach. No problem. Until you click a link. Or even refresh the page. You’ll get that dialogue box once again. Huh? Didn’t I just answer that question? I’m still on the website, so why do I have to decide once again if I want to download a font that’s most likely still in my cache?

There goes your usable website down the drain. Like I said: I don’t think that many people will have their security set that high, but it still is a real deal breaker. I suggest that it’s best to show no custom fonts at all in IE6. You can do that by loading an alternate CSS file with conditional comments (tip of a colleague of mine). No fancy fonts is still better than the risk of scaring away visitors.

Last but not least: Converting fonts to EOT

Like I said earlier: Microsoft does not support TTF or OTF. That’s because if you link your CSS to a font file it has to be downloadable for anyone. That’s sour if you just paid a few hundred bucks for some premium font. Not to mention for the persons or companies who made that font. So Microsoft came up with a font format that’s not usable as a regular font and that’s restricted to some specific list of domains. Perfect.

But WEFT, the program to create EOT font files that Microsoft publicized, is awkward in use (if you ask me) and just doesn’t work on my Vista PC. It crashes before I’m able to convert a single font. There is an open source program called ttf2eot and there are even websites that convert fonts with that program like the one on But ttf2eot is still version 0.0.2-2, so that sounds very alpha to me although it seems to do a good job. So be sure to check first if you are able to convert a font before you promise something to the costumer.

An other way to protect the authors of fonts (and yourself as a user that paid a lot of money) is the use of webfont services that supply the raw font. That way you can use a specific font without having to worry that you become an unintentionally illegal provider of premium fonts.

But it will still change the web

So there are still some hurdles to overcome. But it’s clear that it won’t take long before the web will be significantly different from what we know now because the use of custom fonts. Although I’m convinced that with the plethora of available fonts, system fonts like Arial will stay an all-time favorite for a long time.


I had some good feedback (see comments) with some great links:

Bookmark and Share
6 Responses
Follow responses to this entry through this RSS.
  1. Erika

    Beautifully written! Very glad you wrote this up. I tend to lean toward PHP Font replacement or sIFR if it’s vital, but I try to not design my sites so closely around one specific font so much that I have to put the visitor through all of that stress, lol.

    Nice job!

  2. Tim Brown

    Thanks for this, Wouter.

    Re: WEFT, have you seen this screencast from Jonathan Snook?

    There’s also Font Squirrel’s @font-face Kit Generator, which does some conversion for you:

    I mention both of these resources in a recent post I wrote called “How to use CSS @font-face.” Check it out:

  3. admin

    Thank you for the feedback. I updated the article with some of your links.

  4. Kumar

    Very nice..
    Thanks for the article.

  5. sim

    Font squirrels @fontface kits work fine with ie6 and chrome7.I just tried it (Nov 3rd 2010)

  6. K

    I wonder if any of the other browsers who implement @font-face support provide MORE user control over it or less/none – I wonder?

    Apart from Internet Explorer, I can’t think of one other browser which allows the user to specify NOT to download/use @font-face downloads but still render the rest of an stylesheet(s) LAYOUT. Most/all* others have an option of
    with full css style ON or full css style OFF!

    (* excepting later editions of Chrome)

    Strange, considering all the security risks with @font-face (primarily Internet Explorer, it has to be admitted!)

    It really should have been a pre-requisite really, when the rule was first mooted that if an browser supports @font-face they must also give user option to turn @font-face download OFF but without affecting the overall layout of the page – NOT just because of any security risk but for usability reasons!

    Oh, and for the record, I am one of those who has IE (on XP and 7) put into “paranoid” mode (I turned off @font-face a few years ago anyway, as I was getting fed up with the additional load time and the “ugly” designs I was witnessing!) but yes, I have internet zone set to high and only “allow” my trusted websites to run content other than plain html – so there are one or two out there!

Leave a response