My name is Frederic Hemberger, I'm a freelance front end and JavaScript developer based in Cologne, Germany.

I work with clients and agencies to create websites and applications based on modern web technologies.


I love to craft simple yet elegant solutions following web-standards and best practices while focusing on performance, accessibility and bringing the best user experience across devices.

My main line of work is coding JavaScript, either for the browser or with Node.js on the server side, writing web services and applications.


For a sustainable result it's best to be involved early in the process, helping to find the right strategy and tools for your project. Because not everything possible might be the best decision for the task at hand.

I write technically sound concepts with your existing back end architecture in mind. I also strongly believe that both security and usability play an important role on the web.

As I really care about the open web, sharing my knowledge is part of my work: I'm contribute to open source projects on GitHub, write and speak about web-development and attend conferences to stay in touch with other developers. Since 2011 I'm also organizing the local JavaScript meet-up Cologne.js.

As I do most of my articles and talks in my mother-tongue, you can get the complete list on the German version of this website. However, everything written in English is listed below and I plan to write and speak more in English as well.



Login failed. Retry? – Website authentication methods and UX

Website authentication can become quite peculiar at times, both from a technical and user experience view. Addressing some of the bad practices, I present a few suggestions to improve the situation and make it easier for your users to login with your site.

Digital self-defense – Mitigate Clickjacking and XSS attacks with HTTP headers

Web security is for the most part an unloved stepchild for most developers, but in this talk I‘ll show you how at least two typical attack scenarios - clickjacking and injection of unwanted resources – can be mitigated with little effort and what Content-Security-Policy offers in modern browsers.

(This is the English version of my talk „Digitale Selbstverteidigung“, which I held spontaneously at JS Unconf 2014.)

Running Node.js apps in production

At JS Unconf 2014 I talked about pros and cons of different deployment techniques for your Node.js application, what makes a good startup script and how to keep downtime to a minimum during deployment.

The second part is about handling errors and exceptions without letting your entire application crash. Metrics and log files help you to understand, how your application behaves in production, but as grepping through tons logfiles can be cumbersome, I‘ll show you why Elasticsearch and Logstash might be a good alternative for you.