Decouple request from response for SXG

takeaway 2 connections

The biggest mental rewiring required when adopting SXG: stop treating HTTP responses as personalized, request-scoped artifacts. A single signed response is reused for many requests across users, so it must be cache-friendly (public Cache-Control, max-age 120 s – 7 days), contain no server-side personalization, no server-side cookies, and no HSTS. On Rails in particular, this means moving session cookies, avatar/username rendering, CSRF and similar concerns to client-side endpoints.

type

recommendation

takeaway Decouple request from response for SXG

about

Signed Exchanges concept

About making responses cache-friendly enough for SXG.

takeaway Decouple request from response for SXG

from_talk

How I brought LCP down to under 350 ms talk

Mental-model recommendation for adopting SXG successfully.

Provenance

Created in: How I brought LCP down to under 350 ms — wroclove.rb 2024 2026-04-17 23:20