HighFile-scopeRust Plug & play

Immutable cache and Vary for precompressed files

Serve precompressed .br/.gz variants when the client sends Accept-Encoding, set "Vary: Accept-Encoding", and apply immutable caching for hashed assets; keep HTML revalidatable.

Add to Mesrai Open workspace

Why this matters

Precompressed delivery reduces CPU and latency; Vary ensures correct CDN caching.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

HttpServer::new(|| App::new().service(Files::new("/assets","./public"))) // no headers

Prefer

HttpServer::new(|| App::new().wrap_fn(|req, srv|{ / set Vary and Cache-Control based on path / srv.call(req) }).service(Files::new("/assets","./public"))

More snippets

Good

res.insert_header(("Vary","Accept-Encoding"))

Bad

Files::new("/assets","./public") // defaults

Related rules

From the same buckets as this rule.

Critical
Fingerprint assets and cache immutably
All static JS/CSS/font/image files MUST use content-hashed filenames (e.g., app.9c1a7b.js) and be served with "Cache-Control: public, max-age=31536000, immutable". HTML and other non-fingerprinted documents MUST be served with "Cache-Control: no-cache" (or equivalent) to enable conditional revalidation.
web-static-assetscaching-strategy+2
High
Compress text assets with Brotli/Gzip and set Vary
Serve text-based assets (JS, CSS, JSON, SVG) with Brotli (br) when the client sends "Accept-Encoding: br" and fallback to gzip. Always set "Vary: Accept-Encoding" and do NOT compress already-compressed formats (e.g., .png, .jpg, .woff2).
web-static-assetsperformance-efficiency+1
High
Immutable cache for hashed assets, no-cache for HTML
In Express, use serve-static with setHeaders to apply "Cache-Control: public, max-age=31536000, immutable" for files matching /\.[0-9a-f]{8,}\./ and "Cache-Control: no-cache" for HTML. Also set correct Content-Type.
web-static-assetscaching-strategy+1

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

HttpServer::new(|| App::new().service(Files::new("/assets","./public"))) // no headers

Prefer

HttpServer::new(|| App::new().wrap_fn(|req, srv|{ / set Vary and Cache-Control based on path / srv.call(req) }).service(Files::new("/assets","./public"))

More snippets

Good

res.insert_header(("Vary","Accept-Encoding"))

Bad

Files::new("/assets","./public") // defaults

Related rules

From the same buckets as this rule.

Critical

Fingerprint assets and cache immutably

All static JS/CSS/font/image files MUST use content-hashed filenames (e.g., app.9c1a7b.js) and be served with "Cache-Control: public, max-age=31536000, immutable". HTML and other non-fingerprinted documents MUST be served with "Cache-Control: no-cache" (or equivalent) to enable conditional revalidation.

web-static-assetscaching-strategy+2

High

Compress text assets with Brotli/Gzip and set Vary

Serve text-based assets (JS, CSS, JSON, SVG) with Brotli (br) when the client sends "Accept-Encoding: br" and fallback to gzip. Always set "Vary: Accept-Encoding" and do NOT compress already-compressed formats (e.g., .png, .jpg, .woff2).

web-static-assetsperformance-efficiency+1

High

Immutable cache for hashed assets, no-cache for HTML

In Express, use serve-static with setHeaders to apply "Cache-Control: public, max-age=31536000, immutable" for files matching /\.[0-9a-f]{8,}\./ and "Cache-Control: no-cache" for HTML. Also set correct Content-Type.

web-static-assetscaching-strategy+1