Web Assets & Performance rules

All static JS/CSS/font/image files MUST use content-hashed filenames (e.g., app.9c1a7b.js) and be served with "Cache-Control: public, max-age=31536000, immutable". HTML and other non-fingerprinted documents MUST be served with "Cache-Control: no-cache" (or equivalent) to enable conditional revalidation.

Serve text-based assets (JS, CSS, JSON, SVG) with Brotli (br) when the client sends "Accept-Encoding: br" and fallback to gzip. Always set "Vary: Accept-Encoding" and do NOT compress already-compressed formats (e.g., .png, .jpg, .woff2).

Serve precompressed .br/.gz variants when the client sends Accept-Encoding, set "Vary: Accept-Encoding", and apply immutable caching for hashed assets; keep HTML revalidatable.

In Express, use serve-static with setHeaders to apply "Cache-Control: public, max-age=31536000, immutable" for files matching /\.[0-9a-f]{8,}\./ and "Cache-Control: no-cache" for HTML. Also set correct Content-Type.

Preload render-blocking WOFF2 fonts using <link rel="preload" as="font" type="font/woff2" crossorigin> and define @font-face with "font-display: swap". Only preload fonts used above the fold.

Provide AVIF/WebP fallbacks via <img srcset> with width/height attributes, meaningful sizes, and "loading=lazy" plus "decoding=async". Avoid shipping oversized PNG/JPEG when AVIF/WebP is supported.

Always use the Next.js Image component for images with width/height (or fill) and meaningful alt text. Avoid plain <img> for app assets.

Enable content versioning and long-lived caching via ResourceChain with VersionResourceResolver and set Cache-Control to public, max-age=31536000 for static locations; keep HTML templates non-immutable.

In Kotlin Ktor, install CachingHeaders and Compression. Set immutable caching for hashed resources and no-cache for HTML; include "Vary: Accept-Encoding".

For PHP-served assets, emit the precise Content-Type (e.g., text/css; charset=utf-8, application/javascript, font/woff2) and set immutable caching for hashed files; never apply immutable caching to HTML.

Use next/dynamic with { ssr: false } for large client-only components (maps, editors) and provide a lightweight loading fallback.

For Go static servers, set immutable Cache-Control for hashed files; otherwise set "Cache-Control: no-cache" and support conditional GET via ETag or Last-Modified using file info.

Do not expose full, unminified source maps publicly in production. If source maps are required for error tracking, serve them behind authentication or IP allowlists and set "X-Robots-Tag: noindex".

Serve assets with accurate Content-Type (e.g., text/css, application/javascript, image/avif, image/webp, font/woff2, image/svg+xml) and include charset for text types. Do not default to text/plain or application/octet-stream.

Configure UseStaticFiles with OnPrepareResponse to set "Cache-Control: public, max-age=31536000, immutable" for hashed assets and "no-cache" for HTML; ensure correct Content-Type (e.g., "font/woff2", "text/css").

Declare SEO metadata via export const metadata or generateMetadata; avoid manual <Head> in App Router.

Load fonts via next/font (google or local) and apply on html/body; avoid runtime <link> to fonts that cause FOUT/CLS.