HTTP/2 server push was a well-intentioned failure. 103 Early Hints is the replacement that actually improves real-world performance. Here is how to implement it in Node.js, how to measure the difference, and why most CDNs already support it.
Your dashboard needs live updates, your build pipeline needs progress streams, and your users want to know when something happens without refreshing the page. Here is how to build it with Server-Sent Events: 30 lines of server code, the EventSource API on the client, and Redis pub/sub so it actually scales past one server instance.
Your API returns JSON for everyone, but mobile clients on slow networks want MessagePack, internal services negotiate Protobuf, the browser cache serves HTML for a JSON request because Vary is missing, and the fix is three request headers and one response header you have been ignoring.
A pentest found an XSS hole in your app. Your CDN is not setting HSTS. And your Content-Security-Policy either does not exist or lets everything through. Here is the header-by-header guide to fixing the six headers every production site and API should ship, with working middleware code and a CSP builder that does not make you hate yourself.
Your SPA works fine in development and then every cross-origin request fails in staging with a cryptic CORS error. Here is what the preflight, the three response headers, and the credential flag actually do under the hood, plus a test harness that lets you verify CORS behavior before you deploy.
HTTP/3 fixes head-of-line blocking that HTTP/2 introduced, but most apps will never feel the difference. The wins are concentrated in mobile, lossy networks, and CDN-served static assets. Here is the technical difference, the cases where it actually matters, and the cases where it doesn't.
Server-sent events are a 1.5KB drop-in for streaming notifications, progress, and live updates, and they work through every proxy and CDN that already handles HTTP. WebSockets are the right tool for genuine bidirectional, low-latency traffic. Here is the decision tree and the implementation patterns for each.
Most API developers think “HTTP caching” means putting things in Redis. The browser, the CDN, and your reverse proxy already implement a four-decade-old caching protocol; you just have to set the right headers. Here is the cheat-sheet of Cache-Control, ETag, Last-Modified, and the conditional-request flow that makes JSON endpoints feel instant.