Vladislav Kochkin

Vladislav Kochkin

Software Engineer
Different Language
Frontend development
  • Created: May 11, 2026

[Frontend Performance Architecture in 2026, Part 2: Edge Rendering, Server Actions, and Performance Monitoring]

Analyze with AI

Get AI-powered insights from this Mad Devs tech article:

Part 1 covered the rendering model: React Server Components, streaming with Suspense, code splitting, and how to choose between SSG, ISR, SSR, and CSR. Those patterns move work from the browser to the server. This part addresses the next constraint: even a fast server is still far away.

A response generated in 80ms on a Virginia origin takes 150ms just to reach a user in Singapore – before the browser sees a single byte. Edge rendering places request-handling logic at CDN nodes close to the user, cutting that physical distance down. From there, the guide covers how Islands architecture compares to RSC as a framework choice, how to draw server/client boundaries that hold under production pressure, and how to measure whether all of the above actually improves outcomes for real users on real devices.

Edge rendering – moving computation closer to the user

Copy link

Network latency is physical. As we mentioned, a request from Singapore to a server in Virginia adds 150-200ms before any computation happens. Edge functions execute at CDN nodes geographically close to the user, cutting that round-trip to 10-50ms.

What edge is suited for. Edge runtimes impose meaningful constraints: no Node.js built-ins, no filesystem access, no persistent DB connections, and memory limits that vary by provider (Vercel Edge Functions, Cloudflare Workers, Netlify Edge Functions, and Deno Deploy all have different ceilings – consult your provider's documentation rather than assuming a fixed number). Given these constraints, edge works well for:

  • Request routing, rewriting, and redirects.
  • Locale and A/B variant assignment based on cookies or headers.
  • Stateless auth token validation (JWT signature checks, session cookie parsing – not permission lookups requiring a DB read).
  • Lightweight personalization decisions from cookie or geolocation data.
  • Cache key generation and cache control header injection.

For database access, ORM queries, heavy computation, or anything requiring Node.js built-ins, use the origin.

Edge middleware in Next.js.

// middleware.ts -- runs at the edge before the request reaches origin

import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'
import { detectLocale } from '@/lib/locale' // stateless, no DB call

export function middleware(request: NextRequest) {
  const url = request.nextUrl.clone()
  const pathname = url.pathname

  // Skip static files and API routes
  if (
    pathname.startsWith('/_next') ||
    pathname.startsWith('/api') ||
    pathname.includes('.')
  ) {
    return NextResponse.next()
  }

  const locale = detectLocale(request.headers.get('accept-language'))
  const hasLocalePrefix = /^\/(en|de|fr|ja)/.test(pathname)

  if (!hasLocalePrefix) {
    url.pathname = `/${locale}${pathname}`
    return NextResponse.redirect(url)
  }

  return NextResponse.next()
}

export const config = {
  matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
}

Provider-specific edge APIs. Geolocation headers and other request enrichments are provider-specific. The following example works on Vercel; Cloudflare Workers and other platforms expose the same data through different APIs.

// app/api/geo/route.ts -- edge function, Vercel-specific headers

export const runtime = 'edge'

export async function GET(request: Request) {
  // These headers are injected by the Vercel edge network.
  // On Cloudflare Workers, use request.cf.country / request.cf.city instead.
  const country = request.headers.get('x-vercel-ip-country') ?? 'US'
  const city = request.headers.get('x-vercel-ip-city') ?? ''

  return Response.json({ country, city })
}

Edge caching strategy. Use stale-while-revalidate for content that tolerates brief staleness:

// app/api/products/route.ts
// This is an origin route with CDN caching headers -- not an edge runtime route.
// Database access (db.products.findPublished()) runs at the origin.
// The CDN caches and serves the response; edge functions handle routing,
// not data access.

export async function GET() {
  const products = await db.products.findPublished()

  return Response.json(products, {
    headers: {
      'Cache-Control': 'public, s-maxage=60, stale-while-revalidate=600',
    },
  })
}

Islands architecture vs RSC: when to choose what

Copy link

Islands architecture and React Server Components solve related problems differently.

Islands architecture. Popularized by Astro and implemented in Fresh, Eleventy, and others: start from fully static HTML, embed interactive JavaScript "islands" only where interactivity is required. The mental model is a static ocean with JavaScript islands. The default for any component is zero JS.

---
// Astro component -- server-only by default, zero JS sent to browser
const products = await fetchProducts()
---

<main>
  <h1>Products</h1>
  {products.map(p => (
    <article>
      <h2>{p.name}</h2>
      <p>{p.description}</p>
    </article>
  ))}

  <!--
    client:load -- this component ships JS and hydrates on page load
    client:visible -- hydrates when element enters the viewport
    client:idle -- hydrates when the browser is idle
  -->
  <ShoppingCart client:visible />
</main>

React Server Components. A React-native model: a unified component tree with explicit server/client boundaries set by 'use client'. The mental model is a React tree where most nodes run on the server, and only the interactive leaves hydrate on the client.

When to choose Islands architecture:

  • Content is primarily static or document-like (marketing sites, documentation, editorial).
  • You want to minimize JavaScript as a first principle, not as an optimization.
  • Your team is not invested in the React ecosystem.
  • You need fine-grained control over hydration timing per component.

When to choose the React Server Components vs Client Components model (RSC):

  • The application has substantial dynamic, personalized, or data-driven content.
  • Your team is building in React and Next.js.
  • You need composability between server-fetched data and interactive components.
  • Complex routing, form logic, or shared state management benefits from React's ecosystem.

Decision matrix:

DIMENSION ISLANDS RSC
JS for static content Zero Zero (server components)
Hydration timing control Per-island (client:idle, client:visible) Per client subtree, at load
Data fetching Build-time or per-component server-side Server-side, co-located in the component
Framework coupling Framework-agnostic React-specific
Ecosystem Astro, Fresh, Eleventy Next.js, Remix, custom RSC server
State sharing between islands Requires explicit store React Context works within the client subtree
Best for Static-first, content-heavy sites App-like, data-heavy products

The patterns are composable. Astro supports React components, including RSC-compatible patterns. Some teams use Astro for marketing surfaces and Next.js for application surfaces, routing between them at the CDN level.

Designing server/client boundaries and Server Actions in practice

Copy link

The hardest part of working with Next.js server components vs client components is not understanding the concepts – it is placing the boundary correctly in real features, and keeping it from drifting as the codebase grows.

A boundary placed too high forces interactive components to be server components, which fails at build time. A boundary placed too low pushes too much into the client bundle, which defeats the purpose.

Boundary placement rule. Start with everything as a server component. Move to 'use client' only when the component needs one of these:

  • Browser APIs (window, document, navigator, localStorage).
  • Event handlers (onClick, onChange, onSubmit).
  • React state or effects (useState, useReducer, useEffect, useRef).
  • Client-only libraries (animation, WebGL, WebRTC, canvas).

Serialization constraint. Props crossing the server/client boundary must serialize to JSON. Functions, class instances, and non-serializable objects cannot be passed as props from server to client.

// This fails at build time -- functions are not serializable
<ClientComponent onLoad={serverSideFunction} />

// Pass serializable data instead; define callbacks inside the client component
<ClientComponent config={{ mode: 'advanced', limit: 50 }} />

Server Actions. Server Actions are async functions marked with 'use server' that execute on the server, called from client components without a manually defined API route. The request/response cycle crosses the network automatically.

// actions/cart.ts -- Server Action file

'use server'

import { z } from 'zod'
import { db } from '@/lib/db'
import { getSession } from '@/lib/auth'
import { revalidateTag } from 'next/cache'
import { rateLimit } from '@/lib/rate-limit'

const AddToCartSchema = z.object({
  productId: z.string().uuid(),
  quantity: z.number().int().min(1).max(99),
})

export async function addToCart(productId: string, quantity: number) {
  // 1. Authentication -- verify the caller is logged in
  const session = await getSession()
  if (!session) throw new Error('Not authenticated')

  // 2. Rate limiting -- prevent abuse
  const rateLimitOk = await rateLimit(`cart:${session.userId}`, {
    requests: 20,
    window: '1m',
  })
  if (!rateLimitOk) throw new Error('Too many requests')

  // 3. Input validation -- never trust client-supplied data
  const parsed = AddToCartSchema.safeParse({ productId, quantity })
  if (!parsed.success) throw new Error('Invalid input')

  // 4. Authorization -- verify the product exists and is purchasable
  const product = await db.products.findById(parsed.data.productId)
  if (!product || !product.published) throw new Error('Product not available')

  // 5. Mutation
  await db.cartItems.upsert({
    where: {
      userId_productId: {
        userId: session.userId,
        productId: parsed.data.productId,
      },
    },
    update: { quantity: { increment: parsed.data.quantity } },
    create: {
      userId: session.userId,
      productId: parsed.data.productId,
      quantity: parsed.data.quantity,
    },
  })

  // 6. Cache invalidation
  revalidateTag(`cart-${session.userId}`)
}
// components/AddToCartButton.tsx -- Client Component using the Server Action

'use client'

import { useState, useTransition } from 'react'
import { addToCart } from '@/actions/cart'

export function AddToCartButton({
  productId,
  stock,
}: {
  productId: string
  stock: number
}) {
  const [quantity, setQuantity] = useState(1)
  const [error, setError] = useState<string | null>(null)
  const [isPending, startTransition] = useTransition()

  function handleClick() {
    setError(null)
    startTransition(async () => {
      try {
        await addToCart(productId, quantity)
      } catch (err) {
        setError(err instanceof Error ? err.message : 'Something went wrong')
      }
    })
  }

  return (
    <div>
      <div>
        <button
          onClick={() => setQuantity(q => Math.max(1, q - 1))}
          disabled={isPending}
        >
          -
        </button>
        <span>{quantity}</span>
        <button
          onClick={() => setQuantity(q => Math.min(stock, q + 1))}
          disabled={isPending}
        >
          +
        </button>
      </div>
      <button
        onClick={handleClick}
        disabled={isPending || stock === 0}
      >
        {isPending ? 'Adding...' : stock === 0 ? 'Out of stock' : 'Add to cart'}
      </button>
      {error && <p className="error-message">{error}</p>}
    </div>
  )
}

The Server Action above includes the full security surface: authentication, rate limiting, input validation, and authorization. Skipping any of these in production is a vulnerability, not a simplification.

Common production failure modes.

'use client' propagates down the import tree. Once a component is a Client Component, everything it imports must be client-compatible. A server-only module imported inside a client component either fails at build time (if you use server-only) or silently bundles server code in the browser bundle (if you do not). Always import server-only in modules that should never reach the client.

Server Actions are POST endpoints behind the scenes. Next.js applies same-origin checks by default, comparing the Origin header against Host / x-forwarded-host. Deployments behind reverse proxies or serving from multiple domains should explicitly configure serverActions.allowedOrigins in next.config.js to prevent unauthorized cross-origin invocations.

Performance metrics and monitoring tools

Copy link

Architectural changes only deliver value if they improve measurable outcomes for real users on real devices.

Core Web Vitals in 2026. As of 2026, the commonly used Core Web Vitals thresholds remain:

METRIC GOOD NEEDS IMPROVEMENTS POOR
LCP (Largest Contentful Paint) < 2.5s 2.5–4.0s > 4.0s
INP (Interaction to Next Paint) < 200ms 200–500ms > 500ms
CLS (Cumulative Layout Shift) < 0.1 0.1–0.25 > 0.25

INP replaced FID as a Core Web Vital in March 2024. It measures responsiveness across all interactions throughout the page lifecycle, not just the first one.

Measuring in the field. Lab tools like Lighthouse measure under controlled conditions on simulated hardware. Real user monitoring captures performance on the actual devices and networks your users have. The gap is commonly 2-4x for mid-range mobile hardware.

// components/WebVitalsMonitor.tsx -- RUM instrumentation
// Mount this in app/layout.tsx inside <body>

'use client'

import { useEffect } from 'react'
import { onCLS, onINP, onLCP, type Metric } from 'web-vitals'

function sendToAnalytics(metric: Metric) {
  const body = JSON.stringify({
    name: metric.name,
    value: metric.value,
    rating: metric.rating, // 'good' | 'needs-improvement' | 'poor'
    delta: metric.delta,
    id: metric.id,
  })

  // sendBeacon is preferred -- it survives page unload
  navigator.sendBeacon
    ? navigator.sendBeacon('/api/vitals', new Blob([body], { type: 'application/json' }))
    : fetch('/api/vitals', { method: 'POST', body, headers: { 'Content-Type': 'application/json' }, keepalive: true })
}

export function WebVitalsMonitor() {
  useEffect(() => {
    onCLS(sendToAnalytics)
    onINP(sendToAnalytics)
    onLCP(sendToAnalytics)
  }, [])

  return null
}

Server-side observability. Next.js 14+ supports an instrumentation.ts hook that runs before the server starts, making it the right place to initialize OpenTelemetry. Register your SDK and OTLP exporter there; configure your provider (Datadog, Grafana Tempo, Honeycomb) according to their documentation. Instrumenting individual Server Component spans requires additional span creation around data-fetching calls – instrumentation.ts handles SDK setup, not per-component tracing automatically. The Next.js OpenTelemetry guide covers the full setup.

Performance checklist for RSC applications. This performance checklist covers the decisions that most commonly cause regressions in RSC-based Next.js deployments. Use it as a pre-ship audit for how to improve core web vitals in production.

INITIAL BUNDLE
[ ] Client bundle < 150 KB gzipped for initial route (content/commerce routes); treat as benchmark for complex app surfaces
[ ] No server-only modules (ORM, fs, crypto) in client chunks -- verified with bundle analyzer
[ ] 'server-only' imported in all server-side utility modules
[ ] Heavy libraries (charts, editors, date pickers) lazy-loaded via next/dynamic
[ ] Tree-shaking confirmed for lodash, icon libraries, and other barrel-export packages

DATA FETCHING
[ ] Server components fetch data directly from the data access layer (not via internal API routes)
[ ] Independent parallel queries use Promise.all -- no unnecessary serialization
[ ] No request waterfall: parent data available before children render
[ ] Shared data fetched in multiple components is deduplicated (React's fetch deduplication or React.cache)

STREAMING AND SUSPENSE
[ ] Each independently-loading section has its own <Suspense> boundary
[ ] Each <Suspense> is paired with an <ErrorBoundary> for graceful degradation
[ ] Skeleton dimensions match content to prevent CLS on stream completion
[ ] Slow third-party or ML-backed sections isolated behind boundaries
[ ] Infrastructure confirmed to support streaming without buffering

CACHING
[ ] Static pages use ISR with appropriate revalidation interval or tag strategy
[ ] Tag-based revalidation wired to CMS or admin mutations
[ ] Dynamic pages set explicit Cache-Control headers
[ ] Edge caching active for static assets and public API responses

SERVER/CLIENT BOUNDARY
[ ] 'use client' appears at the lowest component that requires it
[ ] Props crossing the boundary are serializable (no functions, class instances)
[ ] Server Actions validated with a schema (zod, valibot, or equivalent)
[ ] Server Actions check authentication and authorization before any mutation
[ ] Rate limiting applied to mutation Server Actions

CORE WEB VITALS
[ ] LCP element identified per route; it has priority={true} and explicit dimensions
[ ] Fonts preloaded with font-display: swap
[ ] CLS measured in field data (not just Lighthouse)
[ ] INP profiled and traced to specific event handlers or long tasks
[ ] Bundle size gates in CI to catch regressions before they ship

Monitoring tools

  • Vercel Analytics / Speed Insights: field CWV segmented by route and device, zero configuration on Vercel.
  • Sentry Performance: distributed tracing from browser through server component render to database.
  • Datadog RUM: high-cardinality segmentation for custom dimensions and enterprise dashboards.
  • Lighthouse CI: lab regression detection in CI pipelines.
  • WebPageTest: filmstrip view and waterfall for diagnosing streaming behavior and TTFB.
  • Chrome DevTools Performance panel: INP root-cause analysis and long task attribution.

The monitoring stack matters less than the discipline of measuring in the field, per route, across device tiers. Desktop Lighthouse scores are a useful starting point. Field data on mid-range Android on 4G is the reality your users live in.

What to take from this

Copy link

Across both parts of this guide, the through-line is the same: the question "where should this work happen?" deserves an explicit answer for every surface, every component, and every deployment decision.

Part 1 addressed the rendering model, defaulting to server execution, isolating slow sections behind Suspense boundaries, lazy-loading expensive components, and choosing the right strategy per page type. Part 2 extended that to the physical dimension: moving request handling closer to the user with edge functions, choosing Islands or RSC based on the nature of the application, drawing server/client boundaries that stay correct under production pressure, and closing the mutation loop with Server Actions.

The decisions that drive the most improvement in practice, taken together:

  • Default to server components; move to 'use client' only at the leaf that requires it.
  • Wrap each independently-loading section in its own Suspense boundary, with an error boundary alongside.
  • Use ISR or streaming to serve most users from cache while keeping content fresh.
  • Place stateless routing and auth validation at the edge; keep data access at the origin.
  • Use Server Actions for mutations with the full security surface: auth, validation, and rate limiting.
  • Monitor field data per route on real device tiers – lab scores and field data diverge significantly on mobile.

The technical work in these guides is half the answer. The other half is measuring consistently enough to know when a change helps and when it does not, and treating mid-range Android on 4G as the benchmark that matters, because that is the device most of your users are actually holding.