Expressframework~8 mins

Rate limiting with express-rate-limit - Performance & Optimization

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Performance: Rate limiting with express-rate-limit

MEDIUM IMPACT

This affects server response time and user experience by controlling request frequency to prevent overload.

Preventing too many requests from a single user to protect server resources

Express

import rateLimit from 'express-rate-limit';
const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // limit each IP to 100 requests per window
  standardHeaders: true,
  legacyHeaders: false
});
app.use(limiter);

Uses optimized, battle-tested middleware that efficiently tracks requests and rejects excess without blocking.

📈 Performance GainNon-blocking request checks, stable response times, and reduced memory overhead

Preventing too many requests from a single user to protect server resources

Express

app.use((req, res, next) => {
  // Custom naive rate limiting
  if (!req.session.requests) req.session.requests = 0;
  req.session.requests++;
  if (req.session.requests > 100) {
    res.status(429).send('Too many requests');
  } else {
    next();
  }
});

This custom approach stores counts in session and runs on every request without optimization, causing high memory use and potential blocking.

📉 Performance CostBlocks event loop on every request, increasing response time under load

Performance Comparison

Pattern	DOM Operations	Reflows	Paint Cost	Verdict
Custom naive rate limiting	N/A (server-side)	N/A	N/A	[X] Bad
express-rate-limit middleware	N/A (server-side)	N/A	N/A	[OK] Good

Rendering Pipeline

Rate limiting runs on the server before response generation, affecting how quickly the server can send responses under load.

→Request Handling

→Response Generation

⚠️ BottleneckRequest Handling when custom or inefficient rate limiting blocks event loop

Core Web Vital Affected

INP

This affects server response time and user experience by controlling request frequency to prevent overload.

Optimization Tips

1Use optimized middleware like express-rate-limit to avoid blocking the event loop.

2Set reasonable request limits and window durations to balance protection and user experience.

3Monitor 429 responses and response times to ensure rate limiting works without degrading performance.

Performance Quiz - 3 Questions

Test your performance knowledge

What is the main performance benefit of using express-rate-limit middleware over a custom rate limiter?

AIt reduces the size of the client-side bundle.

BIt efficiently tracks requests without blocking the event loop.

CIt improves the browser's paint performance.

DIt eliminates all server response delays.

DevTools: Network

How to check: Open DevTools, go to Network tab, observe response times and status codes under high request volume.

What to look for: Look for 429 status codes indicating rate limiting and stable response times without spikes.