SSE Delivery Analysis

Measuring Server-Sent Events delivery across Origin and Akamai CDN

Akamai adds only ~20ms overhead with proper configuration
GitHub Repository Run Live Test
Node.js 22 Express OpenTelemetry Akamai CDN Kubernetes (LKE) HAProxy Ingress Prometheus Grafana + Tempo

The SSE Renaissance

Server-Sent Events — a W3C spec from 2006 — has become the protocol powering every major LLM streaming interface.

OpenAI
ChatGPT
Anthropic
Claude
Google
Gemini
xAI
Grok
text/event-stream
💻
Enterprise Apps
📱
Chat Interfaces
API Integrations
📊
Real-time Dashboards
ProviderProtocolUse Case
OpenAI (ChatGPT)text/event-streamToken streaming for completions
Anthropic (Claude)text/event-streamStreaming message responses
Google (Gemini)text/event-streamReal-time model output
xAI (Grok)text/event-streamStreaming chat completions
Coheretext/event-streamStreaming chat + embeddings
$8.8B → $71.1B Enterprise LLM market projected growth by 2034 — 78% of organizations adopting AI. SSE is the delivery protocol.

The Problem

Standard web delivery assumptions break down with Server-Sent Events. Most organizations deploying LLM applications inherit SSE infrastructure requirements they don't understand.

CDNs buffer responses by default
Designed for complete HTTP responses, CDNs accumulate data before forwarding — breaking the real-time nature of SSE token streaming.
🛡
WAFs can't inspect streaming responses
Traditional request/response inspection models fail with long-lived, chunked streams that deliver data continuously.
Rate limiters conflate connections with events
A single SSE connection carrying 10,000 events per hour appears as one HTTP request to traditional rate limiting.
🤖
Bot detectors flag legitimate API clients
Programmatic SSE consumers lack browser telemetry — no cookies, no JavaScript execution, no mouse movements.
Idle timeouts kill long-lived streams
CDN defaults (Akamai: 120-500s, Cloudflare: 100s) silently terminate SSE connections that appear idle between events.
Zero origin offload. Unlike traditional HTTP where CDN caching can absorb 80-99% of traffic, every SSE stream requires a persistent origin connection. The CDN provides security, geographic optimization, and TLS offload — but the origin must be sized for full connection load.

Test Architecture

Two delivery paths measured with identical SSE payloads. Each event carries a server-side high-resolution timestamp for precise latency measurement.

Origin
Test Client
HAProxy
SSE Server Pod
Akamai
Test Client
Akamai CDN
HAProxy
SSE Server Pod
Linode LKE (us-ord) 1 Server Pod OTel Collector → Tempo Prometheus → Grafana

Live Path Comparison

Simultaneous SSE streams on both paths. Same event IDs, same client clock — which path delivers each event first?

100ms
256B
30s

Origin (origin-sse.connected-cloud.io)

StatusIdle
TTFB
Events0
Avg Latency
Jitter
P99

Akamai (sse.connected-cloud.io)

StatusIdle
TTFB
Events0
Avg Latency
Jitter
P99
Origin Wins0
Akamai Wins0
Ties0
Mean Delta
Median Delta
Event Delivery Delta (Origin vs Akamai)
IDOriginAkamaiDeltaWinner
Start a comparison to see matched event pairs...

Live Connection Traces

Connection phase breakdown for both paths via Resource Timing API. Run a comparison to populate.

Origin Path

Waiting for test...

Akamai Path

Waiting for test...

Benefits & Drawbacks

CDN delivery for SSE provides real security and connectivity value, but the traditional caching model doesn't apply. Here's what you gain and what you give up.

Benefits

CapabilityDetail
TLS Termination at EdgeClients negotiate TLS with nearest edge PoP — lower handshake latency, reduced origin TLS load
DDoS AbsorptionEdge absorbs volumetric and connection-flood attacks before they reach origin
Bot ManagementBehavioral detection and challenge mechanisms filter malicious clients at edge
WAF (Request Inspection)Request headers, query params, and POST bodies inspected at edge before forwarding
Observability (DataStream)Per-connection logging, timing data, and real-time telemetry without instrumenting origin
Global DNS & RoutingAnycast DNS routes clients to optimal edge PoP — lower RTT for geographically distributed users

Drawbacks

LimitationDetail
Zero Connection OffloadEvery client SSE connection requires a corresponding origin connection — 0% cache hit rate
Latency Overhead (~20ms)Edge-to-origin hop adds measurable latency to every event delivery
Buffering by DefaultWithout advanced metadata configuration, edge buffers responses — breaking real-time delivery
1:1 Origin ConnectionsNo connection coalescing — origin must be sized for full concurrent client count
WAF Can't Inspect StreamsResponse body inspection fails on chunked, long-lived streams — must exempt SSE paths
Advanced Config RequiredCritical settings (buffer-response-v2, chunk-to-client) require PS engagement — not in Property Manager UI

Akamai CDN Configuration Guide

Critical configuration required to deliver SSE through Akamai without buffering. Advanced metadata requires Professional Services engagement.

Property Manager Rule Tree
Default Rule ├── Origin: origin-sse.connected-cloud.io:443 (TLS) ├── CP Code: sse-cdn ├── Allow Transfer Encoding: enabled │ └── Match: /events path ├── Caching: NO_STORE ├── Downstream Cache: BUST ├── Allow Transfer Encoding: enabled └── Advanced Metadata: ├── chunk-to-client: on ├── buffer-response-v2: off ├── forward-chunk-boundary-alignment: on ├── lma.origin-edge: off └── lma.edge-browser: off
Required Behaviors
BehaviorSettingPurposeUI Available?
CachingNO_STOREPrevent edge caching of SSEYes
Downstream CacheBUSTPrevent client/intermediate cachingYes
Allow Transfer EncodingenabledEnable chunked transferYes
Response BufferoffDisable edge response bufferingNo (metadata)
Origin Timeout600sAllow long-lived SSE connectionsProduct-dependent
Advanced Metadata (Critical for SSE)

These behaviors are not available in Property Manager UI and require Akamai PS or TAM engagement. Without them, the edge buffers SSE responses, breaking real-time delivery.

Metadata TagValueEffect
http.buffer-response-v2offDisables edge response buffering — events forwarded immediately
http.chunk-to-clientonEnables chunked encoding to the client
http.forward-chunk-boundary-alignmentonPreserves chunk boundaries from origin
lma.origin-edgeoffDisables last-mile acceleration (origin to edge)
lma.edge-browseroffDisables last-mile acceleration (edge to browser)
WAF / App & API Protector Considerations
ConcernImpact on SSERecommendation
Response body inspectionCannot buffer streaming responseExempt /events from response inspection
Rate limiting1 SSE connection = 1 HTTP requestLimit per-connection, not per-request
Bot detectionAPI clients lack browser signalsWhitelist SSE client User-Agents
Slow POST detectionLong-lived connections appear idleIncrease thresholds for SSE paths
Timeout Management
LayerDefaultSSE SettingConfiguration
Edge → Client120s<120s heartbeatServer sends : heartbeat every 15-30s
Edge → Origin120s600sOrigin timeout behavior
HAProxy30s600s+timeout-server, timeout-tunnel
Browser EventSourceauto-reconnect3000msServer sends retry: 3000

HTTP/2 Multiplexing: Edge to Origin

With HTTP/1.1, every SSE client stream requires a separate TCP+TLS connection from Akamai edge to origin. HTTP/2 multiplexes all streams over a single connection — eliminating redundant handshakes and reducing origin connection pressure.

H1 to Origin (Default)

Stream 1: Browser → Akamai → TCP+TLS → NGINX → Express
Stream 2: Browser → Akamai → TCP+TLS → NGINX → Express
Stream 3: Browser → Akamai → TCP+TLS → NGINX → Express
N streams = N TCP connections

H2 to Origin

Stream 1: Browser → Akamai → H2 TCP+TLS → NGINX → Express
Stream 2: Browser → Akamai → H2 (reuse) → NGINX → Express
Stream 3: Browser → Akamai → H2 (reuse) → NGINX → Express
N streams = 1 TCP connection

Live H2 Multiplexing Test

Open N concurrent SSE streams via both H1 and H2 origin paths through Akamai simultaneously. The per-stream TTFB waterfall reveals the multiplexing benefit: H2 streams 2–N skip TCP+TLS setup.

5
500ms
15s

H1 to Origin (default)

StatusIdle
Mean TTFB
Streams0
Events0
Avg Latency
Jitter
Stream TTFB Waterfall

H2 to Origin (/h2/events)

StatusIdle
Mean TTFB
Streams0
Events0
Avg Latency
Jitter
Stream TTFB Waterfall
H1 Mean TTFB
H2 Mean TTFB
Speedup
Matched Events0
Mean Delta
Event Delivery Delta (H1 vs H2 Origin)

Origin Connections

Unique Sockets
Active Streams

Multiplexing Ratio

Streams / Socket
Configure test parameters and click Start Test to compare H1 vs H2 origin connection behavior.
Coming Soon

Distributed SSE Delivery

Moving event generation to the edge. Instead of proxying every stream back to origin, distribute SSE publishing across edge compute nodes.

Edge-Native Publishing

SSE events generated at edge PoPs — zero origin round-trip for event delivery.

Event Fan-Out

Pub/sub backbone distributes events across edge nodes — single publish, global delivery.

True Offload

Origin publishes events once — edge handles all client connections. From 0% to near-100% offload.