While looking at the “first paint” issue, I noticed that the HTML that is generated for the homepage is injecting the entire user object. Is there any way to limit this? What is it used for? We have a lot of data stored against the user. Some of it is confidential that we don’t want the user to see by doing view-source, and some are fields that are potentially huge (like user sessions… there could be (many) thousands of rows that needlessly are loaded from the database and injected into the page.
The injected code is below: