diff --git a/netlify.toml b/netlify.toml
index 72ac9b9d5f..a1680b2fff 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -1,6 +1,3 @@
 [build]
   command = "npm run build"
   publish = "dist"
-
-[build.environment]
-  NODE_OPTIONS = "--max-old-space-size=4096"
diff --git a/package.json b/package.json
index 06aab853a3..6ed5fe76c9 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,7 @@
   },
   "scripts": {
     "dev": "astro dev",
-    "build": "astro build",
+    "build": "NODE_OPTIONS=--max-old-space-size=4096 astro build",
     "preview": "astro preview",
     "astro": "astro",
     "lint": "eslint .",
diff --git a/src/config/redirect.js b/src/config/redirect.js
index c6a4bae5d9..c087453300 100644
--- a/src/config/redirect.js
+++ b/src/config/redirect.js
@@ -1,69 +1,64 @@
-// Redirect .html and non-.html blog post URLs to the new format. This will ensure that any existing links to blog posts will continue to work and redirect users to the correct location on the new site.
+// Legacy/external URL remaps that can't be derived from the content collections:
+// old blog permalinks, links to the archived v2 docs, and the changelog page
+// that now lives on GitHub.
+//
+// Everything else is handled elsewhere, so it's intentionally absent here:
+//   - The systematic "non-localized path → /en/…" redirects (guides, resources,
+//     api, blog posts) are generated from the content collections by
+//     `src/pages/[...path].astro`.
+//   - Stripping the `.html` extension is handled by Cloudflare, so paths are
+//     written without it (e.g. `/2x/guide`, not `/2x/guide.html`).
+
 const blog = {
-  '/2024/07/16/welcome-post.html': '/en/blog/2024-07-16-welcome-post',
+  '/blog/posts': '/en/blog',
   '/2024/07/16/welcome-post': '/en/blog/2024-07-16-welcome-post',
-  '/2024/09/29/security-releases.html': '/en/blog/2024-09-29-security-releases',
   '/2024/09/29/security-releases': '/en/blog/2024-09-29-security-releases',
-  '/2024/10/01/HeroDevs-partnership-announcement.html':
-    '/en/blog/2024-10-01-herodevs-partnership-announcement',
   '/2024/10/01/HeroDevs-partnership-announcement':
     '/en/blog/2024-10-01-herodevs-partnership-announcement',
   '/2024/10/15/v5-release': '/en/blog/2024-10-15-v5-release',
-  '/2024/10/15/v5-release.html': '/en/blog/2024-10-15-v5-release',
-  '/2024/10/22/security-audit-milestone-achievement.html':
-    '/en/blog/2024-10-22-security-audit-milestone-achievement',
   '/2024/10/22/security-audit-milestone-achievement':
     '/en/blog/2024-10-22-security-audit-milestone-achievement',
-  '/2025/01/09/rewind-2024-triumphs-and-2025-vision.html':
-    '/en/blog/2025-01-09-rewind-2024-triumphs-and-2025-vision',
   '/2025/01/09/rewind-2024-triumphs-and-2025-vision':
     '/en/blog/2025-01-09-rewind-2024-triumphs-and-2025-vision',
-  '/2025/03/31/v5-1-latest-release.html': '/en/blog/2025-03-31-v5-1-latest-release',
   '/2025/03/31/v5-1-latest-release': '/en/blog/2025-03-31-v5-1-latest-release',
-  '/2025/05/16/express-cleanup-legacy-packages.html':
-    '/en/blog/2025-05-16-express-cleanup-legacy-packages',
   '/2025/05/16/express-cleanup-legacy-packages':
     '/en/blog/2025-05-16-express-cleanup-legacy-packages',
-  '/2025/05/19/security-releases.html': '/en/blog/2025-05-19-security-releases',
   '/2025/05/19/security-releases': '/en/blog/2025-05-19-security-releases',
-  '/2025/06/05/vulnerability-reporting-process-overhaul.html':
-    '/en/blog/2025-06-05-vulnerability-reporting-process-overhaul',
   '/2025/06/05/vulnerability-reporting-process-overhaul':
     '/en/blog/2025-06-05-vulnerability-reporting-process-overhaul',
-  '/2025/07/18/security-releases.html': '/en/blog/2025-07-18-security-releases',
   '/2025/07/18/security-releases': '/en/blog/2025-07-18-security-releases',
-  '/2025/07/31/security-releases.html': '/en/blog/2025-07-31-security-releases',
   '/2025/07/31/security-releases': '/en/blog/2025-07-31-security-releases',
-  '/2025/12/01/security-releases.html': '/en/blog/2025-12-01-security-releases',
   '/2025/12/01/security-releases': '/en/blog/2025-12-01-security-releases',
-  '/2026/02/27/security-releases.html': '/en/blog/2026-02-27-security-releases',
   '/2026/02/27/security-releases': '/en/blog/2026-02-27-security-releases',
-  '/2026/03/30/security-releases.html': '/en/blog/2026-03-30-security-releases',
   '/2026/03/30/security-releases': '/en/blog/2026-03-30-security-releases',
 };
 
 const api_v2 = {
   '/2x/': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/guide.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/migrate.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/screencasts.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/executables.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/contrib.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/applications.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/docs.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/docs/guide.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/docs/migrate.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/docs/screencasts.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/docs/executables.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/docs/contrib.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
-  '/2x/docs/applications.html': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/guide': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/migrate': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/screencasts': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/executables': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/contrib': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/applications': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/docs': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/docs/guide': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/docs/migrate': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/docs/screencasts': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/docs/executables': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/docs/contrib': 'https://github.com/expressjs/expressjs.com/tree/2x',
+  '/2x/docs/applications': 'https://github.com/expressjs/expressjs.com/tree/2x',
 };
 
 const pages = {
-  '/en/changelog/4x.html': 'https://github.com/expressjs/express/releases',
+  '/changelog/4x': 'https://github.com/expressjs/express/releases',
   '/en/changelog/4x': 'https://github.com/expressjs/express/releases',
 };
 
-const redirects = { ...blog, ...api_v2, ...pages };
+const redirects = {
+  ...blog,
+  ...api_v2,
+  ...pages,
+};
 
 export default redirects;
diff --git a/src/pages/[...path].astro b/src/pages/[...path].astro
new file mode 100644
index 0000000000..5149a115f4
--- /dev/null
+++ b/src/pages/[...path].astro
@@ -0,0 +1,76 @@
+---
+// English redirects for every content collection.
+//
+// The site serves all content under `/[lang]/…`, so a bare path with no locale
+// prefix (an old inbound link, or what's left after Cloudflare strips `.html`)
+// has no page of its own. This catch-all enumerates the same collections the
+// real routes use via `getCollection`, so the slugs always match the generated
+// pages, and redirects each one to its `/en/` home.
+//
+// The redirect HTML is rendered by hand (rather than `Astro.redirect`) so the
+// meta refresh fires instantly (`0;`) — Astro's static `Astro.redirect` helper
+// hardcodes a 2-second delay, which is a poor redirect experience.
+import { getCollection } from 'astro:content';
+import { DEFAULT_VERSION } from '@config/versions';
+
+export async function getStaticPaths() {
+  const [docs, pages, api, blog] = await Promise.all([
+    getCollection('docs'),
+    getCollection('pages'),
+    getCollection('api'),
+    getCollection('blog'),
+  ]);
+
+  /** @type {Set<string>} */
+  const slugs = new Set();
+
+  /** @param {string} slug */
+  const add = (slug) => {
+    if (!slug) return;
+    slugs.add(slug);
+    // Pages served at the default version are also available unversioned,
+    // e.g. `5x/starter/installing` → `starter/installing`.
+    if (slug.startsWith(`${DEFAULT_VERSION}/`)) {
+      slugs.add(slug.slice(DEFAULT_VERSION.length + 1));
+    }
+  };
+
+  // `docs` (versioned guides/starter/…) and `pages` (resources, support, …)
+  // both embed the language as the first id segment; only English is canonical.
+  for (const entry of [...docs, ...pages]) {
+    const [lang, ...rest] = entry.id.split('/');
+    if (lang !== 'en') continue;
+    add(rest.join('/'));
+  }
+
+  // `api` is a shared collection with `<version>/<rest>` ids and no language.
+  for (const entry of api) {
+    add(entry.id);
+  }
+
+  // `blog` is served under `/[lang]/blog/<slug>`.
+  for (const entry of blog) {
+    slugs.add(`blog/${entry.id}`);
+  }
+  slugs.add('blog');
+
+  return [...slugs].map((path) => ({ params: { path } }));
+}
+
+const target = `/en/${Astro.params.path}`;
+const canonical = new URL(target, Astro.site).href;
+---
+
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Redirecting to {target}</title>
+    <meta http-equiv="refresh" content={`0;url=${target}`} />
+    <meta name="robots" content="noindex" />
+    <link rel="canonical" href={canonical} />
+  </head>
+  <body>
+    <a href={target}>Redirecting to <code>{target}</code></a>
+  </body>
+</html>