Compression and delivery (gzip/br/zstd)
A quick field guide for deciding when and how to compress HTTP responses. Aligned with RFC 9110 (8.4) for encoding negotiation.
Basics
Clients declare acceptable encodings via Accept-Encoding; servers respond with the chosen Content-Encoding. Vary: Accept-Encoding keeps caches honest.
Key headers
| Header | Role |
|---|---|
| Accept-Encoding | What the client can accept (gzip, br, zstd, identity). q-values express preference. |
| Content-Encoding | What the server actually used. Multiple encodings are listed in order applied. |
| Vary: Accept-Encoding | Tells caches that encoding changes the representation. Required with compression. |
Algorithm traits
Rough compression ratios and CPU costs for common levels. Actual numbers vary by content.
Efficiency (text-heavy payloads)
| Algo | Typical savings | Speed/load | Good for |
|---|---|---|---|
| gzip (level 6–7) | ≈30–70% smaller | Medium. Highest compatibility. | HTML/JS/CSS, JSON APIs, logs. |
| brotli (br, level 5–6) | ≈5–20% better than gzip | Higher CPU. Lower levels are reasonably fast. | Static assets where size matters. |
| zstd (level 3–5) | Similar or slightly better than gzip | Low–medium CPU, fast decompression. | APIs, log/trace shipping, batch delivery. |
Choosing
- Maximum compatibility: gzip. br is broadly supported in modern browsers; zstd support in browsers is still limited.
- Lower CPU for APIs: zstd at low levels (3–5) or default gzip.
- Static files: precompress br/gzip at build time and serve by extension mapping (e.g., via Nginx).
Operational notes
Get the headers and targets right to avoid user-facing breakage.
Checklist
- Do not recompress binaries (images/video/zip). Filter by Content-Type.
- Whenever you set Content-Encoding, also set Vary: Accept-Encoding.
- Range requests operate on the encoded bytes; large downloads may be better uncompressed.
- Check CDN/TLS terminators for auto-recompression to avoid double encoding.
- If you serve multiple encodings of the same resource, ensure the cache key includes the encoding.
Takeaway
Use gzip for compatibility, br for smaller static assets, zstd for fast API/log delivery. Honor Accept-Encoding/Content-Encoding with Vary, and limit compression to texty payloads.