Skip to content 
Incorrectly configured HTTP compression rarely saves time and often creates new problems. I will show specifically how incorrect levels, missing headers, and an unclear compression location drive up TTFB, trigger monitoring alarms, and ultimately slow down users.
Key points
- Levels Distinguish between: moderate on-the-fly, high with pre-compression
- types Correct: Compress text, do not compress images
- Separation static vs. dynamic, caching first
- Header clean: Vary and Accept-Encoding
- Monitoring with TTFB, CPU, and vitals
Why incorrect settings do more harm than good
Compression acts like a simple switch, but high CPU costs can eat up every advantage. If I set Brotli to dynamic responses at levels 9–11, I extend the server time and significantly worsen the TTFB. Especially with HTML views or API responses, this leads to sluggish rendering and frustrates users. Monitoring then reports supposed failures because endpoints respond slowly or with incorrect encodings. I therefore treat compression as a performance feature that I need to calibrate rather than activating it blindly.
Prioritize goals correctly: Reduce payload without TTFB damage
First, I reduce the payload render-critical text resources and pay attention to latency at the same time. Brotli often results in payloads that are 15–21% smaller than Gzip for text files, but the gain is only worthwhile if the CPU time remains within reasonable limits. For dynamic responses, I start conservatively, measure TTFB, and adjust levels in small increments. Pure text assets in the cache consistently gain, while on-the-fly levels that are too high have the opposite effect. The goal remains fast first byte delivery and rapid first contentful paint on real devices.
Common misconfigurations and their side effects
Too high Levels Dynamic content generates CPU spikes, blocks flush points, and significantly delays rendering. Incorrectly maintained content type lists leave CSS, JS, JSON, or SVG uncompressed, while already compressed images consume unnecessary computing time. If there is no separation between static and dynamic content, the server recompresses assets each time, wasting resources. Without Vary: Accept-Encoding, mixed variants end up in the cache, resulting in unreadable responses for clients without the appropriate encoding. In chains with proxies or CDNs, this also leads to double compression, decompression at the wrong hop, and inconsistent headers that are difficult to reproduce.
Gzip vs. Brotli: making a practical decision
I use Breadstick For static text assets with a high level, I keep dynamic responses at a moderate level. For HTML and JSON on-the-fly, I choose Brotli 3–4 or Gzip 5–6 because the ratio of data size to CPU time is usually consistent. I pack pre-compressed CSS/JS/fonts with Brotli 9–11 and deliver them from cache or CDN. If client support is missing, the server falls back cleanly to Gzip or uncompressed. If you want to compare in more detail, you can find a compact overview at Brotli vs. Gzip, including effects on text resources.
| content type | Procedure | Level on the fly | Level Pre-Compression | Note |
|---|---|---|---|---|
| HTML (dynamic) | Brotli or Gzip | Br 3–4 / Gz 5–6 | not common | Set flush points, measure TTFB |
| JSON APIs | Brotli or Gzip | Br 3–4 / Gz 5–6 | not common | Keep headers consistent |
| CSS/JS (static) | Brotli preferred | none | Br 9–11 | pre-compressed caching |
| SVG/Fonts | Brotli preferred | none | Br 9–11 | Check range requests |
Limits: minimum sizes, small responses, and thresholds
Compression is only worthwhile above a certain level. minimum size. Very small HTML snippets or 1–2 kB JSON even grow slightly due to header overhead or dictionary initialization. I therefore set a lower limit (e.g., 512–1024 bytes) below which the server responds uncompressed. At the same time, I limit objects that are too large: several megabytes of high-level text block workers for a long time. In practice, two adjustment screws help: gzip_min_length or equivalent switches and limits for buffers to reduce OOM risks.
MIME types and detection: Maintaining content types correctly
Compression is applied to what is considered Text applies – controlled via MIME types. I keep the list explicit and avoid wildcards. Typical candidates: text/html, text/css, application/javascript, application/json, image/svg+xml, application/xml, text/plain. Do not compress: image/* (JPEG/PNG/WebP/AVIF), application/zip, application/pdf, font/woff2, application/wasm. Correct Content typeHeaders are crucial for the engine to make reliable decisions and avoid having to sniff.
Static vs. dynamic: clean separation and caching
I separate static and dynamically clear, so that the CPU does not constantly repack the same bytes. I compress static assets in the build or at the edge and deliver them from a cache with a long runtime. I compress dynamic responses moderately and ensure that critical parts are sent early. This allows users to benefit directly from the first bytes, while large blocks of text continue to flow in the background. The less frequently I regenerate content, the smoother the load curve remains.
HTTP/2 and HTTP/3: Compression without blockages
Multiplexing changes the Priorities: Lots of small, well-compressed text assets over a single connection bring speed, but slow on-the-fly compression can slow down multiple streams at once. I set flush points so that the browser starts rendering early. Headers, critical CSS, and the first HTML bytes must be sent immediately, followed by the rest in compressed form. If you want to take a closer look at how this works, you can find background information at HTTP/2 multiplexing. Small adjustments to buffer sizes and compression windows often have a noticeable effect.
Proxies, load balancers, CDN: the right place to compress
In chains with Proxy and CDN, I specify exactly where compression takes place and adhere strictly to this. Double compression or decompression at the wrong hop destroys advantages and confuses caches. Ideally, the edge compresses static text assets, while the backend delivers dynamic responses moderately on the fly. If a client does not accept Brotli, Gzip or Plain is returned, clearly signaled via Vary: Accept-Encoding. For efficient delivery, the guide to CDN optimization with clear caching rules and consistent variants.
Build pipeline: Reliably managing pre-compression
Pre-compressed files need Discipline in delivery. In addition to .css/.js also .css.br and .css.gz (analogous for JS/SVG/TTF) in the build. The server selects based on Accept-Encoding the appropriate variant and sets Content encoding, Content type, Content-Length Consistent. Important: no double compression, no incorrect lengths. ETags and checksums are variant-related – I accept different ETags per encoding or use weak ETags. I test range requests separately so that byte ranges at .brassets are handled correctly.
Header details: Length, caching, revalidation
With on-the-fly compression, I often send Transfer encoding: chunked instead of a fixed Content-Length. The client can handle this; it only becomes critical when a downstream instance incorrectly attaches a fixed length. In caching layers, I make sure that Vary‑Header the Compression variants separate and Cache control specifies reasonable TTLs. For static assets, long TTLs with clean versioning (e.g., hash in the file name) are ideal; dynamic responses get short TTLs or no-store, depending on sensitivity. Last-Modified and If-None-Match help keep revalidations efficient – per encoding variant.
Streaming, flush, and server buffer
For fast Perceived Performance I send early: HTML head, critical CSS, and the first markup bytes go out immediately, followed by the compressed body. Server-side buffers (e.g., proxy buffers, app framework buffers) must not slow this down. For server-sent events or chat-like streams, I check whether compression makes sense: ASCII events benefit from it, but too aggressive buffering destroys the live effect. If necessary, I deactivate proxy buffering and set moderate levels so that heartbeats and small events don't get stuck.
Vary headers, negotiation, and „http compression errors“
The correct VaryThe Accept-Encoding header determines whether caches deliver the appropriate variants. I consistently send Vary: Accept-Encoding with compressed content to prevent errors. Monitoring often marks targets as „down“ when headers are inconsistent or double encoding occurs. If this happens sporadically, I look at paths separately via proxy hops and regions. Test tools for Gzip/Brotli help me to track headers and payloads cleanly.
Security: Compression and confidential data
Compression can be used in combination with TLS in certain patterns favor side-channel attacks. I therefore check responses that contain both sensitive form data and attacker-controlled content. If the scope can be varied, I reduce compression or isolate content. It is often sufficient to deliver specific paths without compression or dynamic mixing. Security takes precedence over a few kilobytes saved.
Measurement strategy: TTFB, CPU, Core Web Vitals
I rate TTFB, FCP, and LCP in parallel with CPU time per worker and bytes per request. I test changes to levels or procedures in a controlled manner and compare variants. It is important to make a clear distinction between resource types, because HTML, JSON, and CSS/JS behave differently. Real User Monitoring confirms whether real devices benefit. If load or error rates increase, I quickly roll back the change.
Tuning workflow: this is how I proceed step by step
At the beginning, I only activate moderate Levels for dynamic responses and let static assets be packed in advance. Then I check headers for correct negotiation and add Vary: Accept-Encoding. Next, I measure TTFB and CPU during peak load, adjust levels in small increments, and check again. In the next step, I set flush points for early HTML parts so that the browser renders earlier. Finally, I check CDN and proxy hops for double compression and keep responsibilities clear.
Error patterns in practice: symptoms, causes, fixes
Typical „HTTP compression errors“I recognize recurring patterns:
- Double compression:
Content-Encoding: gzip, gzipor strange binary characters in HTML. Cause: Upstream already compresses, downstream compresses again. Fix: Make only one instance responsible.,Content encodingCheck, respect pre-compression. - Incorrect length:
Content-LengthDoes not match the compressed response, clients abort. Cause: Length calculated before compression. Fix: Omit length (chunked) or set correctly after compression. - Mixed variants in the cache: Gzip bytes to clients without support. Cause: missing
Vary: Accept-Encoding. Fix: Set Vary and clear cache. - Timeouts/high TTFB: Compression blocks workers, no early flush bytes. Fix: Lower levels, set flush points, limit CPU budget per request.
- „Unknown Content Encoding“: Older proxies strip headers or accept
brNot fixed: Ensure fallback to Gzip, configure Edge for incompatible hops.
Tests and diagnosis: fast and reliable testing
I start with simple header checks: curl -sI -H "Accept-Encoding: br,gzip" https://example.org/ should Content encoding and Vary show. Then I load the resource without and with Accept-Encoding and compare bytes. DevTools in the browser reveal size over the line vs. after decompression. Under load, I test variants separately (p50/p95/p99) because compression costs do not scale linearly. Important: Tests should be performed on real paths (including CDN/proxy chain), not just directly at the origin.
Server and framework pitfalls
At the app level, Middleware often activated prematurely. I only use it where no upstream reverse proxy compresses. In PHP stacks, I avoid zlib.output_compression parallel to Nginx/Apache compression. In Node/Express, I limit the middleware to textual routes and set a minimum size. Java stacks with filters (e.g., GzipFilter) get exceptions for binary formats. In general: only one compression layer active, clear responsibility.
What not to compress (or only rarely)
Many formats are already compressed or respond poorly: WOFF2 fonts, WebP/AVIF, MP4, PDF, ZIP, WASM. Binary protocols such as Protobuf or Parquet also offer little benefit. SVG is text and benefits, but I am checking this. Range requests for jump marks in documents. For images, I avoid decompression in intermediate hops: Once compressed, it stays compressed..
APIs and data: Optimize structure rather than level
With JSON APIs, bring structured optimizations More than just level orgies: remove unnecessary fields, use numbers instead of strings, no excessive pretty formatting in production. Compass: if the response still has a lot of „air“ after Gzip/Brotli, a schema diet is worthwhile. For GraphQL/REST, server-side batching can reduce the number of compressed responses.
Operations and capacity planning
Compression is CPU work. I plan Budgets per worker/pod and limit simultaneous compression jobs. Under load, I scale horizontally and keep levels stable instead of ramping up during peaks. In the CDN, I pay attention to region parity: Brotli at the edge massively reduces the load on the origin. I calibrate alerts to P95/99 of TTFB and CPU saturation, not just to average values.
Checklist for stable HTTP compression
- Moderate levels for dynamic responses, high levels only for pre-compression
- Explicitly maintain MIME type list, exclude images/binary formats
- Separate static vs. dynamic, pre-compression in build/edge
- Vary: Always send Accept-Encoding, consistent ETag/cache headers
- Set minimum size and buffer limits, test range requests
- Place flush points, keep an eye on proxy/app buffering
- Only compress one hop, ensure fallback to Gzip/Plain
- Measure TTFB, CPU, and vitals, look at p95/p99, make changes step by step
- Check error patterns (double compression, incorrect length) specifically
Think through sample configurations
At Apache I activate mod_deflate or mod_brotli, define text types explicitly, and set levels depending on the path. For Nginx, I use gzip directives and deliver pre-compressed .br files for static assets, while brotli_static or a module serves the edge variant. IIS separates static and dynamic compression, which I supplement with CPU thresholds and clear type lists. In all cases, I check Vary headers, content encoding, and content length for consistency. Sample values help, but in the end, what counts is measurement under real load.
Briefly summarized
The most effective Strategy HTTP compression starts conservatively, measures consistently, and separates static from dynamic content. Brotli shows its strengths with pre-compressed text assets, while Gzip or moderate Brotli keeps dynamic responses lean enough. Clean headers, clear responsibilities in proxy/CDN chains, and realistic tests avoid „http compression errors.“ I always prioritize the early delivery of critical bytes instead of forcing every last percent of compression. This way, the site delivers noticeably faster without driving up server load and error messages.
