How to enable response compression in ASP.NET Core 2 with gzip and Brotli encoding

Internet traffic can be compressed to save network bandwidth usage. While images and web fonts are already compressed, text files are stored on the server in human readable form. HTTP.sys server and Kestrel currently don't have built-in compression support. By default, only static files are compressed with gzip. What if you want compress more?

Reasons

There are several reasons why you might want to change compression configuration:

support Brotli compression format
compress over TLS
compress dynamically generated content

Brotli

Two engineers at Google designed a Brotli compression format. In comparison to gzip, Brotli is around 20% more performant in compression and around 20 times faster in decompression. It is used in the WOFF2 format. Brotli uses Huffmann coding and a variant of the LZ77 algorithm. All major browsers support Brotli (Firefox since January 2016, Chrome since April 2016, Opera since June 2016, Edge since April 2017 and Safari since October 2017).

Compress in TLS

Compression in TLS is compromised due to BREACH attack. However, if your cookies follows same-site policy, your site is protected against CSRF and BREACH attacks.

Compress dynamic content

Unlike static files, dynamic content cannot be cached thus every response must be compressed individually. It gives you more efficient use of bandwidth but also higher CPU load.

Implementation

Allowing compression in ASP.NET Core 2 web app is very easy.

Step 1 – use response compression

In the Startup.cs file call the UseResponseCompression method:

public class Startup {
    public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
        app.UseResponseCompression();
    }
}

Step 2 – enable gzip compression

In the Startup.cs file call the Configure method:

public class Startup {
    public void ConfigureServices(IServiceCollection services) {
        services.Configure<GzipCompressionProviderOptions>(options => {
            options.Level = CompressionLevel.Fastest;
        });
    }
}

Step 3 – create a Brotli compression provider

Firstly, you must install the BrotliSharpLib NuGet package because Brotli isn’t currently supported in .NET Core 2.0.0.

Secondly, add a new class that provides Brotli compression.

public class BrotliCompressionProvider : ICompressionProvider {

    public string EncodingName => "br";

    public bool SupportsFlush => true;

    public Stream CreateStream(Stream outputStream) => new BrotliStream(outputStream, CompressionMode.Compress);

}

Step 4 – register a Brotli compression provider

In the Startup.cs file call the AddResponseCompression method:

public class Startup {
    public void ConfigureServices(IServiceCollection services) {
        services.AddResponseCompression(options => {
            options.Providers.Add<BrotliCompressionProvider>();
        });
    }
}

Step 5 – enable compression in TLS connection

In the Startup.cs file in the AddResponseCompression method call set the EnableForHttps property:

public class Startup {
    public void ConfigureServices(IServiceCollection services) {
        services.AddResponseCompression(options => {
            options.Providers.Add<BrotliCompressionProvider>();
            options.EnableForHttps = true;
        });
    }
}

Step 6 – declare additional MIME types for compression

By default, only following MIME types are compressed by ASP.NET Core 2:

text/plain
text/css
application/javascript
text/html
application/xml
text/xml
application/json
text/json

Your web application may serve more MIME types which can be compressed, for example:

application/xhtml+xml
application/atom+xml
image/svg+xml

In the Startup.cs file call in the AddResponseCompression method call set the MimeTypes property:

public class Startup {
    public void ConfigureServices(IServiceCollection services) {
        options.Providers.Add<BrotliCompressionProvider>();
        options.EnableForHttps = true;
        options.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(new[] {
            "application/xhtml+xml",
            "application/atom+xml",
            "image/svg+xml",
        });
    }
}

Step 7 – test it

F12 Dev Tools currently do not show content-encoding response header. This is a known bug which takes over a year to fix. You must run an alternative browser to test whether your server responds with the content-encoding: br HTTP header.

Further thoughts

Edge, Chrome and Firefox declare Brotli support in TLS connection only. It has a practical reason. When Chrome and Firefox teams tried to implement bzip2 and SDCH compression, they found that some proxy servers spoiled HTTP content.
Brotli Compressed Data Format is standardized by IETF as RFC 7932.
Microsoft has been already working on Brotli support in ASP.NET Core but the package is still not ready for production yet.
ASP.NET Core 2 currently doesn’t support disabling of dynamic compression when CPU reaches high load like IIS.
Content compression is much more efficient way of reducing response size than minifying CSS or JavaScript files.