How to test if a website supports Brotli or Gzip compression

After migrating this blog to Hugo we performed some optimization steps to ensure it is as quick as possible. Pages are slim and small in size, but still can be compressed. Normally we would do this on the end of the web server, by enabling dynamic compression. So each time a client requested a compressed page, the web server would compress is and send over the data. This time we turned things around.

Compress data upfront

Using the brotli command we can compress files and store them on the webserver. So if we have a file named index.html, we can tell the tool to compress it. By using the --best parameter, we tell it to get the best possible compression. After all, it’s a one-time action, so why not take our best shot?

Using the tool is very straightforward: brotli --best index.html

The brotli tool is usually not installed by default

Using Firefox to test if compression is working

  • Open Firefox
  • Press CTRL + SHIFT + i
  • Click on the Network tab
  • Open the web page to test, hard refresh if needed (CTRL + SHIFT + r)
  • Look at the first column to see if a 200 response code is returned
  • Look at the columns Transferred and Size to see if they are different
  • Click on the request, which opens up all details
    • Confirm that the browser supports compression. Most likely the Request Headers section will show Accept-Encoding: gzip, deflate, br to indicate that it supports multiple types of compression
    • Then confirm that Response Headers show content-encoding. If Brotli is used, then the value will display this as br

Using curl to test if compression is working

To test if compression is working as expected, we can also use the cURL utility. Nowadays it is installed on most systems, so why not use that instead?

curl --head --header 'Accept-Encoding: br' --silent | grep content-encoding

So what does it do?

--headperforms a HEAD request and returns only the headers, not the actual data
--headerincludes the header where we tell that we would accept Brotli encoding
--silentsuppresses the progress output within cURL

If everything is working as expected, the output should include the encoding provided by the web server.

content-encoding: br

Good luck in further optimizing your web server(s)!

Webserver hardening

Want to secure your web server and websites even further? Perform a system audit with Lynis, including a configuration test of Apache, nginx, and others.

Lynis is a battle-tested technical security audit tool. It is open source, freely available, and used by system administrators all over the world. Other users include IT auditors, security professionals, like pentesters.

Tool Information

Visit project page
Screenshot of Lynis security tool