Brotli on a CDN: Why It's Better and How to Configure It on Cloudflare (plus IIS)

Updated: November 25, 2025

Brotli is a modern compression format that typically shrinks HTML, CSS, and JavaScript 15-30% more than gzip at similar quality levels. On Cloudflare, Brotli is enabled by default; you can fine-tune it with Compression Rules while keeping gzip as a fallback.

TL;DR

• Brotli is the best default for text assets; Cloudflare already negotiates it automatically and prefers zstd when the client allows it.
• Keep gzip enabled for legacy clients; optionally add zstd for the fastest compression on dynamic responses.
• Use Cloudflare Compression Rules to force, prefer, or disable algorithms per path/host, and verify with curl or DevTools.

---

What is Brotli?

Brotli is an HTTP content-encoding built on an LZ77-style dictionary with Huffman coding and context modeling. The format is documented in RFC 7932, with newer RFC 9841 (shared dictionaries) and RFC 9842 (HTTP negotiation) enabling even better ratios for repeatable patterns.

Key properties

• Excellent compression ratio on web text (often smaller than gzip).
• Designed for streaming and HTTP content-encoding.
• Broad browser support; modern clients send Accept-Encoding: br.

Brotli vs. Other Options (Gzip and Zstandard)

Brotli vs. gzip

• Compression ratio: Typically 3-15% smaller payloads on HTML/CSS/JS, which improves Core Web Vitals.
• CPU trade-off: Higher Brotli levels (9-11) cost more CPU; use for static assets or pre-compress at build time.
• Compatibility: Keep gzip enabled for clients that do not support Brotli.

Brotli vs. Zstandard (zstd)

• Ratio and speed: zstd often matches Brotli compression with much faster throughput, great for dynamic workloads.
• Client support: Cloudflare serves zstd when both your zone and the client support it; otherwise it falls back.
• Practical approach: Enable zstd if your plan includes it, rely on Brotli for most visitors, keep gzip as the safety net.

How Cloudflare Handles Compression in 2025

• Algorithms: gzip, Brotli, and Zstandard (zstd).
• Defaults: Brotli is on by default. Cloudflare prefers zstd, then Brotli, then gzip, then uncompressed.
• Rules: Compression Rules let you force, prefer, or disable algorithms per path, host, or other request attributes.
• Origin options: You can still serve pre-compressed assets from origin (.br/.gz); Cloudflare will cache and negotiate per client.

Configuring Brotli on Cloudflare

Brotli is already enabled. Use Compression Rules if you need finer control.

Option A: keep Cloudflare defaults

Do nothing. Cloudflare will serve zstd or Brotli automatically (gzip if needed).

Option B: create targeted Compression Rules

1. Dashboard > Rules > Compression Rules > Create rule.
2. Add filters, for example:
   • URI Path starts with /assets/
   • Content-Type contains text/ or application/json
3. Set action:
   • Enable Brotli and gzip (Cloudflare prefers Brotli automatically), or
   • Custom order: Brotli, gzip (add zstd at the top if available).
4. Save and deploy.

Example: only Brotli for a download path — When URI Path equals /download/assets.tar, choose Custom order with Brotli only.

Advanced: serving pre-compressed Brotli from your origin

If your build emits .br assets and you serve them with Content-Encoding: br, Cloudflare caches and delivers them directly. Also provide .gz and the original to cover all clients, and send the right Content-Type plus Vary: Accept-Encoding where needed.

How to add Brotli to IIS (Windows Server)

Microsoft IIS Compression bundles iisbrotli.dll (Brotli) and iiszlib.dll (gzip/deflate). Install it to offload compression to IIS and let Cloudflare cache the pre-compressed responses.

Prerequisites: ensure IIS Static Content Compression and/or Dynamic Content Compression features are installed and enabled.

Install steps

1. Download the Microsoft IIS Compression MSI (x64 or x86).
2. Open an elevated command prompt.
3. Stop IIS services:

   net stop was /y

4. Run the installer, for example:

   msiexec /I iiscompression_amd64.msi

5. Accept the EULA and finish installation.
6. Start IIS services again:

   net start w3svc

The installer places binaries under %ProgramFiles%\\IIS\\IIS Compression and registers Brotli (br) and gzip schemes in applicationHost.config. A simplified <httpCompression> section looks like:

<httpCompression directory="%SystemDrive%\\inetpub\\temp\\IIS Temporary Compressed Files">
  <scheme name="br" dll="%ProgramFiles%\\IIS\\IIS Compression\\iisbrotli.dll" />
  <scheme name="gzip" dll="%ProgramFiles%\\IIS\\IIS Compression\\iiszlib.dll" />
  <dynamicTypes>
    <add mimeType="text/*" enabled="true" />
    <add mimeType="message/*" enabled="true" />
    <add mimeType="application/javascript" enabled="true" />
    <add mimeType="*/*" enabled="false" />
  </dynamicTypes>
  <staticTypes>
    <add mimeType="text/*" enabled="true" />
    <add mimeType="message/*" enabled="true" />
    <add mimeType="application/javascript" enabled="true" />
    <add mimeType="image/svg+xml" enabled="true" />
    <add mimeType="*/*" enabled="false" />
  </staticTypes>
</httpCompression>

Enable per site: In IIS Manager > Compression, select Enable static content compression and/or Enable dynamic content compression for your site. If you serve pre-compressed files, return the correct Content-Type, Content-Encoding: br, and Vary: Accept-Encoding.

Verification checklist

1) Check headers with curl

curl -I -H "Accept-Encoding: br, gzip" https://your-domain.com/

Expect content-encoding: br (or zstd/gzip depending on client) plus vary: accept-encoding.

2) Inspect in DevTools

Open Network tab, select a request, and confirm content-encoding plus transfer size vs resource size.

3) Compare sizes

Compare .br vs .gz outputs in CI or via build artifacts to watch deltas over time.

Practical tips

• Pre-compress static assets with higher Brotli levels (9-11) during builds.
• Skip already-compressed formats (JPEG/PNG/WebP/AVIF, MP4, PDF); Cloudflare defaults handle this well.
• Set cache headers so Cloudflare can cache text assets effectively.
• Use Vary: Accept-Encoding when your origin conditionally compresses responses.
• Monitor Core Web Vitals and transfer size to verify gains.

Sources and further reading

• Microsoft Learn: IIS Compression overview
• Cloudflare docs: Content compression (Brotli, gzip, zstd)
• Cloudflare docs: Compression Rules
• Cloudflare community: Brotli on by default & toggle removal
• Cloudflare blog: This is Brotli from origin
• Cloudflare blog: New standards (zstd)
• RFC 7932: Brotli compressed data format
• RFC 9841: Shared Brotli dictionary transport
• RFC 9842: HTTP compression dictionaries

---

Conclusion

Brotli is the default best choice for compressing text assets on modern CDNs. On Cloudflare, it is already on; use Compression Rules to fine-tune behavior, add zstd for cutting-edge clients, and keep gzip as a fallback. Pre-compress where it makes sense, verify with curl or DevTools, and enjoy smaller payloads and faster pages.

Questions about Brotli on Cloudflare or IIS? Drop a comment below.