Ktor provides the capability to compress outgoing content by using the Compression plugin. You can use different compression algorithms, including
deflate, specify the required conditions for compressing data (such as a content type or response size), or even compress data based on specific request parameters.
Compression, you need to include the
ktor-server-compression artifact in the build script:
... inside the
... inside the explicitly defined
module, which is an extension function of the
This enables the
identity encoders on a server. In the next chapter, we'll see how to enable only specific encoders and configure conditions for compressing data.
Configure compression settings
You can configure compression in multiple ways: enable only specific encoders, specify their priorities, compress only specific content types, and so on.
Add specific encoders
To enable only specific encoders, call the corresponding extension functions, for example:
You can specify the priority for each compression algorithm by establishing the
In the example above,
deflate has a higher priority value and takes precedence over
gzip. Note that the server first looks at the quality values within the Accept-Encoding header and then takes into account the specified priorities.
Configure content type
By default, Ktor doesn't compress specific content types, such as
text/event-stream. You can choose the content types to compress by calling
matchContentType or exclude the desired media types from compression by using
gzip and all text subtypes using
You can find the full example here: compression.
Configure response size
Compression plugin allows you to disable compression for responses whose size doesn't exceed the specified value. To do this, pass the desired value (in bytes) to the
Specify custom conditions
If necessary, you can provide a custom condition using the
condition function and compress data depending on the specific request parameters. The code snippet below shows how to compress requests for the specified URI:
HTTPS with the enabled compression is vulnerable to the BREACH attack. You can use various ways to mitigate this attack. For example, you can disable compression whenever the referrer header indicates a cross-site request. In Ktor, this can be done by checking the referrer header value: