Response from ALB was compressed already but response downloaded in browser from CloudFront is in full size


We have a CloudFront distribution pointing to an ALB origin, the ALB points to ASG with a set of EC2 instance running nginx in it, nginx responses for compression.

If we download the response from ALB directly, the size is ~60KB.

curl -H 'Host:' -H 'Accept-
Encoding: gzip' -k -I
HTTP/2 200 
date: Thu, 29 Jun 2023 06:05:01 GMT
content-type: text/html; charset=UTF-8
server: nginx
vary: Accept-Encoding
cache-control: max-age=300, public, s-maxage=300
vary: X-Guest,Accept,Accept-Encoding,Origin
etag: W/"eeaa320bc21128af1ca7ab3e13dcf497"
last-modified: Wed, 28 Jun 2023 15:02:54 GMT
access-control-allow-methods: GET,POST,PUT
access-control-allow-headers: Origin,Authorization,X-API-Version,Accept,Content-Type
x-frame-options: SAMEORIGIN
x-server-id: 38
content-encoding: gzip <---

curl -H 'Host:' -H 'Accept-
Encoding: gzip' -k > result
ls -lah ./result

-rw-r--r--  1 me  staff    53K Jun 29 14:07 ./result   <--- Just 53KB

However if I check the downloaded size in browser, it is 10x larger.

The CloudFront cache policy we use has Accept, Accept-Encoding as cache key, min/default/max TTL are 0/86400/31536000, both compression support are off for br and gzip(because we compress the response with nginx inside EC2 instances). For cache behavior it is off.

Anything we are potentially doing wrong making the response size 10x large? Thank you for helping

Tom Lo
asked a year ago875 views
2 Answers

Hi, did you confirm that the Accept-Encoding is properly set in your browser to match the Accept-Encoding parameter of your curl request? If not, CloudFront will understand that the requester doesn't accept compressed content and will decompress before sending.


profile pictureAWS
answered a year ago
  • Yes we are using Chrome, the request header sent is Accept-Encoding: gzip, deflate, br


Oh well, turns out the problem for some reason is nginx refused to compress request coming from CloudFront when we set gzip_proxied expired no-cache no-store private auth; in nginx.conf. Changing it to gzip_proxied any; then it works…. I am not sure why curl directly to it would get a compressed result.

Tom Lo
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions