diff --git a/backend/Menu.ApiServiceDefaults/Extensions.cs b/backend/Menu.ApiServiceDefaults/Extensions.cs
index 4bf0a799..704c6e99 100644
--- a/backend/Menu.ApiServiceDefaults/Extensions.cs
+++ b/backend/Menu.ApiServiceDefaults/Extensions.cs
@@ -1,5 +1,6 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Swashbuckle.AspNetCore.SwaggerGen;
@@ -26,6 +27,15 @@ public static TBuilder AddApiServiceDefaults<TBuilder>(this TBuilder builder) wh
         // Problem details
         builder.Services.AddProblemDetails();
 
+        // Response compression (gzip + brotli for JSON API payloads)
+        builder.Services.AddResponseCompression(options =>
+        {
+            options.EnableForHttps = true;
+            options.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(["application/problem+json"]);
+            options.Providers.Add<BrotliCompressionProvider>();
+            options.Providers.Add<GzipCompressionProvider>();
+        });
+
         return builder;
     }
 
@@ -40,6 +50,7 @@ private static void RegisterDocumentation(SwaggerGenOptions o, string? assemblyN
 
     public static WebApplication MapDefaultApiEndpoints(this WebApplication app)
     {
+        app.UseResponseCompression();
 
         app.UseExceptionHandler();
 
diff --git a/backend/MenuApi/Program.cs b/backend/MenuApi/Program.cs
index 37a6c706..91373154 100644
--- a/backend/MenuApi/Program.cs
+++ b/backend/MenuApi/Program.cs
@@ -57,11 +57,11 @@
 // Use CORS middleware before authentication/authorization
 app.UseCors("AllowAll");
 
+app.MapDefaultApiEndpoints();
+
 app.UseAuthentication();
 app.UseAuthorization();
 
-app.MapDefaultApiEndpoints();
-
 // Configure the APIs
 var api = app.MapGroup("/api")
     .RequireAuthorization();