I have a custom application which communicates with mobile devices using json. Using gzip compression has a significant impact on network performance since it reduces file sizes by 60-70%. However, I've found that gzip compression is only working on the http version, not https. I used a tool at http://checkgzipcompression.com/ to verify this, and curl shows the same results. I don't think that I have control over the configuration of nginx which is proxying my application. Is there anything that I can do to get gzip compression on https? Details below: curl -v -H 'Accept-Encoding: gzip' http://...
curl -v -H 'Accept-Encoding: gzip' https://...
asked 09 Sep '13, 01:36 BinaryMan32 |
The reason gzip is disabled for HTTPS traffic is to prevent BREACH attacks, so it is a security concern. answered 09 Sep '13, 02:20 waynek |
You can now selectively enable and disable gzip compression for HTTPS websites via our control panel at: answered 25 May '17, 16:14 seanf |
To clarify, I'm relying on the nginx proxy completely for compression. My application does not attempt to do gzip compression on either http or https.