Gzip compression on by default?

Continuing the discussion from Discourse not using brotli or gzip compression?:

In the discussion above it’s mentioned to set some nginx proxy lines to disable compression. My forum uses content-encoding gzip. Since this is considered a bad practice, I would like to disable it. gzip off; is set in my /etc/nginx/nginx.conf on my Debian 11 machine. None of my other websites that I host from this same server have compression enabled. So my guess is that this is set in the container.

So this leaves me with 2 questions.

  1. Is this meant to stay enabled and the security considerations are not valid?
  2. It’s up to the admin, you may disable it, the proxy_hide_header Vary; and proxy_set_header Accept-Encoding ''; are your friend?
1 Like