Check if gzip support is enabled on your webserver

Gzip is a file format used for file compression and decompression. It is commonly used in HTTP compression to speed up websites. However, this compression technique can be exploited using the BREACH attack. For security reasons, it may be beneficial to disable gzip compression.

However, it is not always easy to determine whether gzip support is enabled or disabled. The following curl command provides a simple command-line solution to check whether your webserver supports gzip compression:

$ curl https://your.website --silent -H "Accept-Encoding: gzip, deflate" --output /dev/null -vvv

If your webserver supports gzip, then you will find the Content-Encoding response header in the result:

< HTTP/1.1 200 OK
...
< Content-Encoding: gzip
Show Comments