Gzip is a file format used for file compression and decompression. It is commonly used in HTTP compression to speed up websites. However, this compression technique can be exploited using the BREACH attack. For security reasons, it may be beneficial to disable gzip compression.
However, it is not always easy to determine whether gzip support is enabled or disabled. The following
curl command provides a simple command-line solution to check whether your webserver supports gzip compression:
$ curl https://your.website --silent -H "Accept-Encoding: gzip, deflate" --output /dev/null -vvv
If your webserver supports gzip, then you will find the
Content-Encoding response header in the result:
< HTTP/1.1 200 OK ... < Content-Encoding: gzip