Recommendations for safeguarding against BREACH ?

Igor Sysoev igor at
Mon Aug 19 06:07:24 UTC 2013

On Aug 12, 2013, at 21:32 , offmind wrote:

> And what if we are using gzip_static?
> As far as I understand, we have to block gzipping page code. But what about
> .js .css with no secure content?

Statically gzipped files do not depend on user input so they are not subject

Igor Sysoev

More information about the nginx mailing list