To avoid BREACH, can we use gzip on non-token responses?
I work on a site that has a web interface an an API. I’m trying to determine if we can safely use gzip, or if that will open us to BREACH.
The site says:
If you have an HTTP response body that meets all the following con… Continue reading To avoid BREACH, can we use gzip on non-token responses?