1

After scaning web page with Nikto I have results that is "The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack."

How to verify if that result isn't false positive? In proxy I don't see any Content-Encoding: deflate header.

Is it a good solution to always disable deflate encoding?

user187205
  • 1,163
  • 3
  • 15
  • 24
  • 4
    If compression (no matter if gzip, deflate, brotli) should be disabled because of BREACH and similar is discussed in [Is gzipping content via TLS allowed?](https://security.stackexchange.com/questions/102013/is-gzipping-content-via-tls-allowed), [Current State of BREACH (GZIP SSL Attack)?](https://security.stackexchange.com/questions/65625/current-state-of-breach-gzip-ssl-attack), [Is HTTP compression safe?](https://security.stackexchange.com/questions/20406/is-http-compression-safe) and possible others. This question is a duplicate of these. – Steffen Ullrich Mar 23 '18 at 16:37
  • If your proxy is an HTTP proxy (which is not the only kind) it can change or remove compression, and if it is designed to examine or manipulate content (such as but not limited to IDS, AFW, Fiddler/Burp/Charles/etc) it probably does. – dave_thompson_085 Mar 24 '18 at 04:19

0 Answers0