: Can a random compression level applied on same html output replace HTTPS to an extent? HTTPS is supposedly a secure protocol for data exchange. I'm wondering upon a page request, if I outputted

HTTPS is supposedly a secure protocol for data exchange.

I'm wondering upon a page request, if I outputted data to the client at a different gzip compression level (over the HTTP protocol) each time, would that still be as secure as HTTPS since the raw compressed data (which to humans is garbage) actually being fed to the client is different each time, yet the browser will decompress it perfectly.

Here's an example of what I mean in code. Assume this code forms index.php and the client enters in the same URL every time to access index.php. Here's the code:

<?php
$output="<p>This is a test HTML page to be encoded at a different compression level every time</p>";
$compressed=gzencode($output,rand(1,9));
echo $compressed;
?>

I mean If its feasible and won't wreck my time-to-first-byte too much, I'd rather take this method than to force users to install certificates just to run my site over HTTPS.

10.01% popularity Vote Up Vote Down

: DNS (A record) entry not working, ping gives "unknown host" I bought a domain and added an A record. The following shows under the "Current Running Records" section. Type - A Parameter - fash.lk

@Sent6035632

Posted in: #Dns #Domains

1 Comments

: Historic sitemap contains - is an additional sitemap without it required? We are reviewing an old sitemap which requires a refresh, and it contains the mobile tag for each URL (the site is

@Sent6035632

Posted in: #GoogleIndex #Sitemap

1 Comments

: Does Web crawler simulate user behavior? Structuring the web pages' content or schema properly is important for SEO. I would like to know if popular web crawlers or bots (Google bot, Bingbot

@Sent6035632

Posted in: #Googlebot #GoogleSearchConsole #Seo #WebCrawlers

1 Comments

: Is it feasible to use Vary: headers with If-none-match: to improve caching? As we all know, sending a response header Vary: Some-Header causes (or should cause) caches to store different variants

@Sent6035632

Posted in: #Cache #HttpHeaders #Proxy

1 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Martha676

Data compressed with gzip contain all the information needed to decompress the data. This means an attacker can simply decompress the data, same as the browser. So this is no more secure than plain text. And the compression level in gzip is actually irrelevant for decompression since it only says how much efforts will be done in finding common pattern in the input to get the best compression ratio.

raw compressed data (which to humans is garbage)

It does not matter if it looks like garbage for most humans. A technical person looking at the traffic will easily see that these are compressed data because the HTTP response actually says this ("Content-Encoding: gzip", without this header the browser will not decompress it) and the data contain the typical gzip header.

10% popularity Vote Up Vote Down

Feed

: Can a random compression level applied on same html output replace HTTPS to an extent? HTTPS is supposedly a secure protocol for data exchange. I'm wondering upon a page request, if I outputted

More posts by @Sent6035632

: DNS (A record) entry not working, ping gives "unknown host" I bought a domain and added an A record. The following shows under the "Current Running Records" section. Type - A Parameter - fash.lk

: Historic sitemap contains - is an additional sitemap without it required? We are reviewing an old sitemap which requires a refresh, and it contains the mobile tag for each URL (the site is

: Does Web crawler simulate user behavior? Structuring the web pages' content or schema properly is important for SEO. I would like to know if popular web crawlers or bots (Google bot, Bingbot

: Is it feasible to use Vary: headers with If-none-match: to improve caching? As we all know, sending a response header Vary: Some-Header causes (or should cause) caches to store different variants

Login to post a comment!

1 Comments

Back to top | Use Dark Theme