diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf
index 5b4050b..5bdfa19 100644
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@@ -28,14 +28,18 @@ proxy_hide_header Strict-Transport-Security;
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
 ## The following settings need to be declared manually per vhost:
-# ssl_certificate
-# ssl_certificate_key
-# ssl_trusted_certificate
-# ssl_stapling_file
+## ssl_certificate
+## ssl_certificate_key
+## ssl_trusted_certificate
+## ssl_stapling_file
 
 # Disable server tokens
 server_tokens off;
 
+# Disable compression
+## Mitigates oracle attacks
+gzip off;
+
 server {
     listen ipv4_1:80 default_server;
     listen [ipv6_1]:80 default_server;