gzip and https work together without problems, however this opens up several potential vulnerabilities. With the right and skillful configuration, taking into account these new attack vectors and their smart mitigation, it is possible and necessary to use gzip + https. But, since many users of the hollow do not give away what they do in their configs, this combination is not recommended by default. read, for example, here .

and most sites do not even reach 80 points.

because this assessment is extremely one-sided. And it has little to do with reality.
Especially when it says that you can reduce images and JS that are already minified.
I have not yet seen a single site that fits into the top ratings for this counter.
Even Google itself gives results at the bottom level there (now it really gives out a lot due to the fact that instead of the page , the captcha comes out xD).
Better to use wider tools like https://tools.pingdom.com/
More informative result.
first time I hear about it.
Google did not give anything except for a vulnerability from 2012, which has already been fixed a long time ago.
Other than that, I see no reason to do so.

turn gzip on and don't mess around

I also asked this question, but as if none of the respondents understood what it was about.
https://security.stackexchange.com/questions/65625...
https://xakep.ru/2013/08/07/61037/
breachattack.com
The problem, apparently, remains. You can share, but you need to understand what and how to configure.