And what if we are using gzip_static? As far as I understand, we have to block gzipping page code. But what about .js .css with no secure content?