When OCSP Stapling is disabled, user browser (Firefox) checks to whether a website certificate has been revoked or not. It’s within Online Certificate Status Protocol or OCSP.
It ‘leaks’ user vistis to cert issuer + causing heavy traffick on cert issuer servers + slows down page load since it is additional request. Enabled OCSP Stapling reduces this.
See this article.
How to enable OCSP Stapling:
Add to the end of your /etc/nginx/sites-available/example.com conf this:
...
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
# DNS resolver (Google), not mandatory
resolver 8.8.8.8 8.8.4.4
}
then
nginx -t
service nginx restart
Use this tool (or this) to see your OCSP Stapling is enabled on your server.