Hi Matthias,
Those articles are accurately describing the way GZIP normally works. Normally what happens is that PHP sends the output to apache which compresses it using mod_deflate and sends it to the browser.
This varies somewhat depending on your configuration. For example, Nginx might be sitting in front of apache and actually do the compression. But in general PHP executes, sends the output and then the web server does the compression because having a C module do compression is way faster than doing it via PHP code.
However Wordfence grabs your content and caches it BEFORE any web server can compress it. At least this is what normally happens.
In your case it seems we're grabbing content that is already compressed. This is really weird because it suggests that your content is is being compressed by PHP. I do recall seeing some compression code in WordPress core, but for now I don't remember what triggers that. I do see a bug that was filed where users were asking for the feature, but it wasn't implemented:
https://core.trac.wordpress.org/ticket/10365
However I've looked through the WP core code and there is gzip compression code in there. So can you please email me your wp-config.php file and remove andy database usernames and passwords before you do. My email is mark at wordfence dot com. I want to try and determine what is triggering this compression.
Also please reference this thread in the email so I know what you're referring to.
Thanks.
Mark