OCSP stapling is a method for checking whether the SSL certificate for a website has been revoked at the very same time as you connect to the website. The revocation data is "stapled" to the SSL response at connection time.

Without OCSP stapling, browsers which do revocation checking (e.g. Firefox, but not Chrome) have to hit a web API that SSL certificate authorities provide, that offer a list of revoked certificates. Doing this is slow, has poorer security properties, and is a privacy leak (it shares browsing data with CAs).

It's not yet enabled in our nginx configuration, as I have a little more research to do -- especially in figuring out the instrumentation to test whether OCSP stapling is actually working.