In theory, if the page always serve the cookie, even when it doesn’t change (which seems to be the…
Rodrigo Rosenfeld Rosas
1

> (this is not possible with client-side JavaScript).

You are wrong, read about HEIST attack.

With a HEIST attack CRIME and BREACH are now cross sites attacks also.

Also didn’t get your clear point, in what kind you are arguing with me? :)

In CRIME attack you can attack body and headers, in BREACH only body. Did I said something et contra?

Like what you read? Give AlekseyL a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.