User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 Build ID: 20130326150557 Steps to reproduce: This is an enhacment, so I didn't do anything. Actual results: Same thing(I guess). Expected results: Opera apparently randomizes where it stores the Cookie:, header so it wasn't vunerable to the CRIME attack. Even though header compression isn't that useful for most people it'd still be something that would help(I believe).
we don't do upstream header compression in spdy (it is technically gzip formatted, but no compression is applied) and hpack in http/2 is not vulnerable to this