Hi there,
Currently running a penetration test for a clients and getting a medium vulnerability: Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH). This seems to be coming from the yui framework and the only recommended fix for this is to turn of HTTP compression.
We have done this but the vulnerability is still present. Has anyone else experienced this vulnerability, and if so do you have a suggestion for a fix?
Thanks
Josh