
HEIST: HTTP Encrypted Information Can Be Stolen Through TCP-Windows [pdf] - collinmanderson
https://www.blackhat.com/docs/us-16/materials/us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf
======
collinmanderson
Seems to me same-site cookies would solve this problem.

[https://www.owasp.org/index.php/SameSite](https://www.owasp.org/index.php/SameSite)

