BREACH attack: How it works
There has been some confusion about how the attack actually works and the measures that can effectively mitigate it. As a type of "oracle attack," it uses results returned from queries to a system to discover information that was not directly disclosed. You can read more about it here: