The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a “HEIST” attack.
arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
www.securityfocus.com/bid/92769
www.securitytracker.com/id/1036741
www.securitytracker.com/id/1036742
www.securitytracker.com/id/1036743
www.securitytracker.com/id/1036744
www.securitytracker.com/id/1036745
www.securitytracker.com/id/1036746
tom.vg/papers/heist_blackhat2016.pdf