Hello security team,
The site legalrobot.com is potentially vulnerable to the BREACH attack.
Allowing an attacker the ability to:
BREACH (Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext) is a category of vulnerabilities and not a specific instance affecting a specific piece of software. To be vulnerable, a web application must:
Be served from a server that uses HTTP-level compression
Reflect user-input in HTTP response bodies
Reflect a secret (such as a CSRF token) in HTTP response bodies
Mitigations to fix this include:
For more info on breach attack visit: http://www.breachattack.com/
I have attached an image “proof_of_vuln.png” for POC.