Passive Fingerprinting of HTTP/2 Clients
▻https://www.akamai.com/uk/en/multimedia/documents/white-paper/passive-fingerprinting-of-http2-clients-white-paper.pdf
"This paper demonstrates how these new implementations create small nuances, which differentiate HTTP/2 clients from one another. In addition, we have shown how these unique implementation features can be leveraged to passively fingerprint web clients. Our research shows that passive HTTP/2 client fingerprinting can be used to deduce the true details about the client’s implementation — for example, browser type, version, and sometimes even the operating system. This technique can be used to better detect clients that spoof or don’t report their User-Agent string, and at the same time increase confidence in User-Agent strings reported by legitimate (...)