We are seeing a lot of sessions come through with Brotli compression. Is there any thoughts about uncompressing this traffic so that the Netwitness parsers can leverage the uncompressed packet? Notice the "br" tag on the response.
GET /search?q=love+rosie&addon=opensearch HTTP/1.1
Host: www.xxxx.xxx
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: ECAS=1575476662016; ECFG=a=1:as=1:cs=0:dt=pc:f=i:fr=0:fs=0:l=en:lt=1575476661:mc=en-gb:nf=1:nt=0:t=86:tt=na:tu=auto:wu=auto:ma=1; ecosia_sp2id.3d5d=691ed3ee-9523-4745-9233-c08e477a4de3.1574854898.25.1575476666.1575471428.dc7a65a4-d3f4-4232-9417-4d692ae6c093
I will add it to Decoder's Use Case backlog. Thanks for bringing this up!
Scott