It's an interesting idea but it fails on slow connections, network problems etc. As an attacker I might even start b6 sending a request for something trivial (favicon or something) before I receive anything.
Also as an attacker the effectiveness of your mitigation depends on what it is I want - by this point I have some plaintext and know what protocol you're using.
Also as an attacker the effectiveness of your mitigation depends on what it is I want - by this point I have some plaintext and know what protocol you're using.