As a client, there is not much you can do.
But if you are a server op, simply turning off compression on your https connections mitigates this attack.
This has been a best practice for a while, but as you can imagine there a LOT of sites out there that don't do this, including your regular high-street banks.
Biting the hand that feeds IT
