It is missing some sites which have https-everywhere rules. Still a scary thing; looking at the comments in the source, would coalescing load events deter the attack, or at least make it probabilistic and slow? And why isn't Firefox displaying requests to the sniffed sites while it attempts to access them? The request is already issued, even if the script manages to abort it before it completes.