It appears that sometime between 2016-12-04 and 2017-03-01, the Discover credit card (https://www.discover.com/) made the behaviour of their OFX Direct transaction download service much more strict. Where before, GnuCash could download transactions from Discover, it now fails with an HTTP error 403. Forum posts suggest that giving them the exact HTTP headers they want, in the exact order they want, may cause the download to succeed.

To reproduce:
* Have a Discover credit card account
* Configure it via Tools… Online Banking Setup… (This might have to be done before 2016-12-01.)
* Open the Account tab for the Liability account mapped to the Discover card account.
* Actions… Online Actions… Get Transactions… A "Get Transactions Online" dialogue appears.
* Set appropriate From: and To: dates. Click [OK] button. The dialogue disappears, an Online Banking Connection Window appears, and an Enter Password dialogue appears.
* Enter the same password used to log into the Discover website into the Enter Password dialogue. Click [OK]. The Enter Password dialouge disappears. Log messages appear in the Online Banking Connection Window, then it disappears.

Expected behaviour:
Transactions downloaded from Discover card system to GnuCash's corresponding account.

Observed behaviour:
An alert appears, saying, "The Online Banking import returned no transactions for the selected time period. [OK]"

The Online Banking Connection Window, which appears inactive but not entirely gone, has Log Messages as follows:

AqBanking v5.6.12.0stable
Sending jobs to the bank(s)
Locking user [myusername]
Sending request...
Connecting to server...
Resolving hosthame "ofx.discovercard.com" ...
IP address is "23.212.67.33"
Connecting to "ofx.discovercard.com"
Connected to "ofx.discovercard.com"
Using GnuTLS default ciphers.
TLS:SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-256-GCM:AEAD
Signer not found
Certificate is not trusted
Connected
Sending message...
Message sent.
Waiting for response...
Receiving response...
HTTP-Status: 403 (Forbidden)
Error parsing server response
Unlocking user [myusername]
Postprocessing jobs
Job Get Transactions: finished
Resetting provider queues

Discussion:
There are forum discussions about this issue at:

* <http://www.ofxhome.com/ofxforum/viewtopic.php?id=47793>
* <http://help.infinitekind.com/discussions/online-banking/4953-discover-downloads-stopped-working/page/5#comment_42109347>
* <http://pocketsense.blogspot.ca/2017/01/comments.html?showComment=1488858632663#c6433672933959876216>

The upshot seems to be that ofx.discovercard.com is very strict about what HTTP headers it will accept. If there are headers outside the set it wants, or if they are in the wrong order, then it returns an HTTP 403 status.  

People in those forum posts report that transaction download failed starting in mid Feb 2017. My last successful download was on 2016-12-04. I didn't attempt downloads between then and mid-April 2017, so I don't have good information on when Discover changed their behaviour and made downloads start to fail.

In a conversation with Discover customer web support on 2017-04-18, they told me (as a customer) that OFX transaction downloading had not been disabled, that it should still work.

I followed the instructions for generating an OFX log in the GnuCash wiki, http://wiki.gnucash.org/wiki/Setting_up_OFXDirectConnect_in_GnuCash_2#Enabling_the_OFX_Log . I generated an OFX log. It showed only the OFX transaction content. It did not reveal the HTTP headers.

I attempted to perform the HTTP session manually, by connecting via telnet to ofx.discovercard.com port 80. That failed with error 403, even if I followed the exact headers of the forum posts. I suspect that Discover treated my connection as http, not https, and returned an error 403 for that reason.