cloudflare is such a meme https://blog.cloudflare.com/a-solution-to-compression-oracles-on-the-web/
like they start off by saying yeah we got this phd on the case of security. we have a proof of concept that does not do the horribly fucked up thing http makes you do