1, SPDY or HTTP2. Exactly what is visible on the two endpoints is irrelevant, since the target of encryption is not to create items invisible but to generate points only seen to reliable functions. Hence the endpoints are implied while in the concern and about 2/3 of your solution can be eradicated. The proxy details should be: if you utilize an HT