User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0 Build ID: 20160623154057 Steps to reproduce: 1. Run HTTP/2 proxy (nghttpx + squid) 2. Configure Firefox to use HTTP/2 proxy 3. Just run Firefox Actual results: While I was looking at the logs at nghttpx, I found that strange request came from Firefox. The hex string is like this: 00000000 43 4f 4e 4e 45 43 54 20 6f 63 73 70 2e 64 69 67 |CONNECT ocsp.dig| 00000010 69 63 65 72 74 2e 63 6f 6d 3a 38 30 20 48 54 54 |icert.com:80 HTT| 00000020 50 2f 31 2e 31 0d 0a 55 73 65 72 2d 41 67 65 6e |P/1.1..User-Agen| 00000030 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 |t: Mozilla/5.0 (| 00000040 58 31 31 3b 20 4c 69 6e 75 78 20 78 38 36 5f 36 |X11; Linux x86_6| 00000050 34 3b 20 72 76 3a 35 30 2e 30 29 20 47 65 63 6b |4; rv:50.0) Geck| 00000060 6f 2f 32 30 31 30 30 31 30 31 20 46 69 72 65 66 |o/20100101 Firef| 00000070 6f 78 2f 35 30 2e 30 0d 0a 50 72 6f 78 79 2d 43 |ox/50.0..Proxy-C| 00000080 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d |onnection: keep-| 00000090 61 6c 69 76 65 0d 0a 43 6f 6e 6e 65 63 74 69 6f |alive..Connectio| 000000a0 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 48 |n: keep-alive..H| 000000b0 6f 73 74 3a 20 6f 63 73 70 2e 64 69 67 69 63 65 |ost: ocsp.digice| 000000c0 72 74 2e 63 6f 6d 3a 38 30 0d 0a 0d 0a |rt.com:80....| So this looks like OCSP request to ocsp.digcert.com, but somehow Firefix uses CONNECT method for port 80. My squid is configured not to pass CONNECT request against port 80, this is responded by 403. I was wondering this was my configuration issue. So I ran Firefox using normal HTTP/1.1 proxy. Then the request line is quite normal: 00000000 50 4f 53 54 20 68 74 74 70 3a 2f 2f 6f 63 73 70 |POST http://ocsp| 00000010 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 20 48 |.digicert.com/ H| 00000020 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 6f |TTP/1.1..Host: o| 00000030 63 73 70 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d |csp.digicert.com| 00000040 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f |..User-Agent: Mo| 00000050 7a 69 6c 6c 61 2f 35 2e 30 20 28 58 31 31 3b 20 |zilla/5.0 (X11; | 00000060 4c 69 6e 75 78 20 78 38 36 5f 36 34 3b 20 72 76 |Linux x86_64; rv| 00000070 3a 35 30 2e 30 29 20 47 65 63 6b 6f 2f 32 30 31 |:50.0) Gecko/201| 00000080 30 30 31 30 31 20 46 69 72 65 66 6f 78 2f 35 30 |00101 Firefox/50| 00000090 2e 30 0d 0a 41 63 63 65 70 74 3a 20 74 65 78 74 |.0..Accept: text| 000000a0 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f |/html,applicatio| 000000b0 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 6c |n/xhtml+xml,appl| 000000c0 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 2e |ication/xml;q=0.| 000000d0 39 2c 2a 2f 2a 3b 71 3d 30 2e 38 0d 0a 41 63 63 |9,*/*;q=0.8..Acc| 000000e0 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e |ept-Language: en| 000000f0 2d 55 53 2c 65 6e 3b 71 3d 30 2e 35 0d 0a 41 63 |-US,en;q=0.5..Ac| 00000100 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 |cept-Encoding: g| 00000110 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d 0a 43 6f |zip, deflate..Co| 00000120 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 38 33 |ntent-Length: 83| 00000130 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 |..Content-Type: | 00000140 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 73 70 |application/ocsp| 00000150 2d 72 65 71 75 65 73 74 0d 0a 43 6f 6e 6e 65 63 |-request..Connec| 00000160 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 |tion: keep-alive| Is this intended behaviour? With my environment, this is quite reproducible. I got these logs just after Firefox is started, and without actively browsing any site. Expected results: For port 80, Firefox should use normal POST request rather CONNECT with HTTP/2 proxy.

I forgot to mention that the first request described above came from HTTP/1.1 connection (http/1.1 was negotiated via ALPN).

This looks the same as bug 1253699, just no assertion because you're running a release build instead of a debug build.