Yes, we control the server and have already considered some workarounds for these situations. I can't discuss the details for security reasons, but they would reduce the implementation's security and fail to meet the requirements. The ideal solution for us would be to disable this behavior on the HTTP client.

Yes, we have seen this happen on GET requests only, but please consider that at the moment we have found only two of these events as we are doing a private test with few devices and this is not yet released to the public.