HTTP Really Isn't That Simple (and by extension Neither Is Your Outbound Web Filtering, Actually)
This article takes a close look at what stands in the way of filtering outbound HTTP to the wider web in a restricted server environment, shows how to evade typical filtering configuration using a relative of domain fronting, and presents some ideas for ways to plug this gap.