This is true, but it reinforces why the compression should not be done at the secure transport layer, and should instead be left to higher levels: only HTTP knows which parts of the request are potentially unsafe to include in the same compression state.
(Even if HTTP probably just got lucky here rather than deliberately making the right choice, it's still the only layer that had the chance to make the right choice).
(Even if HTTP probably just got lucky here rather than deliberately making the right choice, it's still the only layer that had the chance to make the right choice).