Postcards from the post-HTTP world: Amplification of HTTPS vulnerabilities in the web ecosystem