As a Spectre mitigation, webkit_uri_response_get_http_headers() no longer returns all HTTP headers. E.g. cookie headers are pruned to prevent a website from abusing Spectre to read cookies associated with an iframe from memory. This is an API break, but it's probably unavoidable. We should document it, though. Problem is it's really hard to use this API if the set of headers that get pruned changes incompatibly in the future versions of WebKit. :/