HTTPS over HTTP(S) is not possible

Say you want to make a CORS proxy that can't see what it's passing through. It seems the norm is to use Wisp or similar over WebSockets, but that seems bloated. In the woke year of 2025, surely we can proxy a request without WebSockets or complicated transports? Surely fetch can do the trick?

Unfortunately, no - WebSockets aren't only for minimizing overhead. HTTP requires you to send the full request before getting a response (what they call half duplexing). No full duplexing means no TLS means no HTTPS. This is even true for HTTP 2 and 3 if you're in a browser, because as Jake Archibald notes, "receiving the response while you're still sending the request [...] isn't supported by any browser."