Thanks! I was hoping someone would recognize that block page.
I expected that the block targets HTTP requests, but how did it get the hostname from an HTTPS request?
The browser used DNS over HTTPS to 1.1.1.1, then received the IP address for the domain. At this point, isn’t a browser’s HTTPS request encrypted, and only the IP address is known by the gateway?