Features

• Added the ability to inspect the invalid handshake requests and respond to
  them with a custom HTTP response. (6e5a5ce).

Bug fixes

• The handshake is now aborted if the Upgrade header field value in the HTTP
  response is not a case-insensitive match for the value "websocket" (0fdcc0a).
• The Authorization and Cookie headers are no longer sent when following an
  insecure redirect (wss: to ws:) to the same host (d68ba9e).