-@item Effective responses proxying, without storing them in the memory first.
-
-@item TLS connection between client and @command{tofuproxy} has the
- proper hostname set in ephemeral on-the-fly generated certificate.
-
-@item @code{HEAD} method is forbidden, because of damned Xombrero loving
- making it so much. Can live without it.
-
-@item @code{www.reddit.com} is redirected to @code{old.reddit.com}.
-
-@item Various spying domains (advertisement, tracking counters) are
- responded with 404 error.
-
-@item All HTTP redirects are replaced with HTML page with the link.
- However temporary redirects are passed as is for @code{newsboat}
- User-Agent.
-
-@item Default Go's checks are applied to all certificates. If they pass,
- then certificate chain is saved on the disk. Future connections are
- compared against it, warning you about SPKI change and waiting for
- your decision either to accept new chain (possibly once per
- session), or reject it.
-
-@item Even when native Go's checks are failed, you can still make a
- decision to forcefully trust the domain.