The fallback was necessary for servers that implemented version negotiation incorrectly. Now
    that 99.99% of servers do it right this fallback is obsolete.
 *  Fix: Do not honor cookies set on a public domain. Previously a malicious site could inject
    cookies on top-level domains like `co.uk` because our cookie parser didn't honor the [public
    suffix][public_suffix] list. Alongside this fix is a new API, `HttpUrl.topPrivateDomain()`,