That’s right, but basically dpi sends tcp reset in case of https or 302 redirect in case of http before target server response, since it’s located nearer. There’s a tool to bypass this, so you can read more there. https://github.com/ValdikSS/GoodbyeDPI