moarcode

Do you think that it will be sufficient to check if server uses HTTP 1.1 since this attack is possible for that protocol version only?

I think there is no sane reason to keep HTTP 1.1 if there is version 2.0 which cuts this vulnerability off, but you are right, not all HTTP 1.1 servers...