Keepalive is a great performance optimization, even for icecap. It's not unreasonable that a user makes many requests to the same HTTP interface; we should be prepared to keep connections open for that.

On the other hand, it isn't necessarily secure by default for our multi-tenant environment; consider e.g. HTTP APIs where a frontend steals authentication headers, and then passes it through to a backend server already-authenticatedly.

I think it will be fine, iff keep-alive is opt-in, but it may be worth checking out if we can have separate keepalive "pools" with http-kit (or some other HTTP client).

This should also involve an integration test, so that we know if this is accidentally done by e.g. switching to a different web server.