This text mentions that requests will be treated as concurrent users with multiple connections. This would be totally fine, if I managed to send the SessionID Cookie so the system recognizes multiple requests coming from the same user. 

However, each request is treated as a new user, as I am unable to send the cookie with XMLHttpRequests whereas the CSP.Broker Method is able to send the Cookie.

I'm a little confused now... 

When talking about a normal external Apache server, you would only need to add a couple of Cypher Suite Keys and change the protocol version. 
Intersystems Webgate also uses Apache Web Server as far as I can see in the Webgate Management. 
How come I need to add python code to my application in order for a browser to send its request via HTTP/2? 

I'm not really that well trained in server management but I feel like there is something I'm missing here. 

Why is the application responsible for the request instead of the apache server?