Sort of a self-answer, now that i read more about this issue. The problem is not on the frontend (browser --> server), but with shared connections in the backend. E.g. you have a reverse proxy in place. Whats relevant is that the connection between the reverse proxy and the backend server should be HTTP/2.

Note that disabling HTTP/1 between the browser and the front-end is not required. These connections are rarely shared between different users and, as a result, they’re significantly less dangerous. Just ensure they’re converted to HTTP/2 upstream.