Wait, what? Outbound HTTP is enough to get your account shut down? The hell! What if your web-app is utilising any API in the world, the vast majority are over HTTP/S utilising JSON or XML (and sometimes you need back end API access rather than client API access, like updating a product database).
Officially, no. Actually we've been doing a lot of outbound HTTP for years with no problems. But somebody (they won't tell me who) complained, and they "investigated" and decided that something we're doing looks malicious, but won't tell me exactly what. They just sent me an unhelpful network trace.
It's still possible there is something malicious going on, but they've been stunningly unhelpful in finding it. Mostly they've just asserted that there's a needle somewhere in our haystack, and we'd better go find it. They've been threatening to shut us down, but haven't actually done it.
