All decent VPN protocols should masquerade as HTTP/2 or HTTP/3. For this reason WireGuard is pretty useless as it can be easily detected (and it is not secure because requires running code at the kernel).
I disagree. I think it's good that implementing a secure network tunnel and obfuscation are separate. WireGuard can handle the secure tunnel functionality while I can apply any sort of obfuscation protocol on top of it without worrying about its security or having to reconfigure the network, like udp2raw, iodine, shadowsocks, websockets, etc.
