I've noticed that Catalina respects network proxy settings for OCSP if it's set to SOCKs.
I haven't found a repo that acts as a simple SOCKs proxy with filtering capabilities based on full URL, but if you know one, it'd be great, because then, you could simply block URLs containing 'devid', or maybe even more granular, as to for example, block the OCSP request if it has the Firefox developer ID in it.
Btw, if you've access to Big Sur or newer, could you confirm if it uses TLS-wrapped OCSP? I read here about it, but just wanna be sure.
Moreover, do you know why the developer ID of some apps is twice as long as normal? Tor is one such instance. Although it always issues a "timestamp mismatch" when generating the OCSP files using the codesign -d --extract-certificates="OCSP_"
command.