I am in no way a WebSocket expert but I think the only opportunity to grab the HTTP(S) headers is during the WS upgrade request. Post that, I found no HTTP headers are available. One thing that helped me tremendously is this article on Heroku: https://devcenter.heroku.com/articles/websocket-security#authentication-authorization
Once a WS connection is established, I don't think you can leverage the interceptor model, at least not in a straight-forward way. I think that's designed for HTTP only.