Is there a specific need to send a unique user agent string as opposed to identifying requests in another way? One use case is to use unique User-Agent to decide should the proxy only tunnel the request or try to intercept it. Anyway I'm testing this and it looks like only requests from WebKit don't send the custom User-Agent in the CONNECT request. For example opening a web page in Reddit app now uses: "com.apple.WebKit.Networking/8610.1.25.0.2 CFNetwork/1191.2 Darwin/20.0.0" when it used to be something like: "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1" All the other requests in Reddit app still use User-Agent: Reddit/.... Can some one from Apple confirm that this is the case? This only applies to WebKit, and all other requests still send the custom User-Agent header in CONNECT requests. EDIT: I tested a bit more and yes this applies to all requests. By default NSURLSession uses User-Agent that is composed like this: <AppName>/<AppVersion> CFNetwork/<CFNetworkVersion> Darwin/<DarwinVersion> The developer can customize the User-Agent by using this API: https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1411532-httpadditionalheaders In iOS 13 this customized User-Agent was sent in CONNECT requests to proxy. But in iOS 14 the default NSURLSession User-Agent is always sent with the CONNECT request. Apple, am I correct? Can you elaborate?