I received a response to my feedback (FB9605687). Apple Response: Investigation complete - Works as currently designed Please know that our engineering team has determined that this issue behaves as intended based on the information provided. Ppecifying the user-agent is a "should", not a "must". My Response: This is unfortunate in my opinion, but the nearest I can figure is that I did not articulate my concerns clearly. I understand that RFC 2616 indicates the User-Agent header "SHOULD" be included (as opposed to "MUST"), but there are good reasons (among them are privacy and security) that you "SHOULD" include it. Again, I can only assume this was a failure on my part to communicate the primary concerns around privacy and security rather than being unconditionally compliant with the HTTP standard. I ask that you please reconsider your position so that otherwise private Internet traffic does not start getting targeted for decryption and inspection when it doesn't need to be.

Ok got it, bug number is: FB9605687

Ok thanks, just submitted.