When establishing an HTTPS connection over an HTTP/HTTPS/H2/QUIC proxy, we send a CONNECT request with its own set of headers. Currently, if the original HTTPS request had a custom user-agent string, we would send that with the CONNECT request, rather than the default user-agent header. We plan to remove this behavior, and just use the configured global user-agent header.

Status in Chromium


Deprecated (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signals



The main potential concern for removing this feature is that WebView developers, extension developers, and chromium forks could set per-request user-agent strings and coordinate with the proxy they configure to use it as a sort of poor-man's authentication. The behavior isn't reliably implemented, since requests with different user-agent headers are pooled, and preconnects can't set a user-agent header, so consumers can only be successfully depending on it in fairly limited contexts.

Last updated on 2021-12-21