Sending custom per-request user-agent to HTTP proxies in CONNECT requests (deprecated)

When establishing an HTTPS connection over an HTTP/HTTPS/H2/QUIC proxy, we send a CONNECT request with its own set of headers. Currently, if the original HTTPS request had a custom user-agent string, we would send that with the CONNECT request, rather than the default user-agent header. We plan to remove this behavior, and just use the configured global user-agent header.


The main potential concern for removing this feature is that WebView developers, extension developers, and chromium forks could set per-request user-agent strings and coordinate with the proxy they configure to use it as a sort of poor-man's authentication. The behavior isn't reliably implemented, since requests with different user-agent headers are pooled, and preconnects can't set a user-agent header, so consumers can only be successfully depending on it in fairly limited contexts.

Status in Chromium


Deprecated (tracking bug) in:

  • Chrome for desktop release 73
  • Chrome for Android release 73
  • Chrome for iOS release 73
  • Android WebView release 73

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No public signals
  • No public signals
  • No public signals
  • No signals


Last updated on 2019-02-21