Why are certain requests are referenced as tcp:// instead of https:// in the Access Log?
You want to know why certain requests are referenced as tcp:// instead of https:// in the Access Log

In a CONNECT tunnel, the proxy has no idea what layer 7 protocol is being used. The layer 7 protocol could be HTTPS, but it could be something else as well, even on port 443. Some people tunnel non-HTTPS protocols over port 443 as a way to evade firewalls. All the proxy really knows about the traffic traveling over a CONNECT tunnel is that the layer 4 protocol is TCP, so that is how the request is referenced. It would be misleading to automatically assume that the protocol was HTTPS.