The default proxy policy is 'Deny'.
There is no rule or policy to allow the HTTP CONNECT method.
The policy trace is showing the HTTP CONNECT method getting allowed like in the below transaction.
The proxy policy does not have a rule that explicitly deny the HTTP method CONNECT. However if there is a specific rule to deny it, then the verdict will be 'Denied' as shown in the policy trace below.
MATCH: DENY http.method=CONNECT
verdict: DENIED: Either 'deny' or 'exception' was matched in policy
The document below further confirms the behavior on the proxy for the CONNECT method where as you can see below by default, it gets allowed.
This is an expected behavior or by design due to how the proxy handles the HTTP CONNECT method.