In rare scenarios Edge SWG administrator may want to disable/enable authentication based on whether HTTP header exists. This article provides CPL code which achieves this goal. 

The following CPL code disables authentication if HTTP request does not contain user-agent header

<proxy>
request.header.user-agent.exists=no authenticate(no)

$ nc IPADDR 8080
CONNECT www.example.com:443 HTTP/1.1
Host: www.example.com:443

HTTP/1.1 200 Connection established

$ nc IPADDR 8080
CONNECT www.example.com:443 HTTP/1.1
Host: www.example.com:443
User-Agent: Mozilla

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE
Proxy-Authenticate: NTLM
Proxy-Authenticate: BASIC realm="REALMNAME"
Cache-Control: no-cache
X-XSS-Protection: 1
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 8452
Pragma: no-cache

This CPL code should be placed in CPL layer below Web authentication layer.