Previously Cloud SWG used to remove Authorization header for Basic authentication from HTTP requests:
Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
This was implemented to avoid the sensitive information leaks as the header contents contains just a base64-encoded user credentials ("aladdin:opensesame" in the example above).
However this might have caused issues in some cases, e.g. SaaS applications weren't able to authenticate when working through Cloud SWG.
This behavior has changed and currently Cloud SWG does not remove any of original HTTP headers from the client request.
Cloud SWG with SSL Interception enabled.
If you suspect that your application is not working properly due to HTTP headers removal please test it using HTTP debugging services like https://www.httpdebugger.com/tools/viewbrowserheaders.aspx
This webpage displays all headers that have been found in the request.
You may add custom headers to a request using the 3rd-party software like Postman or command-line tools, e.g. curl:
curl -k -H "X-Custom-Header:customheadervalue" -o headers.html https://www.httpdebugger.com/tools/viewbrowserheaders.aspx
(the output will be saved to headers.html file: open it and check if "X-Custom-Header" is visible by the remote server):
If you can confirm that headers have been stripped out then open a Support case so the engineer can investigate that for you. Don't forget to attach the data confirming HTTP request manipulation (curl output, remote server logs if you have access to them etc.)