Users accessing internet sites via Cloud SWG using multiple access methods (Agents, IPSEC, Explicit, IPSEC).

After a Cloud SWG status page published maintenance update, some users reported problems accessing certain legacy web applications.

Problem appears to happen with applications using HTTP/1.0 and HTTP/1.1 only.

What changed with the maintenance update that could have triggered this issue?

Cloud SWG.

All access methods.

Applications parsing certain HTTP headers.

Enhancements to the Proxy updated as part of the maintenance events.

The following two changes were added with the update that caused the change in behaviour.

Enhancement to Preserve Client Header Casing in Policy Actions    
To maintain consistency with original client requests, the Edge SWG appliance now preserves the original header name casing. This casing comes from the client request when a policy action (such as Set or Append) modifies an existing client header in the upstream request. Previously, the appliance substituted the original casing with the policy-defined name.

NOTE: HTTP/2 traffic is unaffected by this behavior change, as the HTTP/2 protocol strictly mandates lowercase header names.

Enhancement to Preserve Client Header Order
Header processing on the Edge SWG appliance has been restructured to maintain the original ordering of client-supplied headers. Previously, client headers were reordered in the upstream request to the order in which policy modifications (such as set and append) were applied. Any policy-introduced headers that do not have a corresponding entry in the original client request are now appended after the original client headers.