iOS 10 “Starting WebFilter logging for process” + Proxy-Authorization header removed from request

Starting from iOS 10 I noticed such logs in my app

yyyy-MM-dd HH:mm:sss HelloWorld[XXX:XXXXXX] WF: === Starting WebFilter logging for process HelloWorld
yyyy-MM-dd HH:mm:sss HelloWorld[XXX:XXXXXX] WF: _userSettingsForUser mobile: {
    filterBlacklist =     (
    );
    filterWhitelist =     (
    );
    restrictWeb = 1;
    useContentFilter = 0;
    useContentFilterOverrides = 0;
    whitelistEnabled = 0;
}
yyyy-MM-dd HH:mm:sss HelloWorld[XXX:XXXXXX] WF: _WebFilterIsActive returning: NO

I have reviewed iOS 10 Release notes but there is no info about WebFilter feature

  • How can I make and connect a spreadsheet to my code using the Google Sheets API?
  • 360 degrees spinnable object from a photographed real object
  • Push notifications aren't send to some devices
  • Delegate in Swift-language
  • segue loading viewcontroller but not displaying it
  • cURL request using Alamofire
  • Also I noticed that for some sites Proxy-Authorization removed from request (I use programmatically configured proxy) and this issue started from iOS 10.

    Anybody can throw a light on this?

    Update 1

    I found stable case when this happens

    1. WebView request / for some site example.org over https
    2. Received html contains http link to some resource (image for css) like http://example.org/icon.png
    3. This lead to Header removal

    2 Solutions Collect From Internet About “iOS 10 “Starting WebFilter logging for process” + Proxy-Authorization header removed from request”

    Check the site with Chrome Developer Tools and you will most likely find a warning like Mixed Content: The page at '...' as loaded over HTTPS, but requested an insecure resource '...'. This content should also be served over HTTPS.

    According to Apple the “Content Security Policy (CSP) support” in Safari 10 “has been enhanced by including version 2.0 of the standard.” It seems that this includes iOS 10 as well.

    Have a look here about the CSP levels: https://content-security-policy.com

    I was facing the same problem, the reason at my case was,I had tried to open video of .webm extension in iframe.When I changed extension of video from .webm to .mov or .mp4 the issue was solved.