I don’t quite get how it’s being injected in https requests… do they inject their own https cert?