diff --git a/meshcore/agentcore.c b/meshcore/agentcore.c
index b89c9cc..0cb3bfe 100644
--- a/meshcore/agentcore.c
+++ b/meshcore/agentcore.c
@@ -1961,11 +1961,6 @@ void ILibDuktape_MeshAgent_Init(duk_context* ctx, void *chain, MeshAgentHostCont
 	duk_put_prop_string(ctx, -2, "MeshAgentPtr");	// [stash]
 	duk_pop(ctx);									// ...
 	ILibDuktape_ModSearch_AddHandler(ctx, "MeshAgent", ILibDuktape_MeshAgent_PUSH);
-
-	if (agent->webSocketMaskOverride != 0)
-	{
-		duk_peval_string_noresult(ctx, "Object.defineProperty(require('https'), '_webSocketMaskOverride', { value: true });");
-	}
 }
 
 /* ------------------------------ 
@@ -3228,6 +3223,7 @@ void MeshServer_ProcessCommand(ILibWebClient_StateObject WebStateObject, MeshAge
 		}
 		case MeshCommand_AgentUpdate:
 		{
+			if (agent->disableUpdate != 0) { break; }	 // Ignore if updates are disabled
 #ifdef WIN32
 			char* updateFilePath = MeshAgent_MakeAbsolutePath(agent->exePath, ".update.exe");
 #else
@@ -3317,6 +3313,8 @@ void MeshServer_ProcessCommand(ILibWebClient_StateObject WebStateObject, MeshAge
 		}
 		case MeshCommand_AgentUpdateBlock:
 		{
+			if (agent->disableUpdate != 0) { break; }	 // Ignore if updates are disabled
+
 			// Write the mesh agent block to file
 			int retryCount = 0;
 #ifdef WIN32
@@ -3857,7 +3855,6 @@ void MeshServer_ConnectEx(MeshAgentHostContainer *agent)
 		if (agent->logUpdate != 0 || agent->controlChannelDebug != 0) { ILIBLOGMESSAGEX("Connecting to: %s", agent->serveruri); }
 
 		ILibWebClient_AddWebSocketRequestHeaders(req, 65535, MeshServer_OnSendOK);
-		if (agent->webSocketMaskOverride != 0) { ILibHTTPPacket_Stash_Put(req, "_WebSocketMaskOverride", 22, (void*)(uintptr_t)0x01); }
 
 		void **tmp = ILibMemory_SmartAllocate(2 * sizeof(void*));
 		agent->controlChannelRequest = tmp;
@@ -5078,7 +5075,6 @@ int MeshAgent_AgentMode(MeshAgentHostContainer *agentHost, int paramLen, char **
 		// Check if there is a CoreModule in the db
 		char *CoreModule;
 		int CoreModuleLen = agentHost->localScript == 0 ? ILibSimpleDataStore_Get(agentHost->masterDb, "CoreModule", NULL, 0) : 0;
-		agentHost->webSocketMaskOverride = ILibSimpleDataStore_Get(agentHost->masterDb, "webSocketMaskOverride", NULL, 0);
 		if (ILibSimpleDataStore_Get(agentHost->masterDb, "jsDebugPort", NULL, 0) != 0)
 		{
 			char tmp[16];
diff --git a/meshcore/agentcore.h b/meshcore/agentcore.h
index 77866a8..d828f8f 100644
--- a/meshcore/agentcore.h
+++ b/meshcore/agentcore.h
@@ -205,9 +205,9 @@ typedef struct MeshAgentHostContainer
 	int fakeUpdate;
 	int controlChannelDebug;
 	void *coreTimeout;
-	int webSocketMaskOverride;
 	int jsDebugPort;
 	int coreDumpEnabled;
+	int localConsentMask;
 
 	char agentHash[UTIL_SHA384_HASHSIZE];
 	char serverHash[UTIL_SHA384_HASHSIZE];
@@ -283,7 +283,6 @@ remoteMouseRender:			If set, will always render the remote mouse cursor for KVM
 showModuleNames:			If set, will display the name of modules when they are loaded for the first time
 slaveKvmLog:				[Linux] If set, will enable logging inside the Child KVM Process.
 WebProxy:					Manually specify proxy configuration
-webSocketMaskOverride:		If set, will disable the optimzation to skip WebSocket Masking for TLS protected Web Sockets
 *
 *
 */
diff --git a/microscript/ILibDuktape_HttpStream.c b/microscript/ILibDuktape_HttpStream.c
index 71df6ea..240ce72 100644
--- a/microscript/ILibDuktape_HttpStream.c
+++ b/microscript/ILibDuktape_HttpStream.c
@@ -553,23 +553,6 @@ duk_ret_t ILibDuktape_HttpStream_http_onUpgrade(duk_context *ctx)
 	duk_push_int(ctx, cmwb); duk_put_prop_string(ctx, -2, "clientMaxWindowBits");
 	duk_new(ctx, 2);															// [HTTPStream][readable][ext][websocket]
 	duk_remove(ctx, -2);														// [HTTPStream][readable][websocket]
-	if (strcmp(Duktape_GetStringPropertyValue(ctx, -3, ILibDuktape_OBJID, "http.httpStream"), "https.httpStream") == 0) 
-	{
-		ILibDuktape_WriteID(ctx, "https.WebSocketStream");
-		ILibDuktape_WebSocket_State *state = Duktape_GetBufferProperty(ctx, -1, ILibDuktape_WebSocket_StatePtr);
-		if (state != NULL) 
-		{
-			state->noMasking = 1;
-			if (duk_peval_string(ctx, "(function _getOverride(){return(require('https')._webSocketMaskOverride);})();") == 0)	// [result]
-			{
-				if (duk_to_boolean(ctx, -1))
-				{
-					state->noMasking = 0;
-				}
-			}
-			duk_pop(ctx);																										// ...
-		}
-	}
 	
 	ILibChain_Link_SetMetadata(Duktape_GetPointerProperty(ctx, -2, ILibDuktape_ChainLinkPtr), Duktape_GetStringPropertyValue(ctx, -1, ILibDuktape_OBJID, "http.webSocketStream"));
 	
diff --git a/microstack/ILibAsyncSocket.c b/microstack/ILibAsyncSocket.c
index e6be504..6827aae 100644
--- a/microstack/ILibAsyncSocket.c
+++ b/microstack/ILibAsyncSocket.c
@@ -1074,6 +1074,10 @@ void ILibAsyncSocket_ConnectToProxy(void* socketModule, struct sockaddr *localIn
 
 	if (proxyAddress != NULL) memcpy_s(&(module->ProxyAddress), sizeof(struct sockaddr_in6), proxyAddress, INET_SOCKADDR_LENGTH(proxyAddress->sa_family));
 	ILibAsyncSocket_ConnectTo(socketModule, localInterface, remoteAddress, InterruptPtr, user);
+}
+void ILibAsyncSocket_ConnectToProxyEx(void* socketModule, struct sockaddr *localInterface, char *remoteAddressAndPort, struct sockaddr *proxyAddress, char* proxyUser, char* proxyPass, ILibAsyncSocket_OnInterrupt InterruptPtr, void *user)
+{
+
 }
 #endif
 #ifndef MICROSTACK_NOTLS
diff --git a/microstack/ILibAsyncSocket.h b/microstack/ILibAsyncSocket.h
index fedfd1a..c5aa7f6 100644
--- a/microstack/ILibAsyncSocket.h
+++ b/microstack/ILibAsyncSocket.h
@@ -177,6 +177,7 @@ void ILibAsyncSocket_ConnectTo(void* socketModule, struct sockaddr *localInterfa
 #ifdef MICROSTACK_PROXY
 void ILibAsyncSocket_ClearProxySettings(void *socketModule);
 void ILibAsyncSocket_ConnectToProxy(void* socketModule, struct sockaddr *localInterface, struct sockaddr *remoteAddress, struct sockaddr *proxyAddress, char* proxyUser, char* proxyPass, ILibAsyncSocket_OnInterrupt InterruptPtr, void *user);
+void ILibAsyncSocket_ConnectToProxyEx(void* socketModule, struct sockaddr *localInterface, char *remoteAddressAndPort, struct sockaddr *proxyAddress, char* proxyUser, char* proxyPass, ILibAsyncSocket_OnInterrupt InterruptPtr, void *user);
 #endif
 
 enum ILibAsyncSocket_SendStatus ILibAsyncSocket_SendTo_MultiWrite(ILibAsyncSocket_SocketModule socketModule, struct sockaddr *remoteAddress, unsigned int count, ...);
diff --git a/microstack/ILibWebClient.c b/microstack/ILibWebClient.c
index e259b82..7982b9b 100644
--- a/microstack/ILibWebClient.c
+++ b/microstack/ILibWebClient.c
@@ -211,7 +211,6 @@ typedef struct ILibWebClientDataObject
 	struct sockaddr_in6 proxy;
 	struct ILibWebClientManager *Parent;
 	char* DigestData;
-	int webSocketMaskOverride;
 
 	int PendingConnectionIndex;
 
@@ -565,7 +564,6 @@ void ILibWebClient_ResetWCDO(struct ILibWebClientDataObject *wcdo)
 		// Check the cancel request in the timer list
 		if ( plrt->timer != NULL ) ILibLifeTime_Remove(plrt->timer, plrt);
 	}
-	wcdo->webSocketMaskOverride = 0;
 	wcdo->PAUSE = 0;
 	wcdo->CancelRequest = 0;
 	wcdo->Chunked = 0;
@@ -1243,12 +1241,6 @@ ILibAsyncSocket_SendStatus ILibWebClient_WebSocket_Send(ILibWebClient_StateObjec
 	if (wr == NULL) { return RetVal; }
 	state = ILibWebClient_WebSocket_GetState(wr);
 
-#ifndef MICROSTACK_NOTLS
-#ifdef MICROSTACK_TLS_DETECT
-	if (wcdo->webSocketMaskOverride == 0 && ILibAsyncSocket_IsUsingTls(wcdo->SOCK) == 1) flags = 0; // If we are using TLS, disable websocket masking
-#endif
-#endif
-
 	ILibSpinLock_Lock(ILibAsyncSocket_GetSpinLock(wcdo->SOCK));
 	while (i < _bufferLen)
 	{
@@ -1287,7 +1279,8 @@ ILibAsyncSocket_SendStatus ILibWebClient_WebSocket_Send(ILibWebClient_StateObjec
 			}
 		}
 
-		if (flags & WEBSOCKET_MASK) {
+		if (flags & WEBSOCKET_MASK) 
+		{
 			// Mask the payload
 			util_random(4, maskKey);
 			maskKeyInt = ((int*)maskKey)[0];
@@ -1298,7 +1291,9 @@ ILibAsyncSocket_SendStatus ILibWebClient_WebSocket_Send(ILibWebClient_StateObjec
 				//for (x = 0; x < bufferLen; ++x) { dataFrame[x] = buffer[x] ^ maskKey[x % 4]; } // This is the slower version
 			}
 			RetVal = ILibAsyncSocket_SendTo_MultiWrite(wcdo->SOCK, NULL, 3 | ILibAsyncSocket_LOCK_OVERRIDE, header, (size_t)headerLen, ILibAsyncSocket_MemoryOwnership_USER, maskKey, (size_t)4, ILibAsyncSocket_MemoryOwnership_USER, dataFrame, (size_t)bufferLen, ILibAsyncSocket_MemoryOwnership_USER);
-		} else {
+		} 
+		else
+		{
 			// Send payload without masking
 			RetVal = ILibAsyncSocket_SendTo_MultiWrite(wcdo->SOCK, NULL, 2 | ILibAsyncSocket_LOCK_OVERRIDE, header, (size_t)headerLen, ILibAsyncSocket_MemoryOwnership_USER, buffer, (size_t)bufferLen, ILibAsyncSocket_MemoryOwnership_USER);
 		}
@@ -2617,7 +2612,6 @@ ILibWebClient_RequestToken ILibWebClient_PipelineRequest(
 		((ILibWebClient_PipelineRequestToken*)retVal)->WebSocketKey = tokenWebSocketKey;
 		((ILibWebClient_PipelineRequestToken*)retVal)->WebSocketMaxBuffer = u.i;
 		((ILibWebClient_PipelineRequestToken*)retVal)->WebSocketSendOK = ILibHTTPPacket_Stash_Get(packet, "_WebSocketOnSendOK", 18);
-		if (ILibHTTPPacket_Stash_HasKey(packet, "_WebSocketMaskOverride", 22)) { wcdo->webSocketMaskOverride = 1; }
 
 		for (i = 0; i < wcm->MaxConnectionsToSameServer; ++i)
 		{