We have Qlik Sense September 2019 - 13.42.1

We are trying to access qlik from our company mobile app 

from qlik side, we added a virtual proxy and set the authentication method as "header authentication static user directory"

when accessing qlik 

curl -I -k -c cookie.txt "https://<qlik base usrl>/<virtual proxy>/hub/my/work" -H "<header-name>: userid"

receiving success response 

HTTP/1.1 200 OK
Set-Cookie: X-Qlik-Session-prefix={23DA935C-D834-43BA-AA16-9F1ADCB88879}:17652123-3146-41d7-ae63-7cf8271a0295; Path=/; HttpOnly; Secure

when trying from mobile browser or from curl passing same received cookie in other following requests, qlik respond "Could not authenticate the request: Expected an authentication header", while same session cookie is set in the request

curl 'https://<qlik base usrl>/<virtual proxy>/hub/stream/e7a976fd-eff3-426f-ad88-12c97bd6d22d' \
-H 'Connection: keep-alive' \
-H 'Pragma: no-cache' \
-H 'Cache-Control: no-cache' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'Sec-Fetch-Site: none' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-User: ?1' \
-H 'Sec-Fetch-Dest: document' \
-H 'Accept-Language: en-US,en;q=0.9,ar;q=0.8' \
-H 'Cookie: X-Qlik-Session-<prefix>={23DA935C-D834-43BA-AA16-9F1ADCB88879}:17652123-3146-41d7-ae63-7cf8271a0295' \
--compressed \

The only way to make it work by forcing browser to pass  user header in all  requests, which is not logic

Can you please help?