Thank you for your previous guidance — I followed your advice and implemented NEURLFilterManager with the url-filter-provider entitlement (added via Signing & Capabilities → Network Extensions → URL Filter). My PIR server and Privacy Pass issuer are running at https://dropbet-pir.fly.dev, and the /.well-known/private-token-issuer-directory endpoint returns HTTP 200 with a valid response. However, when calling NEURLFilterManager.saveToPreferences() on a development build on my own device (iOS 26.5), I receive: NEURLFilterManager.Error code 1 — configurationInvalid Is this expected for a development build without the OHTTP relay, or does the entitlement require an additional approval step even for development testing? Best regards,

Thank you for your response. Two follow-up questions: The url-filter-provider capability does not appear in the Capability Requests tab of my developer portal. Could you advise how to request it for com.dropbet.DropBet (App Store ID: 6762567708)? Regarding the OHTTP relay onboarding form (developer.apple.com/contact/request/network-extension-url-filter): does the full PIR server + Privacy Pass infrastructure need to be deployed and running before submitting the form, or can the request be submitted earlier in the process? Best regards