The list of reviewed security issues is fetch using http. The default url is in extension.xwiki.org which is being cloudflare. And, cloudflare stared rejecting requests missing an user agent. Therefore, it's safer to define a user agent.