diff --git a/proxy/proxy_test.go b/proxy/proxy_test.go
index 384298c3..94ef90ab 100644
--- a/proxy/proxy_test.go
+++ b/proxy/proxy_test.go
@@ -465,11 +465,10 @@ func (r *replayer) Bytes() []byte {
 // eyeball sends tcp packets wrapped in websockets. (E.g: cloudflared access).
 func TestConnections(t *testing.T) {
 	logger := logger.Create(nil)
-	replayer := &replayer{rw: &bytes.Buffer{}}
 	type args struct {
 		ingressServiceScheme  string
 		originService         func(*testing.T, net.Listener)
-		eyeballResponseWriter connection.ResponseWriter
+		eyeballResponseWriter func(io.Writer) connection.ResponseWriter
 		eyeballRequestBody    io.ReadCloser
 
 		// Can be set to nil to show warp routing is not enabled.
@@ -496,11 +495,13 @@ func TestConnections(t *testing.T) {
 		{
 			name: "ws-ws proxy",
 			args: args{
-				ingressServiceScheme:  "ws://",
-				originService:         runEchoWSService,
-				eyeballResponseWriter: newWSRespWriter(replayer),
-				eyeballRequestBody:    newWSRequestBody([]byte("test1")),
-				connectionType:        connection.TypeWebsocket,
+				ingressServiceScheme: "ws://",
+				originService:        runEchoWSService,
+				eyeballResponseWriter: func(w io.Writer) connection.ResponseWriter {
+					return newWSRespWriter(w)
+				},
+				eyeballRequestBody: newWSRequestBody([]byte("test1")),
+				connectionType:     connection.TypeWebsocket,
 				requestHeaders: map[string][]string{
 					// Example key from https://tools.ietf.org/html/rfc6455#section-1.2
 					"Sec-Websocket-Key":     {"dGhlIHNhbXBsZSBub25jZQ=="},
@@ -520,12 +521,14 @@ func TestConnections(t *testing.T) {
 		{
 			name: "tcp-tcp proxy",
 			args: args{
-				ingressServiceScheme:  "tcp://",
-				originService:         runEchoTCPService,
-				eyeballResponseWriter: newTCPRespWriter(replayer),
-				eyeballRequestBody:    newTCPRequestBody([]byte("test2")),
-				warpRoutingService:    ingress.NewWarpRoutingService(testWarpRouting),
-				connectionType:        connection.TypeTCP,
+				ingressServiceScheme: "tcp://",
+				originService:        runEchoTCPService,
+				eyeballResponseWriter: func(w io.Writer) connection.ResponseWriter {
+					return newTCPRespWriter(w)
+				},
+				eyeballRequestBody: newTCPRequestBody([]byte("test2")),
+				warpRoutingService: ingress.NewWarpRoutingService(testWarpRouting),
+				connectionType:     connection.TypeTCP,
 				requestHeaders: map[string][]string{
 					"Cf-Cloudflared-Proxy-Src": {"non-blank-value"},
 				},
@@ -558,11 +561,13 @@ func TestConnections(t *testing.T) {
 		{
 			name: "ws-tcp proxy",
 			args: args{
-				ingressServiceScheme:  "tcp://",
-				originService:         runEchoTCPService,
-				eyeballResponseWriter: newWSRespWriter(replayer),
-				eyeballRequestBody:    newWSRequestBody([]byte("test4")),
-				connectionType:        connection.TypeWebsocket,
+				ingressServiceScheme: "tcp://",
+				originService:        runEchoTCPService,
+				eyeballResponseWriter: func(w io.Writer) connection.ResponseWriter {
+					return newWSRespWriter(w)
+				},
+				eyeballRequestBody: newWSRequestBody([]byte("test4")),
+				connectionType:     connection.TypeWebsocket,
 				requestHeaders: map[string][]string{
 					// Example key from https://tools.ietf.org/html/rfc6455#section-1.2
 					"Sec-Websocket-Key": {"dGhlIHNhbXBsZSBub25jZQ=="},
@@ -581,45 +586,51 @@ func TestConnections(t *testing.T) {
 			// Send (unexpected) HTTP when origin expects WS (to unwrap for raw TCP)
 			name: "http-(ws)tcp proxy",
 			args: args{
-				ingressServiceScheme:  "tcp://",
-				originService:         runEchoTCPService,
-				eyeballResponseWriter: newMockHTTPRespWriter(),
-				eyeballRequestBody:    http.NoBody,
-				connectionType:        connection.TypeHTTP,
+				ingressServiceScheme: "tcp://",
+				originService:        runEchoTCPService,
+				eyeballResponseWriter: func(_ io.Writer) connection.ResponseWriter {
+					return newMockHTTPRespWriter()
+				},
+				eyeballRequestBody: http.NoBody,
+				connectionType:     connection.TypeHTTP,
 				requestHeaders: map[string][]string{
 					"Cf-Cloudflared-Proxy-Src": {"non-blank-value"},
 				},
 			},
 			want: want{
-				message: []byte{},
+				message: nil,
 				headers: map[string][]string{},
 			},
 		},
 		{
 			name: "tcp-tcp proxy without warpRoutingService enabled",
 			args: args{
-				ingressServiceScheme:  "tcp://",
-				originService:         runEchoTCPService,
-				eyeballResponseWriter: newTCPRespWriter(replayer),
-				eyeballRequestBody:    newTCPRequestBody([]byte("test2")),
-				connectionType:        connection.TypeTCP,
+				ingressServiceScheme: "tcp://",
+				originService:        runEchoTCPService,
+				eyeballResponseWriter: func(w io.Writer) connection.ResponseWriter {
+					return newTCPRespWriter(w)
+				},
+				eyeballRequestBody: newTCPRequestBody([]byte("test2")),
+				connectionType:     connection.TypeTCP,
 				requestHeaders: map[string][]string{
 					"Cf-Cloudflared-Proxy-Src": {"non-blank-value"},
 				},
 			},
 			want: want{
-				message: []byte{},
+				message: nil,
 				err:     true,
 			},
 		},
 		{
 			name: "ws-ws proxy when origin is different",
 			args: args{
-				ingressServiceScheme:  "ws://",
-				originService:         runEchoWSService,
-				eyeballResponseWriter: newWSRespWriter(replayer),
-				eyeballRequestBody:    newWSRequestBody([]byte("test1")),
-				connectionType:        connection.TypeWebsocket,
+				ingressServiceScheme: "ws://",
+				originService:        runEchoWSService,
+				eyeballResponseWriter: func(w io.Writer) connection.ResponseWriter {
+					return newWSRespWriter(w)
+				},
+				eyeballRequestBody: newWSRequestBody([]byte("test1")),
+				connectionType:     connection.TypeWebsocket,
 				requestHeaders: map[string][]string{
 					// Example key from https://tools.ietf.org/html/rfc6455#section-1.2
 					"Sec-Websocket-Key": {"dGhlIHNhbXBsZSBub25jZQ=="},
@@ -645,15 +656,17 @@ func TestConnections(t *testing.T) {
 					// closing the listener created by the test.
 					ln.Close()
 				},
-				eyeballResponseWriter: newTCPRespWriter(replayer),
-				eyeballRequestBody:    newTCPRequestBody([]byte("test2")),
-				connectionType:        connection.TypeTCP,
+				eyeballResponseWriter: func(w io.Writer) connection.ResponseWriter {
+					return newTCPRespWriter(w)
+				},
+				eyeballRequestBody: newTCPRequestBody([]byte("test2")),
+				connectionType:     connection.TypeTCP,
 				requestHeaders: map[string][]string{
 					"Cf-Cloudflared-Proxy-Src": {"non-blank-value"},
 				},
 			},
 			want: want{
-				message: []byte{},
+				message: nil,
 				err:     true,
 			},
 		},
@@ -661,6 +674,7 @@ func TestConnections(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
+			replayer := &replayer{rw: &bytes.Buffer{}}
 			ctx, cancel := context.WithCancel(context.Background())
 			ln, err := net.Listen("tcp", "127.0.0.1:0")
 			require.NoError(t, err)
@@ -681,15 +695,18 @@ func TestConnections(t *testing.T) {
 			require.NoError(t, err)
 
 			req.Header = test.args.requestHeaders
-			respWriter := test.args.eyeballResponseWriter
 
+			var respWriter connection.ResponseWriter
 			if pipedReqBody, ok := test.args.eyeballRequestBody.(*pipedRequestBody); ok {
 				respWriter = newTCPRespWriter(pipedReqBody.pipedConn)
 				go func() {
 					resp := pipedReqBody.roundtrip(test.args.ingressServiceScheme + ln.Addr().String())
 					replayer.Write(resp)
 				}()
+			} else {
+				respWriter = test.args.eyeballResponseWriter(replayer)
 			}
+
 			if test.args.connectionType == connection.TypeTCP {
 				rwa := connection.NewHTTPResponseReadWriterAcker(respWriter, req)
 				err = proxy.ProxyTCP(ctx, rwa, &connection.TCPRequest{Dest: dest})