diff --git a/cache_test.go b/cache_test.go
index 4c39035..5724f73 100644
--- a/cache_test.go
+++ b/cache_test.go
@@ -36,8 +36,8 @@ func TestCaching(t *testing.T) {
 			cacheDirty:          make(chan interface{}, 1),
 			cacheClosed:         make(chan interface{}),
 			providers:           providers,
-			defaultProviderID:   cloudsackID,
 			stopCh:              make(chan interface{}, 10),
+			defaultProviderID:   cloudsackID,
 		}
 		go f.maintainCache(cacheFile)
 		return f
diff --git a/fronted.go b/fronted.go
index da6c00d..5d3adce 100644
--- a/fronted.go
+++ b/fronted.go
@@ -33,7 +33,8 @@ const (
 )
 
 var (
-	log = golog.LoggerFor("fronted")
+	log                      = golog.LoggerFor("fronted")
+	defaultFrontedProviderID = "cloudfront"
 )
 
 // fronted identifies working IP address/domain pairings for domain fronting and is
@@ -62,22 +63,18 @@ type fronted struct {
 type Fronted interface {
 	http.RoundTripper
 
-	// UpdateConfig updates the set of domain fronts to try.
-	UpdateConfig(pool *x509.CertPool, providers map[string]*Provider)
+	// OnNewFronts updates the set of domain fronts to try.
+	OnNewFronts(pool *x509.CertPool, providers map[string]*Provider)
 
 	// Close closes any resources, such as goroutines that are testing fronts.
 	Close()
 }
 
-// NewFronted creates a new Fronted instance with the given cache file, clientHelloID, and defaultProviderID.
+// NewFronted creates a new Fronted instance with the given cache file.
 // At this point it does not have the actual IPs, domains, etc of the fronts to try.
 // defaultProviderID is used when a front without a provider is encountered (eg in a cache file)
-func NewFronted(cacheFile string, clientHello tls.ClientHelloID, defaultProviderID string) (Fronted, error) {
+func NewFronted(cacheFile string) Fronted {
 	log.Debug("Creating new fronted")
-	// Log method elapsed time
-	defer func(start time.Time) {
-		log.Debugf("Creating a new fronted took %v", time.Since(start))
-	}(time.Now())
 
 	f := &fronted{
 		certPool:            atomic.Value{},
@@ -88,23 +85,22 @@ func NewFronted(cacheFile string, clientHello tls.ClientHelloID, defaultProvider
 		cacheDirty:          make(chan interface{}, 1),
 		cacheClosed:         make(chan interface{}),
 		providers:           make(map[string]*Provider),
-		clientHelloID:       clientHello,
+		clientHelloID:       tls.HelloAndroid_11_OkHttp,
 		connectingFronts:    newConnectingFronts(4000),
 		stopCh:              make(chan interface{}, 10),
-		defaultProviderID:   defaultProviderID,
+		defaultProviderID:   defaultFrontedProviderID,
 	}
 
 	if cacheFile != "" {
 		f.initCaching(cacheFile)
 	}
 
-	return f, nil
+	return f
 }
 
-// UpdateConfig sets the domain fronts to use, the trusted root CAs, the fronting providers
-// (such as Akamai, Cloudfront, etc), and the cache file for caching fronts to set up
-// domain fronting.
-func (f *fronted) UpdateConfig(pool *x509.CertPool, providers map[string]*Provider) {
+// OnNewFronts sets the domain fronts to use, the trusted root CAs and the fronting providers
+// (such as Akamai, Cloudfront, etc)
+func (f *fronted) OnNewFronts(pool *x509.CertPool, providers map[string]*Provider) {
 	// Make copies just to avoid any concurrency issues with access that may be happening on the
 	// caller side.
 	log.Debug("Updating fronted configuration")
diff --git a/fronted_test.go b/fronted_test.go
index 63fc810..e03a48e 100644
--- a/fronted_test.go
+++ b/fronted_test.go
@@ -57,9 +57,9 @@ func TestDirectDomainFrontingWithSNIConfig(t *testing.T) {
 		UseArbitrarySNIs: true,
 		ArbitrarySNIs:    []string{"mercadopago.com", "amazon.com.br", "facebook.com", "google.com", "twitter.com", "youtube.com", "instagram.com", "linkedin.com", "whatsapp.com", "netflix.com", "microsoft.com", "yahoo.com", "bing.com", "wikipedia.org", "github.com"},
 	})
-	transport, err := NewFronted(cacheFile, tls.HelloChrome_100, "akamai")
-	require.NoError(t, err)
-	transport.UpdateConfig(certs, p)
+	defaultFrontedProviderID = "akamai"
+	transport := NewFronted(cacheFile)
+	transport.OnNewFronts(certs, p)
 
 	client := &http.Client{
 		Transport: transport,
@@ -85,9 +85,9 @@ func doTestDomainFronting(t *testing.T, cacheFile string, expectedMasqueradesAtE
 	}
 	certs := trustedCACerts(t)
 	p := testProvidersWithHosts(hosts)
-	transport, err := NewFronted(cacheFile, tls.HelloChrome_100, testProviderID)
-	require.NoError(t, err)
-	transport.UpdateConfig(certs, p)
+	defaultFrontedProviderID = testProviderID
+	transport := NewFronted(cacheFile)
+	transport.OnNewFronts(certs, p)
 
 	client := &http.Client{
 		Transport: transport,
@@ -95,9 +95,9 @@ func doTestDomainFronting(t *testing.T, cacheFile string, expectedMasqueradesAtE
 	}
 	require.True(t, doCheck(client, http.MethodPost, http.StatusAccepted, pingURL))
 
-	transport, err = NewFronted(cacheFile, tls.HelloChrome_100, testProviderID)
-	require.NoError(t, err)
-	transport.UpdateConfig(certs, p)
+	defaultFrontedProviderID = testProviderID
+	transport = NewFronted(cacheFile)
+	transport.OnNewFronts(certs, p)
 	client = &http.Client{
 		Transport: transport,
 	}
@@ -210,9 +210,10 @@ func TestHostAliasesBasic(t *testing.T) {
 	certs := x509.NewCertPool()
 	certs.AddCert(cloudSack.Certificate())
 
-	rt, err := NewFronted("", tls.HelloChrome_100, "cloudsack")
-	require.NoError(t, err)
-	rt.UpdateConfig(certs, map[string]*Provider{"cloudsack": p})
+	defaultFrontedProviderID = "cloudsack"
+	rt := NewFronted("")
+
+	rt.OnNewFronts(certs, map[string]*Provider{"cloudsack": p})
 
 	client := &http.Client{Transport: rt}
 	for _, test := range tests {
@@ -320,9 +321,9 @@ func TestHostAliasesMulti(t *testing.T) {
 		"sadcloud":  p2,
 	}
 
-	rt, err := NewFronted("", tls.HelloChrome_100, "cloudsack")
-	require.NoError(t, err)
-	rt.UpdateConfig(certs, providers)
+	defaultFrontedProviderID = "cloudsack"
+	rt := NewFronted("")
+	rt.OnNewFronts(certs, providers)
 
 	client := &http.Client{Transport: rt}
 
@@ -445,9 +446,9 @@ func TestPassthrough(t *testing.T) {
 	certs := x509.NewCertPool()
 	certs.AddCert(cloudSack.Certificate())
 
-	rt, err := NewFronted("", tls.HelloChrome_100, "cloudsack")
-	require.NoError(t, err)
-	rt.UpdateConfig(certs, map[string]*Provider{"cloudsack": p})
+	defaultFrontedProviderID = "cloudsack"
+	rt := NewFronted("")
+	rt.OnNewFronts(certs, map[string]*Provider{"cloudsack": p})
 
 	client := &http.Client{Transport: rt}
 	for _, test := range tests {
@@ -515,11 +516,9 @@ func TestCustomValidators(t *testing.T) {
 			"sadcloud": p,
 		}
 
-		f, err := NewFronted("", tls.HelloChrome_100, "sadcloud")
-		if err != nil {
-			return nil, err
-		}
-		f.UpdateConfig(certs, providers)
+		defaultFrontedProviderID = "sadcloud"
+		f := NewFronted("")
+		f.OnNewFronts(certs, providers)
 		return f, nil
 	}
 
diff --git a/test_support.go b/test_support.go
index d45702a..47602c1 100644
--- a/test_support.go
+++ b/test_support.go
@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/getlantern/keyman"
-	tls "github.com/refraction-networking/utls"
 )
 
 var (
@@ -24,22 +23,18 @@ func ConfigureForTest(t *testing.T) Fronted {
 func ConfigureCachingForTest(t *testing.T, cacheFile string) Fronted {
 	certs := trustedCACerts(t)
 	p := testProviders()
-	f, err := NewFronted(cacheFile, tls.HelloChrome_100, testProviderID)
-	if err != nil {
-		t.Fatalf("Unable to create fronted: %v", err)
-	}
-	f.UpdateConfig(certs, p)
+	defaultFrontedProviderID = testProviderID
+	f := NewFronted(cacheFile)
+	f.OnNewFronts(certs, p)
 	return f
 }
 
 func ConfigureHostAlaisesForTest(t *testing.T, hosts map[string]string) Fronted {
 	certs := trustedCACerts(t)
 	p := testProvidersWithHosts(hosts)
-	f, err := NewFronted("", tls.HelloChrome_100, testProviderID)
-	if err != nil {
-		t.Fatalf("Unable to create fronted: %v", err)
-	}
-	f.UpdateConfig(certs, p)
+	defaultFrontedProviderID = testProviderID
+	f := NewFronted("")
+	f.OnNewFronts(certs, p)
 	return f
 }