Istio egress gateway default behaviour

Hi All,
We have deployed istio on EKS, We are trying to reach an application hosted in internet from our micorservice deployed in istio. I thought by default no connection will go out of the mesh even if the server has internet access but we are able to reach the internet site without configuring istio egressgateway. So by default all connections will be allowed and we have to enable istio-egressgateway to block all the traffic and allow only few?.

kubectl exec -it $SOURCE_POD -c istio-proxy – curl -sL -o /dev/null -D -
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Date: Tue, 13 Aug 2019 03:50:13 GMT
Expires: Thu, 12 Sep 2019 03:50:13 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

HTTP/1.1 200 OK
Date: Tue, 13 Aug 2019 03:50:13 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP=“This is not a P3P policy! See for more info.”
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2019-08-13-03; expires=Thu, 12-Sep-2019 03:50:13 GMT; path=/;
Set-Cookie: NID=188=nsuiBiIC8adtC48zulL3xT1WcVGiaclxiSUCYIZcfpavACSQajW90UlKjdH29pszf2r7qPWpBW6Z9WeqyFakjBMgVT_iis8Drph_nzep2vigkyS3yAVSaH0lSnGn_1xqi72IQPomkpWw1-xt4jDNY_AgoS7qPg1m_hBFupFkXP4; expires=Wed, 12-Feb-2020 03:50:13 GMT; path=/;; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked