407

Proxy Authentication Required

4xx Client Error

Back to list.md

ELI5

You need to authenticate with the proxy server first before it will forward your request to the destination.

Server perspective

Use 407 when a proxy requires authentication before it will forward the request.

When to use

  • Return 407 from the proxy, not the origin server
  • Use it when the client must authenticate to the intermediary itself
  • Corporate proxy requires authentication
  • Authenticated proxy servers
  • Network security proxy authentication
  • Content filtering proxy login

How to respond

  • Include Proxy-Authenticate so the client knows which proxy auth scheme to use
  • Expect the retried request to carry Proxy-Authorization

Headers to consider

  • Proxy-Authenticate

Response body

  • Optionally include a short proxy-authentication error; avoid leaking credential details.

Server-side pitfalls

  • Do not confuse 407 proxy auth with 401 origin-server auth
  • Do not rely on origin-application error handling to explain proxy failures clearly
  • Origin server authentication (use 401 Unauthorized)
  • General authorization issues (use 403 Forbidden)
  • Network-level auth (use 511 Network Authentication Required)

Examples

Corporate proxy authentication

Request:GET https://api.example.test/external-resource # Headers Host: example.com
Response:407 Proxy Authentication Required # Headers Proxy-Authenticate: Basic realm="corporate-proxy"

Must provide credentials to corporate proxy before accessing external sites

References

Related Status Codes

401

Unauthorized

You need to prove who you are before you can access this. Please log in or provide valid credentials.