407 Proxy Authentication Required

HTTP Status CodesClient (4xx)rarerStatus Code: 407Last updated: todayTested on:Google ChromeNode.js v20 LTSJune 2026

The client must first authenticate itself with the proxy.

407 Proxy Authentication Required Quick Fix⏱️ Est. Fix Time: 3 minutes

Usually happens because:

  • Corporate network gateway proxy filters
  • Missing or invalid 'Proxy-Authorization' headers.

🔍 Quick Checklist:

Meaning

The HTTP 407 Proxy Authentication Required client error status code indicates that the request has not been applied because the client needs to provide authentication credentials to access internet resources through a proxy server.

Root Causes

  • Corporate network gateway proxy filters restricting external internet access.
  • Missing or invalid 'Proxy-Authorization' headers.
CauseFrequency
Corporate network gateway proxy filters⭐⭐⭐⭐⭐
Missing or invalid 'Proxy-Authorization' headers.⭐⭐⭐⭐

Common Mistakes

  • Confusing 407 with 401 (use 401 for origin server auth, 407 exclusively for intermediate proxy gateways).
  • Omitting the 'Proxy-Authenticate' header field in the 407 response.

How to Fix

1Provide credentials inside the 'Proxy-Authorization' request header.
2Configure local environment proxy variables (e.g. HTTP_PROXY) to include username:password.

Framework-Specific Examples

Express middleware validating Proxy-Authorization.

Express Example
app.use((req, res, next) => {
  const proxyAuth = req.headers['proxy-authorization'];
  if (!proxyAuth) {
    return res.status(407).set('Proxy-Authenticate', 'Basic').end();
  }
  next();
});

Server Configuration Examples

Configuring forward proxy authorization logic.

Nginx Config
# Nginx forward proxy basic authentication modules

Prevention

  • Ensure corporate clients are provisioned with automated proxy credential management files (PAC).

Frequently Asked Questions (FAQ)

Q: What is the difference between 401 and 407?

401 represents authentication required by the origin server hosting the website. 407 represents authentication required by an intermediate proxy server (e.g. corporate gateway) before forwarding traffic.

Q: Which headers are used for proxy authentication?

The server returns 'Proxy-Authenticate' in 407 responses. The client follows up by sending credentials in the 'Proxy-Authorization' request header.

Q: Does 407 trigger browser dialog boxes?

Yes. If the proxy returns 'Proxy-Authenticate: Basic...', browsers will prompt users to authenticate with the proxy.

Q: How do CLI tools (like curl) handle proxy authentication?

You must specify credentials using command options, such as `curl -x proxy:port -U username:password url`.

Still having this problem?

Didn't solve your problem?

SuggestRequest Error