407 Proxy Authentication Required

The HTTP 407 Proxy Authentication Required status code is a client error returned by the server to indicate the request must be authenticated before the client uses a proxy. This is similar to 401 Unauthorized, and the user must satisfy the requirements before access is granted.

Table of Contents

Usage

When a 407 Proxy Authentication Required error arrives, the client understands valid login credentials are needed before accessing the requested resource through the proxy. This is similar to the 401 Unauthorized response, and the client uses the same Authentication protocols.

The Proxy-Authenticate header is returned by the server to indicate the allowed methods.

SEO impact

Search engines like Google do not index a URL returning a 407 Proxy Authentication Required status. Previously indexed URLs returning this status code are removed from search results.

Example

The client requests a resource and the server responds with 407 Proxy Authentication Required to indicate the resource is protected behind a proxy. The server indicates support for basic authorization. The client responds with a username:password pair using the basic authentication protocol, specified in the Proxy-Authorization header. The server then transmits the requested resource.

Initial request

GET /documents/tech-news HTTP/1.1
Host: www.example.re

Initial response

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Documents"

Next request

GET /documents/tech-news HTTP/1.1
Host: www.example.re
Proxy-Authorization: Basic RXhhbXBsZTphaQ==

Final response

HTTP/1.1 200 OK
Content-Type: application/pdf
Content-Length: 25000

<PDF document included in message body>

How to fix

A 407 Proxy Authentication Required means the proxy server requires valid credentials before forwarding the request.

  1. Check the Proxy-Authenticate header in the response. This header specifies the required Authentication scheme (Basic, Digest, NTLM, Negotiate). Match the client configuration to the expected method. Inspect the header with browser DevTools or curl -v through the proxy.

  2. Configure proxy credentials in the client. Set proxy username and password in browser proxy settings, application configuration, or environment variables. For command-line tools, embed credentials in the proxy URL:

    export HTTP_PROXY=http://user:pass@proxy:8080
export HTTPS_PROXY=http://user:pass@proxy:8080

    Include credentials in the Proxy-Authorization header for programmatic HTTP clients.

  3. Verify the proxy username and password. An incorrect or expired credential pair triggers this error. Confirm the values with the network administrator. NTLM and Kerberos proxies require domain-joined credentials. Verify the domain prefix (e.g., DOMAIN\username) is included.

  4. Check for transparent proxy interception. Some corporate networks route all traffic through a transparent proxy without explicit client configuration. A VPN connection or network policy change introduces proxy authentication where none existed before. Check system proxy settings (Windows: Internet Options, macOS: System Settings > Network > Proxies, Linux: /etc/environment or desktop proxy settings).

  5. Clear cached proxy credentials. Browsers and operating systems cache proxy authentication tokens. Stale cached credentials cause repeated 407 responses after a password change. Clear the credential cache (Credential Manager on Windows, Keychain Access on macOS).

  6. Verify the proxy allows the target domain. Some proxy servers restrict access to approved domains or URL categories. The proxy returns 407 to force re-authentication even when credentials are valid, if the destination is blocked by policy. Check the proxy allow-list with the network administrator.

  7. Contact the network administrator for proxy access. Corporate or institutional proxies require account provisioning. Request access credentials, confirm the proxy address and port, and verify the authentication scheme in use.

Code references

.NET

HttpStatusCode.ProxyAuthenticationRequired

Rust

http::StatusCode::PROXY_AUTHENTICATION_REQUIRED

Rails

:proxy_authentication_required

Go

http.StatusProxyAuthRequired

Symfony

Response::HTTP_PROXY_AUTHENTICATION_REQUIRED

Python3.5+

http.HTTPStatus.PROXY_AUTHENTICATION_REQUIRED

Java

java.net.HttpURLConnection.HTTP_PROXY_AUTH

Apache HttpComponents Core

org.apache.hc.core5.http.HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED

Angular

@angular/common/http/HttpStatusCode.ProxyAuthenticationRequired

Takeaway

The 407 Proxy Authentication Required status code indicates authorization is required to access the requested resource through a proxy. The server informs the client of supported Authentication methods, and the client must authenticate before access is granted.

See also

Last updated: March 6, 2026