The HTTP Proxy-Authenticate response indicates which Authentication method is preferred to be used to gain access to a protected resource behind a proxy server.


The Proxy-Authenticate response header is generated by the server to inform the client concerning what Authentication methods are valid for accessing a protected resource. This is generated in response to a HTTP request that results in the HTTP 407 Proxy Authentication Required status code being returned.

With the resubmission of the HTTP request, the client submits the relevant Authentication data to the proxy server using the Proxy-Authorization header. Upon validation, the HTTP request is forwarded accordingly.

There are two directives including the authentication type and the realm. The authentication type is one of those listed by IANA, such as Basic or Digest. The realm describes the protected area and can be omitted with the client normally displaying the hostname by default.


Proxy-Authenticate: Digest
Proxy-Authenticate: Basic realm="Confidential documents"


The HTTP Proxy-Authenticate response header is used to inform the client concerning Authentication methods that are accepted to grant access to a resource that is protected by a proxy server.

See also

Last updated: June 2, 2022