Skip to content

407 Proxy Authentication Required

Description

The 407 Proxy Authentication Required status code indicates that the client must first authenticate itself with the proxy server before the request can proceed. This status code is similar to 401 Unauthorized, but it applies specifically to proxy servers rather than the origin server.

When a client makes a request through a proxy that requires authentication, the proxy will respond with a 407 Proxy Authentication Required status code. The proxy must include a Proxy-Authenticate header field containing at least one challenge applicable to the proxy for the requested resource.

This status code is commonly used in corporate or institutional environments where internet traffic is routed through authenticated proxy servers for security, monitoring, or content filtering purposes.

Syntax

The proxy responds with a 407 Proxy Authentication Required status and includes a Proxy-Authenticate header:

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Proxy Server"
Content-Type: text/html
Content-Length: [length in bytes]

[Response body explaining the proxy authentication requirement]

Examples

Basic Proxy Authentication Example

A client attempts to access a website through a proxy without providing proxy authentication:

Client Request: 

GET http://example.com/ HTTP/1.1
Host: example.com

Proxy Response: 

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Corporate Proxy"
Content-Type: text/html
Content-Length: 347

<!DOCTYPE html>
<html>
<head>
  <title>Proxy Authentication Required</title>
</head>
<body>
  <h1>407 Proxy Authentication Required</h1>
  <p>You must authenticate with the corporate proxy before accessing external websites.</p>
  <p>Please enter your network username and password when prompted.</p>
</body>
</html>

Digest Proxy Authentication Example

A client attempts to access a resource through a proxy that uses digest authentication:

Client Request: 

GET http://internal.example.org/reports HTTP/1.1
Host: internal.example.org

Proxy Response: 

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Digest realm="Secure Proxy", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"
Content-Type: text/plain
Content-Length: 125

Proxy authentication required. Please authenticate with the secure proxy using your network credentials to access internal resources.

Multiple Authentication Methods Example

A proxy offers multiple authentication options:

Client Request: 

GET http://restricted.example.com/dashboard HTTP/1.1
Host: restricted.example.com

Proxy Response: 

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Corporate Proxy"
Proxy-Authenticate: Digest realm="Corporate Proxy", qop="auth", nonce="7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v", opaque="FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS"
Proxy-Authenticate: Bearer realm="Corporate Proxy"
Content-Type: application/json
Content-Length: 217

{
  "error": "Proxy Authentication Required",
  "message": "Authentication with the corporate proxy is required",
  "authentication_methods": ["Basic", "Digest", "Bearer"],
  "help_desk": "[email protected]"
}

Summary

The 407 Proxy Authentication Required status code is a specialized response used when a proxy server requires authentication before forwarding client requests. It functions similarly to the 401 Unauthorized status code but is specific to proxy servers rather than origin servers. By including the Proxy-Authenticate header, the proxy informs clients about available authentication methods. This status code is particularly important in corporate, educational, or other institutional environments where authenticated proxies are used to control and monitor internet access.