Proxy-Authorization header
The HTTPProxy-Authorizationrequest header contains the credentials to authenticate a client with a proxy server, typically after the server has responded with a407 Proxy Authentication Required status with theProxy-Authenticate header.
| Header type | Request header |
|---|---|
| Forbidden request header | Yes |
Syntax
Proxy-Authorization: <auth-scheme> <credentials>Directives
<auth-scheme>A case-insensitive token indicating theAuthentication scheme used.Some of the more common types are
Basic,Digest,NegotiateandAWS4-HMAC-SHA256.IANA maintains alist of authentication schemes, but there are other schemes offered by host services.<credentials>Credentials use for the authentication scheme.Generally, you will need to check the relevant specifications for the format.
Note:SeeAuthorization for more details.
Examples
Basic authentication
InBasic auth, credentials are sent in the format<username>:<password> (for example,aladdin:opensesame).The resulting string is thenbase64 encoded (YWxhZGRpbjpvcGVuc2VzYW1l).
Proxy-Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1lWarning:Base64 encoding is reversible, and therefore offers no cryptographic security.This method can be considered equivalent to sending the credentials in clear text.HTTPS is always recommended when using authentication, but is even more so when usingBasic authentication.
Bearer authentication (auth token)
Proxy-Authorization: Bearer kNTktNTA1My00YzLT1234Specifications
| Specification |
|---|
| HTTP Semantics # field.proxy-authorization |