HTTP

407 - Proxy Authentication Required

HTTP 407 Proxy Authentication Required means the client must authenticate with a proxy before the request can proceed.

Last reviewed: February 12, 2026|Editorial standard: source-backed technical guidance

What Does Proxy Authentication Required Mean?

A proxy in the request path is demanding authentication, so traffic is blocked before it can reach the target origin.

Common Causes

-Proxy credentials are missing or invalid.
-Client ignores proxy authentication challenge flow.
-Environment proxy settings force traffic through restricted proxy.

How to Fix Proxy Authentication Required

1Inspect `Proxy-Authenticate` challenge and supply valid `Proxy-Authorization` credentials for the required scheme.
2Verify client proxy settings and credential source are applied to the exact outbound route.
3Retest through the same proxy path and confirm traffic reaches origin without additional proxy auth challenges.

Step-by-Step Diagnosis for Proxy Authentication Required

1Capture proxy challenge headers and identify required auth scheme/realm.
2Verify client runtime actually routes through the expected proxy and includes correct credentials.
3Check credential expiry, encoding format, and policy scope at proxy controller.
4Retest with controlled proxy credentials and validate origin receives the forwarded request.

Proxy Challenge and Credential Scheme Validation

-Inspect `Proxy-Authenticate` details (example: proxy requires NTLM/Kerberos while client sends Basic token).
-Validate credential formatting for proxy auth (example: malformed base64 credential in `Proxy-Authorization` header).

Network Route and Proxy Policy Checks

-Confirm outbound route is using intended proxy (example: PAC file sends only some domains through authenticated proxy).
-Audit proxy policy changes (example: newly enforced auth realm on egress proxy breaks existing automation clients).

Implementation Examples

Reproduce HTTP 407 Proxy Authentication Requiredcurl

curl -i -X GET https://api.example.com/v1/resource --proxy http://proxy.example.net:3128
# Response:
# HTTP/1.1 407 Proxy Authentication Required
# {"error":"Proxy Authentication Required","code":"407"}

Handle 407 in JavaScriptjavascript

const response = await fetch('https://api.example.com/v1/resource', {
  method: 'GET',
  headers: { 'Accept': 'application/json' }
});
if (response.status === 407) {
  console.error('Handle 407 Proxy Authentication Required');
}

Handle 407 in Pythonpython

import requests

response = requests.get(
    'https://api.example.com/v1/resource',
    headers={'Accept': 'application/json'}
)
if response.status_code == 407:
    print('Handle 407 Proxy Authentication Required')

How to Verify the Fix

-Re-run affected requests and confirm 407 disappears while origin responses are returned.
-Validate proxy authentication remains stable across credential refresh cycles.
-Monitor proxy auth failure metrics to ensure no recurring challenge loops.

How to Prevent Recurrence

-Automate proxy credential rotation and expiration monitoring in all environments.
-Standardize proxy configuration (PAC, env vars, credential injection) across clients and CI agents.
-Add health checks that validate proxy auth handshake before production job execution.

Pro Tip

-ship a startup proxy-auth self-test that fails fast with actionable diagnostics instead of surfacing opaque 407 errors at runtime.

Decision Support

Compare Guide

403 Forbidden vs 404 Not Found: When to Hide Resources

Use 403 for explicit access denial, or 404 to conceal resource existence when security policy requires reducing endpoint and object enumeration risk.

Compare Guide

404 Not Found vs 410 Gone: Missing vs Permanent Removal

Learn when to return 404 (missing or temporary absence) versus 410 (intentional permanent removal), including redirect and cache implications.

Playbook

Resource State Playbook (404 / 410 / ResourceNotFound)

Use this playbook to separate temporary missing-resource lookups from permanent removals, then fix scope, lifecycle, and identifier drift safely.

Official References

Provider Context

This guidance is specific to HTTP services. Always validate implementation details against official provider documentation before deploying to production.

How to Fix Proxy Authentication Required

1Inspect `Proxy-Authenticate` challenge and supply valid `Proxy-Authorization` credentials for the required scheme.

2Verify client proxy settings and credential source are applied to the exact outbound route.

3Retest through the same proxy path and confirm traffic reaches origin without additional proxy auth challenges.

Step-by-Step Diagnosis for Proxy Authentication Required

1Capture proxy challenge headers and identify required auth scheme/realm.

2Verify client runtime actually routes through the expected proxy and includes correct credentials.

3Check credential expiry, encoding format, and policy scope at proxy controller.

4Retest with controlled proxy credentials and validate origin receives the forwarded request.

Proxy Challenge and Credential Scheme Validation

-Inspect `Proxy-Authenticate` details (example: proxy requires NTLM/Kerberos while client sends Basic token).
-Validate credential formatting for proxy auth (example: malformed base64 credential in `Proxy-Authorization` header).

Network Route and Proxy Policy Checks

-Confirm outbound route is using intended proxy (example: PAC file sends only some domains through authenticated proxy).
-Audit proxy policy changes (example: newly enforced auth realm on egress proxy breaks existing automation clients).

Implementation Examples

Reproduce HTTP 407 Proxy Authentication Requiredcurl

curl -i -X GET https://api.example.com/v1/resource --proxy http://proxy.example.net:3128
# Response:
# HTTP/1.1 407 Proxy Authentication Required
# {"error":"Proxy Authentication Required","code":"407"}

Handle 407 in JavaScriptjavascript

const response = await fetch('https://api.example.com/v1/resource', {
  method: 'GET',
  headers: { 'Accept': 'application/json' }
});
if (response.status === 407) {
  console.error('Handle 407 Proxy Authentication Required');
}

Handle 407 in Pythonpython

import requests

response = requests.get(
    'https://api.example.com/v1/resource',
    headers={'Accept': 'application/json'}
)
if response.status_code == 407:
    print('Handle 407 Proxy Authentication Required')

What Does Proxy Authentication Required Mean?

Common Causes

How to Fix Proxy Authentication Required

Step-by-Step Diagnosis for Proxy Authentication Required

Proxy Challenge and Credential Scheme Validation

Network Route and Proxy Policy Checks

Implementation Examples

How to Verify the Fix

How to Prevent Recurrence

Pro Tip

Related Errors

Decision Support

403 Forbidden vs 404 Not Found: When to Hide Resources

404 Not Found vs 410 Gone: Missing vs Permanent Removal

Resource State Playbook (404 / 410 / ResourceNotFound)

Official References

Provider Context

What Does Proxy Authentication Required Mean?

Common Causes

How to Fix Proxy Authentication Required

Step-by-Step Diagnosis for Proxy Authentication Required

Proxy Challenge and Credential Scheme Validation

Network Route and Proxy Policy Checks

Implementation Examples

How to Verify the Fix

How to Prevent Recurrence

Pro Tip

Related Errors

Decision Support

403 Forbidden vs 404 Not Found: When to Hide Resources

404 Not Found vs 410 Gone: Missing vs Permanent Removal

Resource State Playbook (404 / 410 / ResourceNotFound)

Official References

Provider Context