---
title: Proxy-Authenticate
summary: null
url: >-
  https://www.fastly.com/documentation/reference/http/http-headers/Proxy-Authenticate
---

The `Proxy-Authenticate` header field consists of at least one challenge that indicates the authentication scheme(s) and parameters applicable to the proxy for this effective request URI ([Section 5.5 of RFC7230](https://httpwg.org/specs/rfc7230.html#rfc.section.5.5)). A proxy MUST send at least one `Proxy-Authenticate` header field in each `407 (Proxy Authentication Required)` response that it generates.

Unlike `WWW-Authenticate`, the `Proxy-Authenticate` header field applies only to the next outbound client on the response chain. This is because only the client that chose a given proxy is likely to have the credentials necessary for authentication. However, when multiple proxies are used within the same administrative domain, such as office and regional caching proxies within a large corporate network, it is common for credentials to be generated by the user agent and passed through the hierarchy until consumed. Hence, in such a configuration, it will appear as if Proxy-Authenticate is being forwarded because each proxy will send the same challenge set.