Proxy troubleshooting

HTTP 407 Proxy Authentication Required: What It Means and How to Fix It

A practical guide to the 407 status code in browsers, cURL, API clients and scraping scripts.

Fast diagnosis

HTTP 407 means the request reached the proxy, but the proxy requires valid authentication before it will forward traffic to the destination website.

407 means the proxy wants credentials before forwarding the request.

Client
Proxy
Site
BuyProxies guide

407 means the proxy wants credentials before forwarding the request.

Do not change five things at once. Test the proxy directly, then test the same proxy inside the browser, script or application that fails.

Symptoms you usually see

  • cURL, Python, browser or API client reports 407.
  • The target website is not reached because the proxy rejects the request first.
  • Adding the proxy without credentials fails immediately.
  • The same URL works without proxy but fails through proxy.

Most likely causes

Cause How to confirm it
Credentials missing Check whether the proxy URL includes username and password or the app has separate auth fields.
Bad credential encoding Special characters in passwords may need URL encoding in proxy URLs.
IP authentication expected Some providers use source-IP authorization instead of username/password.
Proxy type mismatch The client sends the wrong proxy scheme for the server.

Fix workflow

  1. Confirm the proxy provider authentication method.
  2. Test a simple request with the correct protocol and credentials.
  3. Encode special characters if credentials are placed inside a URL.
  4. If using an API client, separate proxy host/port from proxy auth fields when possible.
  5. After the test passes, copy the working format into the production script.

Field notes

Proxy errors become harder to solve when every layer changes at the same time. Keep the proxy, target URL, protocol and client constant until you know which layer fails. If the proxy fails in a simple direct test, the browser or script is not the first thing to fix. If the proxy works in a direct test but fails in the application, focus on application format, authentication handling, DNS behavior and whether another proxy/VPN setting overrides the request.

When debugging production jobs, save the exact proxy format, source machine, public IP, target URL, response code and timestamp. That small record is often enough to separate a temporary route failure from a repeated configuration mistake.

Useful checks

MDN explains 407 as a proxy-authentication response, and cURL documents proxy usage and authentication in its official guide: MDN 407 and everything curl proxies.

Example debugging sequence

Start with one proxy and one target page. If the proxy fails in the tester, fix provider credentials, whitelist, port or protocol first. If it works in the tester, move to the failing application and copy the exact same host, port and authentication method. Then change only one variable at a time: first protocol, then credentials, then destination, then browser profile or script settings. This slower sequence is faster in practice because it avoids chasing false causes.

For teams, write the final working format into a short runbook. The next person should not need to rediscover whether the tool expects host:port:user:pass, a full proxy URL or separate username and password fields.

FAQ

Is 407 a website block?

No. A 407 response comes from the proxy layer before the destination site handles the request.

Can special characters break proxy auth?

Yes. If the password is inside a URL, characters like @, :, / or # can break parsing unless encoded.

Should I change the target URL?

No. Fix proxy credentials, format or whitelist first.

Scroll to Top