14.33 Proxy-Authenticate
The Proxy-Authenticate response-header field MUST be included as part
of a 407 (Proxy Authentication Required) response. The field value
consists of a challenge that indicates the authentication scheme and
parameters applicable to the proxy for this Request-URI.
Proxy-Authenticate = "Proxy-Authenticate" ":" challenge
The HTTP access authentication process is described in section 11.
Unlike WWW-Authenticate, the Proxy-Authenticate header field applies
only to the current connection and SHOULD NOT be passed on to
downstream clients. However, an intermediate proxy may need to obtain
its own credentials by requesting them from the downstream client,
which in some circumstances will appear as if the proxy is forwarding
the Proxy-Authenticate header field.
14.34 Proxy-Authorization
The Proxy-Authorization request-header field allows the client to
identify itself (or its user) to a proxy which requires
authentication. The Proxy-Authorization field value consists of
credentials containing the authentication information of the user
agent for the proxy and/or realm of the resource being requested.
Proxy-Authorization = "Proxy-Authorization" ":" credentials
The HTTP access authentication process is described in section 11.
Unlike Authorization, the Proxy-Authorization header field applies
only to the next outbound proxy that demanded authentication using
the Proxy-Authenticate field. When multiple proxies are used in a
chain, the Proxy-Authorization header field is consumed by the first
outbound proxy that was expecting to receive credentials. A proxy MAY
relay the credentials from the client request to the next proxy if
that is the mechanism by which the proxies cooperatively authenticate
a given request.
14.35 Public
The Public response-header field lists the set of methods supported
by the server. The purpose of this field is strictly to inform the
recipient of the capabilities of the server regarding unusual
methods. The methods listed may or may not be applicable to the
Fielding, et. al. Standards Track [Page 127]
�
RFC 2068 HTTP/1.1 January 1997
Request-URI; the Allow header field (section 14.7) MAY be used to
indicate methods allowed for a particular URI.
Public = "Public" ":" 1#method
Example of use:
Public: OPTIONS, MGET, MHEAD, GET, HEAD
This header field applies only to the server directly connected to
the client (i.e., the nearest neighbor in a chain of connections). If
the response passes through a proxy, the proxy MUST either remove the
Public header field or replace it with one applicable to its own
capabilities.