If proxy authorization is used authentication information is not stripped from browser's request.
vulners.com/securityvulns/securityvulns:doc:5422