I read that HTTP proxy should be removing hop HTTP headers (https://www.freesoft.org/CIE/RFC/2068/143.htm)
It makes sense since some of these headers are connection-related.
The question is. Is this RFC applicable for explicit proxy only or should be it be done on transparent HTTP proxies too?
Just to give you an example. Let say a client does HTTP call and it has an explicit proxy set. However, there is a transparent proxy in the middle. So, the overall pipeline looks like that
Client ↔ Transparent Proxy ↔ Explicit proxy ↔ Web pageAn explicit proxy may require authentication and will send back Proxy-Authenticate header.
If a transparent proxy removes this header (per RFC) then the client won't be prompted to authenticate and nothing will work.
This one jumped out immediately, but I think some other scenarios could be envisioned when it looks like transparent proxy should NOT be touching hop-by-hop headers.
Am I missing something or hop-by-hop removal rules are applicable to explicit proxies only?