AFAIK FF uses the first auth scheme presented. IE (and Chrome ?) use the "safest" method. So, assuming, you want "Negotiate" first to appear in the headers, I would consider this a typical case for a site specific "Brutal Hack" of the squid sources. Regarding FF, it is possible to mess around with auth using an AddOn. But an inferior solution, I guess. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Order-of-authentication-schemes-in-Proxy-Authenticate-tp4659436p4659439.html Sent from the Squid - Users mailing list archive at Nabble.com.