+ - Proxy authentication headers are removed unless the new directive
+ enable-proxy-authentication-forwarding is used. Forwarding the
+ headers potentionally allows malicious sites to trick the user
+ into providing it with login information.
+ Reported by Chris John Riley.