<p>Proxy authentication headers are removed unless the new
directive enable-proxy-authentication-forwarding is used.
Forwarding the headers potentionally allows malicious sites to
- trick the user into providing it with login information. Reported
+ trick the user into providing them with login information. Reported
by Chris John Riley.</p>
</li>