Can my target site see the details included in the proxy authorization header?