Methods, signals, devices, and systems are provided for using proxy servers to transparently forward messages between clients and origin servers if, and only if doing so does not violate network policies. In some systems, a transparent proxy uses a combination of standard-format HTTP commands, embedding auxiliary information in URLs and other tools and techniques to redirect an initial
client request to one or more policy modules, such as a login
server or an identity broker or an
access control server. The policy module authenticates the request, and uses HTTP redirection to have the
client transmit
authorization data to the proxy. The proxy extracts the
authorization data, directs the
client to use a corresponding cookie, and subsequently provides the implicitly requested proxy services to the client in response to the client's subsequently providing the
authorization data in a cookie. This is accomplished without requiring installation of any invention-specific
software or hardware on either the client or the origin
server, and also works with proxy servers that are known to the client. Unless the client request violates network policy, a person using the client will generally perceive no reduction of services, and will instead benefit from the proxy's caching and / or other performance enhancements.