Security bug fixed: Don't load or render the content of "407 Proxy Authentication Required" reply when using https proxy. This avoids the FalseCONNECT attack. Also, don't allow 401 and 407 responses to set cookies.