Prior to JDK 24, if a `java.net.Authenticator` is set on a `HttpClient`, then any user set `Authorization` or `Proxy-Authorization` headers will be removed or overwritten by values generated by the client library. From JDK 24, if such headers are set by the user, then they will be left in place and the authenticator will not be invoked for the respective header. In particular, if the authentication fails for the provided header, the failed response with the 401 0r 407 status code will be returned directly to the calling code. One use case for this could be to let the authenticator handle proxy authentication and for the user to set the `Authorization` headers for the server.