diff --git a/handler/http/handler.go b/handler/http/handler.go
index acbce83..5e88add 100644
--- a/handler/http/handler.go
+++ b/handler/http/handler.go
@@ -6,6 +6,7 @@ import (
 	"encoding/base64"
 	"encoding/binary"
 	"errors"
+	"fmt"
 	"hash/crc32"
 	"net"
 	"net/http"
@@ -321,19 +322,23 @@ func (h *httpHandler) authenticate(conn net.Conn, req *http.Request, resp *http.
 		resp.Header = http.Header{}
 	}
 	if resp.StatusCode == 0 {
+		realm := defaultRealm
+		if h.md.authBasicRealm != "" {
+			realm = h.md.authBasicRealm
+		}
 		resp.StatusCode = http.StatusProxyAuthRequired
-		resp.Header.Add("Proxy-Authenticate", "Basic realm=\"gost\"")
+		resp.Header.Add("Proxy-Authenticate", fmt.Sprintf("Basic realm=\"%s\"", realm))
 		if strings.ToLower(req.Header.Get("Proxy-Connection")) == "keep-alive" {
 			// XXX libcurl will keep sending auth request in same conn
 			// which we don't supported yet.
-			resp.Header.Add("Connection", "close")
-			resp.Header.Add("Proxy-Connection", "close")
+			resp.Header.Set("Connection", "close")
+			resp.Header.Set("Proxy-Connection", "close")
 		}
 
 		log.Debug("proxy authentication required")
 	} else {
-		resp.Header.Set("Server", "nginx/1.20.1")
-		resp.Header.Set("Date", time.Now().Format(http.TimeFormat))
+		// resp.Header.Set("Server", "nginx/1.20.1")
+		// resp.Header.Set("Date", time.Now().Format(http.TimeFormat))
 		if resp.StatusCode == http.StatusOK {
 			resp.Header.Set("Connection", "keep-alive")
 		}
diff --git a/handler/http/metadata.go b/handler/http/metadata.go
index 7df1c5d..fd9af19 100644
--- a/handler/http/metadata.go
+++ b/handler/http/metadata.go
@@ -8,11 +8,16 @@ import (
 	mdutil "github.com/go-gost/core/metadata/util"
 )
 
+const (
+	defaultRealm = "gost"
+)
+
 type metadata struct {
 	probeResistance *probeResistance
 	enableUDP       bool
 	header          http.Header
 	hash            string
+	authBasicRealm  string
 }
 
 func (h *httpHandler) parseMetadata(md mdata.Metadata) error {
@@ -23,6 +28,7 @@ func (h *httpHandler) parseMetadata(md mdata.Metadata) error {
 		knock           = "knock"
 		enableUDP       = "udp"
 		hash            = "hash"
+		authBasicRealm  = "authBasicRealm"
 	)
 
 	if m := mdutil.GetStringMapString(md, header); len(m) > 0 {
@@ -48,6 +54,7 @@ func (h *httpHandler) parseMetadata(md mdata.Metadata) error {
 	}
 	h.md.enableUDP = mdutil.GetBool(md, enableUDP)
 	h.md.hash = mdutil.GetString(md, hash)
+	h.md.authBasicRealm = mdutil.GetString(md, authBasicRealm)
 
 	return nil
 }
diff --git a/handler/http2/handler.go b/handler/http2/handler.go
index 34f2a78..d3d6013 100644
--- a/handler/http2/handler.go
+++ b/handler/http2/handler.go
@@ -7,6 +7,7 @@ import (
 	"encoding/base64"
 	"encoding/binary"
 	"errors"
+	"fmt"
 	"hash/crc32"
 	"io"
 	"io/ioutil"
@@ -304,20 +305,24 @@ func (h *http2Handler) authenticate(w http.ResponseWriter, r *http.Request, resp
 	}
 
 	if resp.StatusCode == 0 {
+		realm := defaultRealm
+		if h.md.authBasicRealm != "" {
+			realm = h.md.authBasicRealm
+		}
 		resp.StatusCode = http.StatusProxyAuthRequired
-		resp.Header.Add("Proxy-Authenticate", "Basic realm=\"gost\"")
+		resp.Header.Add("Proxy-Authenticate", fmt.Sprintf("Basic realm=\"%s\"", realm))
 		if strings.ToLower(r.Header.Get("Proxy-Connection")) == "keep-alive" {
 			// XXX libcurl will keep sending auth request in same conn
 			// which we don't supported yet.
-			resp.Header.Add("Connection", "close")
-			resp.Header.Add("Proxy-Connection", "close")
+			resp.Header.Set("Connection", "close")
+			resp.Header.Set("Proxy-Connection", "close")
 		}
 
 		log.Debug("proxy authentication required")
 	} else {
 		resp.Header = http.Header{}
-		resp.Header.Set("Server", "nginx/1.20.1")
-		resp.Header.Set("Date", time.Now().Format(http.TimeFormat))
+		// resp.Header.Set("Server", "nginx/1.20.1")
+		// resp.Header.Set("Date", time.Now().Format(http.TimeFormat))
 		if resp.StatusCode == http.StatusOK {
 			resp.Header.Set("Connection", "keep-alive")
 		}
diff --git a/handler/http2/metadata.go b/handler/http2/metadata.go
index 2dfa4f5..9d21b9d 100644
--- a/handler/http2/metadata.go
+++ b/handler/http2/metadata.go
@@ -8,10 +8,15 @@ import (
 	mdutil "github.com/go-gost/core/metadata/util"
 )
 
+const (
+	defaultRealm = "gost"
+)
+
 type metadata struct {
 	probeResistance *probeResistance
 	header          http.Header
 	hash            string
+	authBasicRealm  string
 }
 
 func (h *http2Handler) parseMetadata(md mdata.Metadata) error {
@@ -21,6 +26,7 @@ func (h *http2Handler) parseMetadata(md mdata.Metadata) error {
 		probeResistKeyX = "probe_resist"
 		knock           = "knock"
 		hash            = "hash"
+		authBasicRealm  = "authBasicRealm"
 	)
 
 	if m := mdutil.GetStringMapString(md, header); len(m) > 0 {
@@ -45,6 +51,7 @@ func (h *http2Handler) parseMetadata(md mdata.Metadata) error {
 		}
 	}
 	h.md.hash = mdutil.GetString(md, hash)
+	h.md.authBasicRealm = mdutil.GetString(md, authBasicRealm)
 
 	return nil
 }