diff --git a/internal/outpost/proxyv2/application/auth_bearer.go b/internal/outpost/proxyv2/application/auth_bearer.go
index 70cd2c381..4a9ad8f07 100644
--- a/internal/outpost/proxyv2/application/auth_bearer.go
+++ b/internal/outpost/proxyv2/application/auth_bearer.go
@@ -5,17 +5,19 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+
+	"goauthentik.io/internal/outpost/proxyv2/constants"
 )
 
 func (a *Application) checkAuthHeaderBearer(r *http.Request) string {
-	auth := r.Header.Get(HeaderAuthorization)
+	auth := r.Header.Get(constants.HeaderAuthorization)
 	if auth == "" {
 		return ""
 	}
-	if len(auth) < len(AuthBearer) || !strings.EqualFold(auth[:len(AuthBearer)], AuthBearer) {
+	if len(auth) < len(constants.AuthBearer) || !strings.EqualFold(auth[:len(constants.AuthBearer)], constants.AuthBearer) {
 		return ""
 	}
-	return auth[len(AuthBearer):]
+	return auth[len(constants.AuthBearer):]
 }
 
 type TokenIntrospectionResponse struct {
diff --git a/internal/outpost/proxyv2/application/utils.go b/internal/outpost/proxyv2/application/utils.go
index 30bf69b66..085c82a1b 100644
--- a/internal/outpost/proxyv2/application/utils.go
+++ b/internal/outpost/proxyv2/application/utils.go
@@ -36,6 +36,7 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
 		a.log.WithError(err).Warning("failed to decode session")
 	}
 	if r.Header.Get(constants.HeaderNoRedirect) == "true" {
+		rw.WriteHeader(401)
 		er := a.errorTemplates.Execute(rw, ErrorPageData{
 			Title:       "Unauthenticated",
 			Message:     fmt.Sprintf("Due to '%s' being set, no redirect is performed.", constants.HeaderNoRedirect),