tunnel
Click on the red underlined text to get to the source
... proxies must establish an
end-to-end tunnel before applying those operations, as explained in
Section 5.
...
... man-in-the-middle attacks, this memo
specifies the CONNECT method to establish a tunnel across proxies.
...
...
Once a tunnel is established, any of the operations in Section 3 can
be used to establish a TLS connection.
...
... a 426 status without an accompanying Upgrade header, it will need to
request an end to end tunnel connection as described in Section 5.2
and repeat the request in order to obtain the required upgrade
...
... Requesting a Tunnel with CONNECT ...
... A CONNECT method requests that a proxy establish a tunnel connection
on its behalf. The Request-URI ...
... except end-to-end protocol Upgrade requests, of course, since the
tunnel must be established first.
...
... Establishing a Tunnel with CONNECT ...
... SHOULD make a CONNECT request of that next proxy, requesting a tunnel
to the authority. A proxy ...
... proxy MUST NOT respond with any 2xx status code
unless it has either a direct or tunnel connection established to the
authority ...