diff --git a/src/mod_cgi.c b/src/mod_cgi.c
index 38eb1698..e6212fea 100644
--- a/src/mod_cgi.c
+++ b/src/mod_cgi.c
@@ -1289,6 +1289,13 @@ static int cgi_create_env(server *srv, connection *con, plugin_data *p, handler_
 			ds = (data_string *)con->request.headers->data[n];
 
 			if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
+				/* Do not emit HTTP_PROXY in environment.
+				 * Some executables use HTTP_PROXY to configure
+				 * outgoing proxy.  See also https://httpoxy.org/ */
+				if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Proxy"))) {
+					continue;
+				}
+
 				buffer_copy_string_encoded_cgi_varnames(p->tmp_buf, CONST_BUF_LEN(ds->key), 1);
 
 				cgi_env_add(&env, CONST_BUF_LEN(p->tmp_buf), CONST_BUF_LEN(ds->value));
diff --git a/src/mod_fastcgi.c b/src/mod_fastcgi.c
index 31c2e62d..52d707d5 100644
--- a/src/mod_fastcgi.c
+++ b/src/mod_fastcgi.c
@@ -1888,6 +1888,13 @@ static int fcgi_env_add_request_headers(server *srv, connection *con, plugin_dat
 		ds = (data_string *)con->request.headers->data[i];
 
 		if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
+			/* Do not emit HTTP_PROXY in environment.
+			 * Some executables use HTTP_PROXY to configure
+			 * outgoing proxy.  See also https://httpoxy.org/ */
+			if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Proxy"))) {
+				continue;
+			}
+
 			buffer_copy_string_encoded_cgi_varnames(srv->tmp_buf, CONST_BUF_LEN(ds->key), 1);
 
 			FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_BUF_LEN(srv->tmp_buf), CONST_BUF_LEN(ds->value)),con);
diff --git a/src/mod_proxy.c b/src/mod_proxy.c
index 3b877857..b101baf5 100644
--- a/src/mod_proxy.c
+++ b/src/mod_proxy.c
@@ -494,6 +494,10 @@ static int proxy_create_env(server *srv, handler_ctx *hctx) {
 		if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
 			if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Connection"))) continue;
 			if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Proxy-Connection"))) continue;
+			/* Do not emit HTTP_PROXY in environment.
+			 * Some executables use HTTP_PROXY to configure
+			 * outgoing proxy.  See also https://httpoxy.org/ */
+			if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Proxy"))) continue;
 
 			buffer_append_string_buffer(b, ds->key);
 			buffer_append_string_len(b, CONST_STR_LEN(": "));
diff --git a/src/mod_scgi.c b/src/mod_scgi.c
index 584c20a1..f3ec978b 100644
--- a/src/mod_scgi.c
+++ b/src/mod_scgi.c
@@ -1536,6 +1536,13 @@ static int scgi_env_add_request_headers(server *srv, connection *con, plugin_dat
 		ds = (data_string *)con->request.headers->data[i];
 
 		if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
+			/* Do not emit HTTP_PROXY in environment.
+			 * Some executables use HTTP_PROXY to configure
+			 * outgoing proxy.  See also https://httpoxy.org/ */
+			if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Proxy"))) {
+				continue;
+			}
+
 			buffer_copy_string_encoded_cgi_varnames(srv->tmp_buf, CONST_BUF_LEN(ds->key), 1);
 
 			scgi_env_add(p->scgi_env, CONST_BUF_LEN(srv->tmp_buf), CONST_BUF_LEN(ds->value));
diff --git a/src/mod_ssi.c b/src/mod_ssi.c
index c9b59a62..8dda845f 100644
--- a/src/mod_ssi.c
+++ b/src/mod_ssi.c
@@ -165,7 +165,14 @@ static int ssi_env_add_request_headers(server *srv, connection *con, plugin_data
 
 		if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
 			/* don't forward the Authorization: Header */
-			if (0 == strcasecmp(ds->key->ptr, "AUTHORIZATION")) {
+			if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Authorization"))) {
+				continue;
+			}
+
+			/* Do not emit HTTP_PROXY in environment.
+			 * Some executables use HTTP_PROXY to configure
+			 * outgoing proxy.  See also https://httpoxy.org/ */
+			if (buffer_is_equal_caseless_string(ds->key, CONST_STR_LEN("Proxy"))) {
 				continue;
 			}