You are unable to bypass authorization for an external or internal site that is associated with multiple domains, but has a single referer for the domain to which you are being redirected. When you try to bypass authorization, you see authentication prompts for each domain request.

This is also an issue if default policy is set to Deny, because you want to allow (that is, not authenticate) trusted domains.

This issue occurs more often with Internet Explorer versions 8 and 9 than other browsers such as Chrome or Firefox.

You can specify just the domain of the URL, such as example.com, which is a referer of all the domains you are redirected to. You can determine this in a policy trace. 

Once the referer is recognized, you can exempt authentication for those headers by using the following CPL in your local policy:

 <Proxy>

     request.header.Referer="example.com" authenticate(no)

(where example.com is the domain of the URL)