It would be nice to have the option of turning on a setting that would switch both the proxy (3141) as well as the HTTP/S port (80/443) to push back to clients saying that they need to authenticate before accessing the website they are trying to get to. Once a cred is captured, allowing them through to the site (3141) or to the current 80/443 setup does would be the preferred method
I've combined your idea with mine, and it has been implemented.
Use -P in combination with -r, get lot more free credentials transparently, no passwd prompt.
It's up in the latest release.
Thanks for the suggestion ;)