diff --git a/server/server.go b/server/server.go
index db690479..8b3a172d 100644
--- a/server/server.go
+++ b/server/server.go
@@ -620,13 +620,9 @@ func (s *Server) handleWebConfig(w http.ResponseWriter, _ *http.Request, v *visi
 }
 
 func (s *Server) configResponse(v *visitor) *apiConfigResponse {
-	authMode := ""
-	username := ""
-	if s.config.AuthUserHeader != "" {
-		authMode = "proxy"
-		if v != nil && v.User() != nil {
-			username = v.User().Name
-		}
+	authUser := ""
+	if s.config.AuthUserHeader != "" && v != nil && v.User() != nil {
+		authUser = v.User().Name
 	}
 	return &apiConfigResponse{
 		BaseURL:            "", // Will translate to window.location.origin
@@ -643,9 +639,8 @@ func (s *Server) configResponse(v *visitor) *apiConfigResponse {
 		WebPushPublicKey:   s.config.WebPushPublicKey,
 		DisallowedTopics:   s.config.DisallowedTopics,
 		ConfigHash:         s.config.Hash(),
-		AuthMode:           authMode,
 		AuthLogoutURL:      s.config.AuthLogoutURL,
-		Username:           username,
+		AuthUser:           authUser,
 	}
 }
 
diff --git a/server/types.go b/server/types.go
index 4b2e3b11..915d7e17 100644
--- a/server/types.go
+++ b/server/types.go
@@ -483,9 +483,8 @@ type apiConfigResponse struct {
 	WebPushPublicKey   string   `json:"web_push_public_key"`
 	DisallowedTopics   []string `json:"disallowed_topics"`
 	ConfigHash         string   `json:"config_hash"`
-	AuthMode           string   `json:"auth_mode,omitempty"`       // "proxy" if auth-user-header is set, empty otherwise
 	AuthLogoutURL      string   `json:"auth_logout_url,omitempty"` // URL to redirect to on logout (only for proxy auth)
-	Username           string   `json:"username,omitempty"`        // Authenticated username (for proxy auth)
+	AuthUser           string   `json:"auth_user,omitempty"`       // Authenticated username (for proxy auth, empty if not using proxy auth)
 }
 
 type apiAccountBillingPrices struct {
diff --git a/web/public/config.js b/web/public/config.js
index 0e2ab8a8..bd241661 100644
--- a/web/public/config.js
+++ b/web/public/config.js
@@ -20,7 +20,6 @@ var config = {
   web_push_public_key: "",
   disallowed_topics: ["docs", "static", "file", "app", "account", "settings", "signup", "login", "v1"],
   config_hash: "dev", // Placeholder for development; actual value is generated server-side
-  auth_mode: "", // "proxy" if auth-user-header is set, empty otherwise
   auth_logout_url: "", // URL to redirect to on logout (only for proxy auth)
-  username: "", // Authenticated username (for proxy auth)
+  auth_user: "", // Authenticated username (non-empty if using proxy auth)
 };
diff --git a/web/src/app/AccountApi.js b/web/src/app/AccountApi.js
index f3c48948..dc904708 100644
--- a/web/src/app/AccountApi.js
+++ b/web/src/app/AccountApi.js
@@ -343,9 +343,9 @@ class AccountApi {
   async sync() {
     try {
       // For proxy auth, store the username from config if not already in session
-      if (config.auth_mode === "proxy" && config.username && !session.exists()) {
-        console.log(`[AccountApi] Proxy auth: storing session for user ${config.username}`);
-        await session.store(config.username, ""); // Empty token for proxy auth
+      if (config.auth_user && !session.exists()) {
+        console.log(`[AccountApi] Proxy auth: storing session for user ${config.auth_user}`);
+        await session.store(config.auth_user, ""); // Empty token for proxy auth
       }
       if (!session.exists()) {
         return null;
diff --git a/web/src/components/ActionBar.jsx b/web/src/components/ActionBar.jsx
index 54cd9f21..83c59fa2 100644
--- a/web/src/components/ActionBar.jsx
+++ b/web/src/components/ActionBar.jsx
@@ -140,7 +140,7 @@ const ProfileIcon = () => {
 
   const handleLogout = async () => {
     // For proxy auth, redirect to the logout URL if configured
-    if (config.auth_mode === "proxy") {
+    if (config.auth_user) {
       if (config.auth_logout_url) {
         await db().delete();
         localStorage.removeItem("user");
@@ -158,8 +158,8 @@ const ProfileIcon = () => {
     }
   };
 
-  // Determine if logout button should be shown
-  const showLogout = config.auth_mode !== "proxy" || config.auth_logout_url;
+  // Determine if logout button should be shown (hide if proxy auth without logout URL)
+  const showLogout = !config.auth_user || config.auth_logout_url;
 
   return (
     <>
diff --git a/web/src/components/Login.jsx b/web/src/components/Login.jsx
index 15006e3c..5b8dcc63 100644
--- a/web/src/components/Login.jsx
+++ b/web/src/components/Login.jsx
@@ -20,7 +20,7 @@ const Login = () => {
 
   // Redirect to app if using proxy authentication
   useEffect(() => {
-    if (config.auth_mode === "proxy") {
+    if (config.auth_user) {
       window.location.href = routes.app;
     }
   }, []);