There are many HTTP APIs that don't follow RFC 2617 and don't respond with 401, instead they either return 200 and something with less information or 403 Forbidden.

There is currently no way to use Invoke-WebRequest -Credential and force preemptive authentication. The ugly workaround is to extract the password from the SecureString of the Credential and converting it to the base64 encoded Authorization Header manually.

With #5052 direct support was added for BasicAuth, but it still misses the option for preemptive authentication.

I'd suggest to use either -PreemptiveAuthentication or -ForceAuthentication as new parameters for this feature.