Edit:
web.config system.webServer section and set httpErrors existingResponse attribute
<system.webserver>
...
<httperrors existingresponse="PassThrough"></httperrors>
...
</system.webserver>
The classic CustomErrors behaviour because I was comparing localhost with a remote server
and the first wouldn't explain how some of my other Authentication 'errors' were getting through intact
See the article
how-to-use-http-detailed-errors-in-iis[
^]