W3cubDocs

/HTTP

WWW-Authenticate

The HTTP WWW-Authenticate response header defines the authentication method that should be used to gain access to a resource.

The WWW-Authenticate header is sent along with a 401 Unauthorized response.

Syntax

WWW-Authenticate: <type> realm=<realm>

Directives

<type>
Authentication type. A common type is "Basic". IANA maintains a list of Authentication schemes.
realm=<realm>
A description of the protected area. If no realm is specified, clients often display a formatted hostname instead.

Examples

Typically, a server response contains a WWW-Authenticate header that looks like these:

WWW-Authenticate: Basic

WWW-Authenticate: Basic realm="Access to the staging site"

See also HTTP authentication for examples on how to configure Apache or nginx servers to password protect your site your HTTP basic authentication.

Specifications

Specification Title
RFC 7235, section 4.1: WWW-Authenticate HTTP/1.1: Authentication
RFC 7617 The 'Basic' HTTP Authentication Scheme

See also

© 2005–2017 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate