Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

HTTP headers | WWW-Authenticate

HTTP WWW-Authenticate header is a response-type header. It serves as a support for various authentication mechanisms which are important to control access to pages and other resources as well. All of these mechanisms are based on the use of the 401 status code. The HTTP WWW-Authenticate response header defines the authentication method that ought to be wont to gain access to a resource. As discussed earlier, the WWW-Authenticate header is sent along with a 401 Unauthorized response. 

The working includes a client being responded by a server with a 401 Unauthorized response status which provides information on authorizing with a WWW-Authenticate response header containing a minimum of one challenge. A client that wants to authenticate itself with a server can do so by including an Authorization request-header field with the credentials. Usually, it is done by presenting a password prompt to the user and then issuing the request including the correct Authorization header. 



Diagrammatic representation of basic authentication is as follows: 



Here, is the authentication scheme (“Basic” is the most common scheme and introduced below). The realm is employed to explain the protected area or to point the scope of protection. This could be a message like “Access to the staging site” or similar in order that the user knows to which space they’re trying to urge access to. 

Note: Note: In the case of a “Basic” authentication like shown in the figure, the exchange must happen over an HTTPS (TLS) connection to be secure. 

It is needed to be specified which authentication scheme is used so that the client that wishes to authorize knows how to provide the credentials. 

Syntax: 

WWW-Authenticate: <type> realm=<realm> realm=<realm>

Directives: This header accepts three directives as mentioned above and described below:  

Example:  

WWW-Authenticate: Basic
WWW-Authenticate: Basic realm="Access to the staging site", 
charset="UTF-8"

Supported Browsers: The browsers supported by HTTP headers WWW-Authenticate are listed below:  

 

Article Tags :
Web Technologies
Recommended Articles
1. HTTP headers | Proxy-Authenticate
2. HTTP headers | Access-Control-Expose-Headers
3. HTTP headers | Access-Control-Allow-Headers.
4. HTTP headers | Access-Control-Request-Headers
5. How to authenticate with google using firebase in React ?
6. How to authenticate firebase with GitHub in ReactJS ?
7. How to Authenticate with Google using Firebase in React Native Application ?
8. How to authenticate phone number using firebase in ReactJS ?
9. HTTP headers | Location
10. HTTP headers | User-Agent
11. HTTP headers | Link
12. HTTP headers | Save-Data
13. HTTP headers | Content-Type
14. HTTP headers | X-Forwarded-Proto
15. HTTP headers | X-XSS-Protection
16. HTTP headers | X-Frame-Options
17. HTTP headers | Last-Modified
18. HTTP headers | Date
19. HTTP headers | Cookie
20. HTTP headers | Strict-Transport-Security
21. HTTP headers | Expect
22. HTTP headers | Accept-Encoding
23. HTTP headers | Content-Range
24. HTTP headers | Content-Encoding
25. HTTP headers | Content-Language