The HTTP WWW-Authenticate
response header defines the authentication method that should be used to gain access to a resource.
The WWW-Authenticate
header is sent along with a 401
Unauthorized
response.
Header type | Response header |
---|---|
Forbidden header name | no |
Syntax
WWW-Authenticate: <type> realm=<realm>[, charset="UTF-8"]
Directives
- <type>
- Authentication type. A common type is "Basic". IANA maintains a list of Authentication schemes.
- realm=<realm>
- A description of the protected area. If no realm is specified, clients often display a formatted hostname instead.
- charset=<charset>
- Tells the client the server's prefered encoding scheme when submitting a username and password. The only allowed value is the case insensitive string "UTF-8". This does not relate to the encoding of the realm string.
Examples
Typically, a server response contains a WWW-Authenticate
header that looks like these:
WWW-Authenticate: Basic WWW-Authenticate: Basic realm="Access to the staging site", charset="UTF-8"
See also HTTP authentication for examples on how to configure Apache or nginx servers to password protect your site with HTTP basic authentication.
Specifications
Specification | Title |
---|---|
RFC 7235, section 4.1: WWW-Authenticate | HTTP/1.1: Authentication |
RFC 7617 | The 'Basic' HTTP Authentication Scheme |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
WWW-Authenticate | Chrome Full support 1 | Edge Full support 12 | Firefox Full support 1 | IE Full support 1 | Opera Full support Yes | Safari ? | WebView Android Full support 37 | Chrome Android Full support Yes | Firefox Android Full support Yes | Opera Android Full support Yes | Safari iOS ? | Samsung Internet Android Full support Yes |
Legend
- Full support
- Full support
- Compatibility unknown
- Compatibility unknown