WWW-Authenticate Header

Table of Content

The WWW-Authenticate header is a crucial part of the HTTP protocol that defines methods for providing client-side authentication information to the server. It's primarily used when a server needs to authenticate a user but hasn't received any authorization details, or if the provided details are incorrect. The server sends the WWW-Authenticate header alongside a 401 (Unauthorized) response status, specifying the required authentication method and realm.


WWW-Authenticate: <type> realm=<realm>


The WWW-Authenticate header has two main directives. The type directive specifies the authentication method to be used, such as Basic or Bearer. The realm directive is a string describing the protected area or the scope of protection.


Here is an example of a WWW-Authenticate header using Basic authentication:

WWW-Authenticate: Basic realm="User Visible Realm"

And an example for Bearer token method:

WWW-Authenticate: Bearer realm="example"

Browser Compatibility

Browser Compatibility
Chrome Supported
Firefox Supported
Safari Supported
Opera Supported
Edge Supported

How to modify WWW-Authenticate header

ModHeader is a browser extension that allows you to modify headers on HTTP(s) requests and responses. To modify the WWW-Authenticate header using ModHeader Chrome extension, follow these steps:

  1. Install the ModHeader extension from the Chrome Web Store.
  2. Click on the ModHeader icon in the browser toolbar to open its panel.
  3. In the 'Request Header' section, click the 'Add' button.
  4. In the Name field, enter WWW-Authenticate.
  5. In the Value field, input the specific header you want to set, for example, Basic realm="example".
  6. Click the 'Save' button to save your new header.

This comes in handy when testing web applications to see how different servers respond to authentication methods declared in WWW-Authenticate header.