WWW-Authenticate Header
Table of Content
The WWW-Authenticate header is a crucial part of the HTTP protocol that defines methods for providing client-side authentication information to the server. It's primarily used when a server needs to authenticate a user but hasn't received any authorization details, or if the provided details are incorrect. The server sends the WWW-Authenticate header alongside a 401 (Unauthorized) response status, specifying the required authentication method and realm.
Syntax
WWW-Authenticate: <type> realm=<realm>Directives
The WWW-Authenticate header has two main directives. The type directive specifies the authentication method to be used, such as Basic or Bearer. The realm directive is a string describing the protected area or the scope of protection.
Examples
Here is an example of a WWW-Authenticate header using Basic authentication:
WWW-Authenticate: Basic realm="User Visible Realm"And an example for Bearer token method:
WWW-Authenticate: Bearer realm="example"Browser Compatibility
| Browser | Compatibility |
|---|---|
| Chrome | Supported |
| Firefox | Supported |
| Safari | Supported |
| Opera | Supported |
| Edge | Supported |
How to modify WWW-Authenticate header
ModHeader is a browser extension that allows you to modify headers on HTTP(s) requests and responses. To modify the WWW-Authenticate header using ModHeader Chrome extension, follow these steps:
- Install the ModHeader extension from the Chrome Web Store.
- Click on the ModHeader icon in the browser toolbar to open its panel.
- In the 'Request Header' section, click the 'Add' button.
- In the Name field, enter
WWW-Authenticate. - In the Value field, input the specific header you want to set, for example,
Basic realm="example". - Click the 'Save' button to save your new header.
This comes in handy when testing web applications to see how different servers respond to authentication methods declared in WWW-Authenticate header.