← Back to headers
HTTP Header
WWW-Authenticate
SecurityDefines the authentication method that should be used to access a protected resource.
HTTP header reference, syntax, examples, and developer usage.
What is the WWW-Authenticate header?
The WWW-Authenticate HTTP header is used to transmit metadata between a client and server as part of HTTP requests or responses.
HTTP headers define how content should be interpreted, cached, authenticated, secured, or processed by browsers and APIs.
Direction
This header may appear in both HTTP requests and responses.
Syntax
WWW-Authenticate: Bearer
Example
WWW-Authenticate: Bearer realm="api"
Common use cases
- 401 Unauthorized responses
- Auth challenges
- Bearer or Basic authentication flows
Common mistakes
- Using the header in the wrong request or response context
- Sending invalid header values
- Incorrect header syntax
- Assuming the header automatically changes server behaviour