HTTP 401 Unauthorized

The 401 Unauthorized HTTP status code indicates that the requested content requires authentication.


Edited: 2019-10-13 04:10

A server might send a 401 Unauthorized HTTP header response if the requested Resource requires authentication, including if credentials has been provided but have failed authentication tests.

When responding with a 401, the response must also include a WWW-Authenticate header field.

In case a user tried to login on a web page using the HTTP authentication method, the 401 response code is the correct code to send – while 403 Forbidden is intended for when the server is refusing to fulfill the request, or for HTML form based logins. I.e.

The server understood the request, but is refusing to fulfill it.

Even though HTTP based authentication can be used, HTML form based logins are much more common in modern web applications.

Soft Authentication Errors

Since many hackers and spammers have automated tools to brute-force logins, you might not want to always deliver a response to HTTP requests. Creating unexpected responses can confuse malicious users, and sometimes effectively discourage them from attacking your site.

See also

  1. List of HTTP Response Codes

Tell us what you think:

  1. An in-dept look at the use of headings (h1-h6) and sections in HTML pages.
  2. Pagination can be a confusing thing to get right both practically and programmatically. I have put a lot of thought into this subject, and here I am giving you a few of the ideas I have been working with.
  3. The best way to deal with a trailing question mark is probably just to make it a bad request, because it is a very odd thing to find in a request URL.
  4. How to optimize image-loading and automatically include width and height attributes on img elements with PHP.
  5. HTTP headers are not case-sensitive, so we are free to convert them to all-lowercase in our applications.

More in: Web development