⇤ Web Application Header Assessment
Optional for both HTTP/1.0 and HTTP/1.1
The WWW-Authenticate header indicates the authentication scheme. See finding messages.
Responses
Response | Description | Header |
---|---|---|
401 |
If the header isn't used, there will be no record to assess. We grade any request for credentials that uses the WWW-Authenticate header as “BAD.” |
|
Resources
- September 12, 2023: Separated finding messages.
- November 21, 2019: Published.
Feedback
0 comments
Please sign in to leave a comment.