- September 12, 2023: Separated finding messages.
- November 21, 2019: Published.
⇤ Web Application Header Assessment
Optional for both HTTP/1.0 and HTTP/1.1
The WWW-Authenticate header indicates the authentication scheme. See finding messages.
Responses
| Response | Description | Header |
|---|---|---|
401 |
If the header isn't used, there will be no record to assess. We grade any request for credentials that uses the WWW-Authenticate header as “BAD.” |
|