We're looking for a user researcher to understand the needs of developers and designers. Is this you or someone you know? Check out the post: https://mzl.la/2IGzdXS

I volontari di MDN non hanno ancora tradotto questo articolo in Italiano. Unisciti a noi e traducilo tu stesso.
Puoi anche consultare l’articolo in English (US).

The HTTP Authorization request header contains the credentials to authenticate a user agent with a server, usually after the server has responded with a 401 Unauthorized status and the WWW-Authenticate header.

Header type Request header
Forbidden header name no


Authorization: <type> <credentials>


Authentication type. A common type is "Basic". Other types:
If the "Basic" authentication scheme is used, the credentials are constructed like this:
  • The username and the password are combined with a colon (aladdin:opensesame).
  • The resulting string is base64 encoded (YWxhZGRpbjpvcGVuc2VzYW1l).

Note: Base64 encoding does not mean encryption or hashing! This method is equally secure as sending the credentials in clear text (base64 is a reversible encoding). Prefer to use HTTPS in conjunction with Basic Authentication.


Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

See also HTTP authentication for examples on how to configure Apache or nginx servers to password protect your site with HTTP basic authentication.


Specification Title
RFC 7235, section 4.2: Authorization HTTP/1.1: Authentication
RFC 7617 The 'Basic' HTTP Authentication Scheme

See also

Tag del documento e collaboratori

Hanno collaborato alla realizzazione di questa pagina: mfuji09, zachvalenta, teoli, fscholz
Ultima modifica di: mfuji09,