Practically Nothing from the spec says or else, and often You can not utilize a 401 in that scenario simply because returning a 401 is simply authorized should you include a WWW-Authenticate header. They will use adware and infostealers to reap passwords or trick consumers into sharing login information and http://pigpgs.com