A 401 response message is used by an web server to challenge the authorization of a user agent connecting anonymously. After receiving a 401 response, a browser will include an Authorization header field with the next request. The Authorization field contains credentials with the authentication information of the user agent for the resource being requested.
I used Wireshark to sniff this request-response stream on an Apache web server (asking for a virtual host called “/manual” protected by Basic authentication), and it looks like this:
|HTTP Request(GET /manual)|
|HTTP 401 Authorization Required response to browser including WWW-Authenticate: Basic header|
(Repeat TCP sequence again, but browser sends proper credentials this time, and gets a 304 Not Modified response)