The 4xx class of status code is intended for cases in which the client
seems to have erred. Except when responding to a HEAD request, the server
SHOULD include an entity containing an explanation of the error situation,
and whether it is a temporary or permanent condition. These status codes
are applicable to any request method. User agents SHOULD display any included
entity to the user.
If the client is sending data, a server implementation using TCP SHOULD
be careful to ensure that the client acknowledges receipt of the packet(s)
containing the response, before the server closes the input connection.
If the client continues sending data to the server after the close, the
server's TCP stack will send a reset packet to the client, which may erase
the client's unacknowledged input buffers before they can be read and
interpreted by the HTTP application.
The request requires user authentication. The response MUST include a WWW-Authenticate header field containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field. If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information.