Practically nothing in the spec claims in any other case, and infrequently You can not utilize a 401 in that condition for the reason that returning a 401 is only legal when you involve a WWW-Authenticate header. For a hacker, you are able to perform for an MSSP, supplying them http://pigpgs.com
