significance for identifying the application.

       Server         = "Server" ":" 1*( product | comment )

   Example:

       Server: CERN/3.0 libwww/2.17

   If the response is being forwarded through a proxy, the proxy
   application must not add its data to the product list.

      Note: Revealing the specific software version of the server may
      allow the server machine to become more vulnerable to attacks
      against software that is known to contain security holes. Server
      implementors are encouraged to make this field a configurable
      option.






 
RFC 1945                        HTTP/1.0                        May 1996


      Note: Some existing servers fail to restrict themselves to the
      product token syntax within the Server field.

10.15  User-Agent

   The User-Agent request-header field contains information about the
   user agent originating the request. This is for statistical purposes,
   the tracing of protocol violations, and automated recognition of user
   agents for the sake of tailoring responses to avoid particular user
   agent limitations. Although it is not required, user agents should
   include this field with requests. The field can contain multiple
   product tokens (Section 3.7) and comments identifying the agent and
   any subproducts which form a significant part of the user agent. By
   convention, the product tokens are listed in order of their
   significance for identifying the application.

       User-Agent     = "User-Agent" ":" 1*( product | comment )

   Example:

       User-Agent: CERN-LineMode/2.15 libwww/2.17b3

       Note: Some current proxy applications append their product
       information to the list in the User-Agent field. This is not
       recommended, since it makes machine interpretation of these
       fields ambiguous.

       Note: Some existing clients fail to restrict themselves to
       the product token syntax within the User-Agent field.

10.16  WWW-Authenticate

   The WWW-Authenticate response-header field must be included in 401
   (unauthorized) response messages. The field value consists of at
   least one challenge that indicates the authentication scheme(s) and
   parameters applicable to the Request-URI.

       WWW-Authenticate = "WWW-Authenticate" ":" 1#challenge

   The HTTP access authentication process is described in Section 11.
   User agents must take special care in parsing the WWW-Authenticate
   field value if it contains more than one challenge, or if more than
   one WWW-Authenticate header field is provided, since the contents of
   a challenge may itself contain a comma-separated list of
   authentication parameters.







 
RFC 1945                        HTTP/1.0                        May 1996


11.  Access Authentication

   HTTP provides a simple challenge-response authentication mechanism
   which may be used by a server to challenge a client request and by a
   client to provide authentication information. It uses an extensible,
   case-insensitive token to identify the authentication scheme,
   followed by a comma-separated list of attribute-value pairs which
   carry the parameters necessary for achieving authentication via that
   scheme.

       auth-scheme    = token

       auth-param     = token "=" quoted-string

   The 401 (unauthorized) response message is used by an origin server
   to challenge the authorization of a user agent. This response must
   include a WWW-Authenticate header field containing at least one
   challenge applicable to the requested resource.