HTTP Errors

What Is the 401 Status Code? (Unauthorized)

On this page

HTTP 401 Unauthorized means the request lacks valid authentication credentials. The server is telling you it doesn't know who you are — unlike 403, which means it knows and still refuses. The response usually carries a WWW-Authenticate header naming the scheme (Basic, Bearer, etc.). It's also written “HTTP 401” or just “401 error” / “401 status code.”

Quick facts

Status code401
MeaningUnauthorized
Category4xx Client Error
Common causes (scraping)Missing/expired token, wrong API key, no session cookie
Right responseFix the request / retry with backoff; for disguised blocks use a real-browser unblock

What a 401 Unauthorized means

The server is telling you it doesn't know who you are — unlike 403, which means it knows and still refuses. The response usually carries a WWW-Authenticate header naming the scheme (Basic, Bearer, etc.). In short, 401 status code is the request lacks valid authentication credentials.

Why scrapers see 401

Scrapers hit 401 when a page or API sits behind authentication: a missing or expired session cookie, an absent or wrong API key / Bearer token, or a login the scraper never completed. Some sites also return 401 instead of 403 when an anti-bot layer decides the caller isn't a logged-in human.

How to fix a 401 error

Supply valid credentials for the scheme the server asks for — refresh an expired token, replay a logged-in session's cookies, or add the API key header. For authenticated areas, log in once and reuse the session instead of authenticating per request. When a 401 is really a disguised bot block on a public page, treat it like a 403: realistic headers, a clean residential IP, and a real-browser fingerprint via Web Unblocker.

Related terms

What Is the 403 Status Code (403 Forbidden Error)?
HTTP 403 Forbidden means the server understood the request but refuses to fulfill it. Unlike 401 (which means "you're not authenticated"), 4…
What Is the 429 Status Code (429 Error)?
HTTP 429 Too Many Requests is the status code a server returns when a client has sent more requests in a given window than the server's rate…
What Is the 503 Status Code (503 Service Unavailable Error)?
HTTP 503 Service Unavailable means the server is temporarily unable to handle the request — usually because it's overloaded, undergoing main…
What Is the 499 Status Code (499 Error)?
HTTP 499 Client Closed Request is a non-standard status code, logged by Nginx (and CDNs like Cloudflare) when the client closes the connecti…
What Is Cloudflare Error 1015?
Cloudflare error 1015 "You are being rate limited" is shown when a visitor has exceeded a rate-limiting rule configured by the site owner in…
What Is a 200 Status Code?
HTTP 200 OK is the standard success status code: the server received the request, processed it, and returned the expected response body. For…

Concept map

How 401 Status Code (401 Unauthorized) connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections
You are here · HTTP Errors
Building map…

Tools & solutions for this topic

Frequently asked questions

Is 401 a client or server error?

It's a client-side (4xx) error — the server is pointing at something in your request.

Does a 401 mean I'm blocked when scraping?

Not necessarily. 401 points at your request, not a ban — but anti-bot layers sometimes return it instead of a 403, so check the response body and headers.

How do I fix a 401 error?

The request lacks valid authentication credentials is the cause, so the fix targets that. Correct the offending part of the request, then retry.

What's the difference between 401 and 403?

401 Unauthorized means you haven't authenticated — provide credentials and retry. 403 Forbidden means you're authenticated (or none is needed) but still not allowed. For unauthenticated scraping, 403 is usually the relevant one.

Last updated: 2026-05-28