HTTP headers / request header
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
Carries the credentials for the request: Bearer tokens, Basic base64 pairs, Digest challenges, or signature schemes like AWS SigV4. The server answers 401 with WWW-Authenticate when it is missing or wrong.
Proxies and cross-origin redirects love silently dropping this header — when auth "randomly" fails, confirm it actually left your client.
The fastest way to see what Authorization is actually doing is to send the request and read both sides raw — ReqPad shows auto-generated and custom headers for every request, on all six protocols, with history. Related references: status codes · Accept · Accept-Encoding · Accept-Language · If-None-Match · If-Match · If-Modified-Since
Build the request, send it, read raw headers and timing — from your iPhone. Free to start.