WWW-Authenticate: hawk

The "WWW-Authenticate" header field indicates the authentication
   scheme(s) and parameters applicable to the target resource.

     WWW-Authenticate = 1#challenge

   A server generating a 401 (Unauthorized) response MUST send a
   WWW-Authenticate header field containing at least one challenge.  A
   server MAY generate a WWW-Authenticate header field in other response
   messages to indicate that supplying credentials (or different
   credentials) might affect the response.

   A proxy forwarding a response MUST NOT modify any WWW-Authenticate
   fields in that response.

   User agents are advised to take special care in parsing the field
   value, as it might contain more than one challenge, and each
   challenge can contain a comma-separated list of authentication
   parameters.  Furthermore, the header field itself can occur multiple
   times.

   For instance:

     WWW-Authenticate: Newauth realm="apps", type=1,
                       title="Login to \"apps\"", Basic realm="simple"

   This header field contains two challenges; one for the "Newauth"
   scheme with a realm value of "apps", and two additional parameters
   "type" and "title", and another one for the "Basic" scheme with a
   realm value of "simple".

      Note: The challenge grammar production uses the list syntax as
      well.  Therefore, a sequence of comma, whitespace, and comma can
      be considered either as applying to the preceding challenge, or to
      be an empty entry in the list of challenges.  In practice, this
      ambiguity does not affect the semantics of the header field value
      and thus is harmless.