Whenever we return a `401 Unauthorized` we should also include a [`WWW-Authenticate`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate) header.
Whenever we return a
401 Unauthorizedwe should also include aWWW-Authenticateheader.