Response status401 if the origin server requires authentication, 407 if an intermediate proxy requires authentication
Response headersWWW-Authenticate by the origin server, Proxy-Authenticate by an intermediate proxy
Request headersAuthorization for authorization against an origin server, Proxy-Authorization against an intermediate proxy
Authentication schemeBasic for Basic Authentication, but others such as Digest and SPNEGO can be used. See the HTTP Authentication Schemes Registry.
RealmA name of the protected space on the server; a server can have multiple such spaces, each with a distinct name and authentication mechanisms.
CredentialsFor Basic: username and password separated by a colon, base64-encoded; for example, username:password base64-encoded is dXNlcm5hbWU6cGFzc3dvcmQ=


Basic Authentication is defined in RFC2617. It can be used to authenticate against the origin server after receiving a 401 Unauthorized as well as against a proxy server after a 407 (Proxy Authentication Required). In the (decoded) credentials, the password starts after the first colon. Therefore the username cannot contain a colon, but the password can.