您可以创建使用授权自己的定制身份验证模式：头 - 例如，这是如何 OAuth的工作。

You can create your own custom auth schemas that use the Authorization: header - for example, this is how OAuth works.

作为一般规则，如果服务器或代理不理解标准头文件的的值的，他们将离开他们单独和无视他们。这是创建自己的头的键的，往往会产生意想不到的结果 - 很多代理就会将头与他们不认识的名字

As a general rule, if servers or proxies don't understand the values of standard headers, they will leave them alone and ignore them. It is creating your own header keys that can often produce unexpected results - many proxies will strip headers with names they don't recognise.

话虽如此，它可能是一个更好的主意，使用Cookie来传输令牌，而不是授权方式：头，原因很简单，那饼干是明确设计进行自定义值，而规范HTTP内置的身份验证方法并没有真正说无论哪种方式 - 如果你想看看到底是什么不说，的 /rfc2616-sec14.html#sec14.8\">have看看。

Having said that, it is possibly a better idea to use cookies to transmit the token, rather than the Authorization: header, for the simple reason that cookies were explicitly designed to carry custom values, whereas the specification for HTTP's built in auth methods does not really say either way - if you want to see exactly what it does say, have a look here.

这个的另一点是，许多HTTP客户端库内置了支持消化和基本身份验证，但试图设置在标题字段的原始值时，可能使生活更加困难，而他们都将提供方便的支持饼干和允许在其中或多或少的任意值。

The other point about this is that many HTTP client libraries have built-in support for Digest and Basic auth but may make life more difficult when trying to set a raw value in the header field, whereas they will all provide easy support for cookies and will allow more or less any value within them.