When Safari/WebKit finds an HTTP header like the following: WWW-Authenticate: Basic realm=http://www.ennaranja.com it fails to parse the realm and thus doesn't prompt for an username/password but directly present the Authorization Required page to the user. I know this header syntax is invalid, as the parameter 'realm' is defined to only use 'quoted-string' syntax, however some other browsers as Internet Explorer or Mozilla Firefox or even the WebKit-based Google Chrome accept this unquoted form and still present the user with the prompt. I have found a study about how several browsers parse the WWW-Authenticate in different situations [ http://greenbytes.de/tech/tc/httpauth/ ] and this issue is similar to test case 'simplebasictok', which Safari passes, however I guess the non-alphanumeric characters (':', '/') in the URL make the difference in this case. This issue also affects MobileSafari in iOS 5.