The Authorization header is an HTTP request header used to send credentials or access tokens to a server. Common schemes include Basic, Bearer, and token-based formats used by APIs and automation tools. The client includes the header in a request, and the server checks it before allowing access to protected resources.
In cyber security, this header matters because many authentication flows depend on it. If a web app or plugin validates the header incorrectly, an attacker may be able to bypass login checks, impersonate a user, or reach administrative functions without a valid secret. Defenders inspect code and traffic for improper parsing, missing checks, or trust in unverified header values. In WordPress, Application Passwords are often sent through the Authorization header, so weaknesses in that path can expose privileged API actions and turn a simple request into a site-level compromise.