Is there a difference between using the Bearer Authorization header and using a custom header? For example, the “Primary” authorization header is different from the custom header, because browsers view the “Primary” authorization headers as a special case (some browsers cache the “Primary” authorization header). In other words, is the “media” just an arbitrary string or what do browsers know about it?
If I don't want future browsers to cache the carrier token, should I be safe and use a custom header?
For example, is there a difference between the two (assuming my server can handle both):
header('Authorization: Bearer 12345'); header('Mysite-Bearer-Token: 12345');
source share