The 401 error code is one of the most common HTTP status codes. You’re likely to encounter it with an “Unauthorized” message or string, which essentially means you lack some level of authorization to proceed. Knowing about HTTP status codes can help troubleshoot issues regarding web requests and ensure that your users receive appropriate feedback about the status of their requests. It can also ensure that your web applications and services are compatible and can work across a wide range of servers and clients, regardless of their platform or programming language.
This article explains the 401 Unauthorized HTTP error code and how to troubleshoot it if you encounter it.
What Are HTTP Status Codes?
The HTTP status code system was introduced in the early 1990s as part of the HTTP/1.0 specification, and it has been refined and expanded over time as the web has evolved. HTTP status codes are three-digit format codes, with each code associated with a specific meaning in relation to the result of an HTTP request.
The goal was to create a standardized set of codes that all web servers could use to communicate with HTTP clients about the outcome of their requests in a clear, concise, and consistent manner. Prior to the development of HTTP status codes, there was no consistent or reliable way for servers to communicate errors or other types of responses to clients. There are five main classes or categories of HTTP status codes:
- 1xx (Informational): These are informational messages, indicating that the request has been received and the server is continuing to process the request.
- 2xx (Success): These indicate that the request was successfully received, understood, and accepted by the server.
- 3xx (Redirection): These indicate that the client must take some additional action to complete the request, such as following a redirect.
- 4xx (Client Error): These indicate that the request made by the client was incorrect or cannot be fulfilled by the server.
- 5xx (Server Error): These indicate that the server failed to fulfill a valid request due to an error on the server side.
What Is a 401 Unauthorized Error?
To better understand the meaning of the 401 Unauthorized HTTP status code, consider the analogy of trying to enter a private club or event without a valid invitation or ID. If you show up at the door without a valid invitation or ID, the bouncer will deny you entry and tell you that you’re not authorized to enter.
Similarly, when an HTTP client sends a request to a web server for a protected resource without providing valid authentication credentials, the server responds with a 401 Unauthorized status code, indicating that the client is not authorized to access the resource.
Just as the bouncer at the club may provide instructions on what is needed to gain entry, the web server may provide instructions to the client on what kind of authentication credentials are needed and how to provide them. This information is typically provided in the response body or in response headers such as the ‘WWW-Authenticate’ header.
So, just as a bouncer at a club controls access to a private event, the web server uses the 401 status code to control access to protected resources and requires authentication credentials to grant access.
Why Does the 401 Unauthorized Error Occur?
While this error code usually occurs due to missing credentials, it’s important to note that the exact cause of a 401 error can vary depending on the specific situation and context. Additional troubleshooting may be required to identify the actual issue. Below are some other reasons why you could face this error.
Missing or Incorrect Authentication Credentials
As stated earlier, the most common cause of a 401 Unauthorized error is a client not providing valid authentication credentials, such as a username and password, in the request. This can happen if the client forgets to include the credentials or enters them incorrectly. Sometimes the needed credentials may be in the form of basic HTTP authentication or an API key that must be submitted with the request.
Malformed Authenticated Requests
Improperly formatting or structuring an HTTP request can cause a 401 error status. Some servers add other layers of security for authenticated requests or when undertaking authentication. These include requiring credentials to be hashed, encrypted, or formatted in a specific way before submitting.
If this isn’t done correctly or structured according to the needs of the server, you’ll receive a 401 Unauthorized error in response because the server does not recognize the submitted credentials and treats them as invalid.
Expired or Revoked Credentials
Depending on the application or API being accessed, credentials may be revoked, reset, or expire over a set period of time for extra security. You might run into this with financial or banking apps and sites. If your client’s authentication credentials are expired or have been revoked by the server, the server will return a 401 error to indicate that the client is not authorized to access the requested resource.
Incorrect Permissions or Access Control
A 401 error can occur if the authentication credentials provided by the client are not authorized to access the requested resource due to incorrect permissions or access control settings on the server. For example, if you are a content editor and have an edit button to modify content, your account must have the “edit content” permission to execute that action. If your account does not have the necessary permission, you will receive a 401 error when clicking the edit button.
A Misconfigured Server or Application
A 401 error can also be caused by a misconfigured server or application, such as an endpoint or URL that is expected to be public being placed under an authenticated page. Sometimes this happens when broken or outdated plugins are used in the application, especially in some content management systems such as WordPress or Drupal.
In these cases, you would usually find the root cause in the logs. A 401 Unauthorized error will also occur if the client submits a request for a URL that is incorrect or does not exist on the server but matches a protected file system path on the server that is not meant to be accessed directly.
Network or Connectivity Issues
Sometimes, a 401 error can occur due to network or connectivity issues, such as a firewall blocking the request. Firewalls are security systems that prevent unauthorized access to a network or server. 401 errors occur when a firewall blocks a request from a client that is trying to access a protected resource.
DNS Lookup Failure
The Domain Name System (DNS) is a system that translates domain names into IP addresses. If there is a problem with the DNS lookup process, the client may not be able to connect to the server. In other cases, your system might be using a cached DNS record that is outdated, therefore pointing requests to the wrong server. Both of these situations can result in a 401 error.
How Do You Fix the 401 Unauthorized Error?
Once you identify the cause of the error, you can usually take a few steps to easily fix it. The next sections discuss a few ways you can fix this error. The solution may also depend on whether you are an end user of the application, a developer (API consumer), or the application owner.
Provide Missing or Correct Authentication Credentials
Providing missing or correct authentication credentials is usually the first step in resolving a 401 Unauthorized error. You need to find the login or sign-in page of the application or website and ensure you provide valid credentials for successful authentication.
Then, try accessing the resource again, and hopefully it should work. If you’re a developer trying to access or consume a resource via an API, you may need to ensure that you provide a valid API key or token for each request via the respective headers as provided by the server.
The following is an example of a curl HTTP request that requires you to specify your API key with the ‘Authorization’ header:
curl --request POST \ --url https://api.euc1a1.example.com/v1/orgs/self/ws/commons/collections \ -H 'Authorization: ApiKey YOUR_API_KEY_HERE' \ -H 'Content-Type: application/json' \ -d '{ "name": "incoming_requests", "description": "All incoming delivery requests.", "sources": [ { "integration_name": "Redpanda-Ondemand-Delivery", "kafka": { "kafka_topic_name": "delivery-requests", "use_v3": false, "offset_reset_policy": "LATEST", "status": { "state":"ACTIVE" } } } ], "retention_secs": 259200 }'Refresh Expired or Revoked Credentials
Ideally, a web application should be able to detect expired or revoked credentials and request that end users reauthenticate. However, sometimes that doesn’t happen because the application lacks such a mechanism or the user’s web client is using cached data.
In these cases, the best way to refresh expired or revoked credentials is to clear your browser’s cookies and cache. This will cause the browser to completely reload the web application and may require the user to reauthenticate or log in to be able to access the requested URL.
Developers interacting with APIs should monitor active sessions, promptly identify expired credentials, and generate or refresh authentication tokens for any sessions that have expired. Automatically redirecting users to login pages is one way to ensure they reauthenticate and continue consuming content seamlessly.
Check for a Malformed Authenticated Request
As mentioned, your credentials may need to be formatted in a specific way and passed through some hashing or encryption algorithms before submitting. Developers need to carefully check the API documentation and other examples available to ensure they are constructing their requests correctly using the right hashing and cryptographic libraries for their framework or programming language.
Obtain the Required Permissions or Access Control Clearance
Whether you’re an end user or a developer, if you’re sure you should be able to access a specific resource or undertake a specific action with your current credentials, you need to contact the application owner or administrator to provide your account with the right access level.
If you are the owner of the application, ensure that your users have the appropriate permissions for their interaction with your site or application.
Cross-Check Server Configuration and Application Plugins
If you’re the application owner or maintainer, you need to check that your web server and file system configurations are correct, especially if you recently made any changes. You can also check your logs to find URLs returning a 401 error and resolve them accordingly. If you are using a content management system like WordPress, you can update WordPress and all installed plugins. You should also disable any incompatible or inactive plugins.
Adjust Firewall or Network Security Rules
You might be accessing a website that is restricted in your current network environment (for example, an office network). If you believe that site or content should be available to you for official purposes, then you can talk to your ISP or network administrator to resolve the problem.
You can also use a VPN or proxy connection to visit those websites to see if that resolves the issue. If you’re the site owner, you can check your server’s network firewall to see if it’s accidentally blocking legitimate traffic to your application or specific resources.
Further Troubleshoot Your 401 Unauthorized Error
Hopefully, one of the above solutions fixes your 401 Unauthorized error. However, this is not an exhaustive list, so you may need to search online using specific terms that provide the context of your error. You could use keywords such as the name of your web framework, library, plugin, programming language, or even the web server software, such as Nginx or Apache.
401 Unauthorized errors are common, so it’s likely that others have already faced similar variations and found an appropriate solution.
Conclusion
The 401 Unauthorized HTTP status code error is a frequent occurrence for anyone who browses the internet or uses web applications. However, most users are unaware of its meaning or how to resolve it. This article explained HTTP status codes and their functionality, including the specific 401 code and its significance.
This article covered some of the most common causes of this error and a few solutions depending on your level of access to a system. The causes covered here include missing or invalid authentication credentials, expired or revoked credentials, server misconfiguration, network connectivity issues involving firewalls, and a bad DNS cache.
However, as mentioned, it’s important to note that this list is not exhaustive, and if none of the presented solutions work, you may have to do some research depending on your specific circumstances. Luckily, this error is so common that someone out there has probably already found your solution.
Written by Rexford A. Nyarko
Related articles
Flexible DDoS mitigation with BGP Flowspec
For customers who understand their own network traffic patterns, rigid DDoS protection can be more of a limitation than a safeguard. That’s why Gcore supports BGP Flowspec: a flexible, standards-based method for defining granular filters that block or rate-limit malicious traffic in real time…before it reaches your infrastructure.In this article, we’ll walk through:What Flowspec is and how it worksThe specific filters and actions Gcore supportsCommon use cases, with example rule definitionsHow to activate and monitor Flowspec in your environmentWhat is the BGP Flowspec?BGP Flowspec (RFC 8955) extends Border Gateway Protocol to distribute traffic filtering rules alongside routing updates. Instead of static ACLs or reactive blackholing, Flowspec enables near-instantaneous propagation of mitigation rules across networks.BGP tells routers how to reach IP prefixes across the internet. With Flowspec, those same BGP announcements can now carry rules, not just routes. Each rule describes a pattern of traffic (e.g., TCP SYN packets >1000 bytes from a specific subnet) and what action to take (drop, rate-limit, mark, or redirect).What are the benefits of the BGP Flowspec?Most traditional DDoS protection services react to threats after they start, whether by blackholing traffic to a target IP, redirecting flows to a scrubbing center, or applying rigid, static filters. These approaches can block legitimate traffic, introduce latency, or be too slow to respond to fast-evolving attacks.Flowspec offers a more flexible alternative.Proactive mitigation: Instead of waiting for attacks, you can define known-bad traffic patterns ahead of time and block them instantly. Flowspec lets experienced operators prevent incidents before they start.Granular filtering: You’re not limited to blocking by IP or port. With Flowspec, you can match on packet size, TCP flags, ICMP codes, and more, enabling fine-tuned control that traditional ACLs or RTBH don’t support.Edge offloading: Filtering happens directly on Gcore’s routers, offloading your infrastructure and avoiding scrubbing latency.Real-time updates: Changes to rules are distributed across the network via BGP and take effect immediately, faster than manual intervention or standard blackholing.You still have the option to block traffic during an active attack, but with Flowspec, you gain the flexibility to protect services with minimal disruption and greater precision than conventional tools allow.Which parts of the Flowspec does Gcore implement?Gcore supports twelve filter types and four actions of the Flowspec.Supported filter typesGcore supports all 12 standard Flowspec match components.Filter FieldDescriptionDestination prefixTarget subnet (usually your service or app)Source prefixSource of traffic (e.g., attacker IP range)IP protocolTCP, UDP, ICMP, etc.Port / Source portMatch specific client or server portsDestination portMatch destination-side service portsICMP type/codeFilter echo requests, errors, etc.TCP flagsFilter packets by SYN, ACK, RST, FIN, combinationsPacket lengthFilter based on payload sizeDSCPQuality of service code pointFragmentMatch on packet fragmentation characteristicsSupported actionsGcore DDoS Protection supports the following Flowspec actions, which can be triggered when traffic matches a specific filter:ActionDescriptionTraffic-rate (0x8006)Throttle/rate limit traffic by byte-per-second rateredirectRedirect traffic to alternate location (e.g., scrubbing)traffic-markingApply DSCP marks for downstream classificationno-action (drop)Drop packets (rate-limit 0)Rule orderingRFC 5575 defines the implicit order of Flowspec rules. The crucial point is that more specific announcements take preference, not the order in which the rules are propagated.Gcore also respects Flowspec rule ordering per RFC 5575. More specific filters override broader ones. Future support for Flowspec v2 (with explicit ordering) is under consideration, pending vendor adoption.Blackholing and extended blackholing (eBH)Remote-triggered blackhole (RTBH) is a standardized protection method that the client manages via BGP by analyzing traffic, identifying the direction of the attack (i.e., the destination IP address). This method protects against volumetric attacks.Customers using Gcore IP Transit can trigger immediate blackholing for attacked prefixes via BGP, using the well-known blackhole community tag 65000:666. All traffic to that destination IP is dropped at Gcore’s edge.The list of supported BGP communities is available here.BGP extended blackholeExtended blackhole (eBH) allows for more granular blackholing that does not affect legitimate traffic. For customers unable to implement Flowspec directly, Gcore supports eBH. You announce target prefixes with pre-agreed BGP communities, and Gcore translates them into Flowspec mitigations.To configure this option, contact our NOC at noc@gcore.lu.Monitoring and limitationsGcore can support several logging transports, including mail and Slack.If the number of Flowspec prefixes exceeds the configured limit, Gcore DDoS Protection stops accepting new announcements, but BGP sessions and existing prefixes will stay active. Gcore will receive a notification that you reached the limit.How to activateActivation takes just two steps:Define rules on your edge router using Flowspec NLRI formatAnnounce rules via BGP to Gcore’s intermediate control planeThen, Gcore validates and propagates the filters to border routers. Filters are installed on edge devices and take effect immediately.If attack patterns are unknown, you’ll first need to detect anomalies using your existing monitoring stack, then define the appropriate Flowspec rules.Need help activating Flowspec? Get in touch via our 24/7 support channels and our experts will be glad to assist.Set up GRE and benefit from Flowspec today
Tuning Gcore CDN rules for dynamic application data caching
Caching services like content delivery networks (CDNs) can be a solid addition to your web stack. They lower response latency and improve user experience while also helping protect your origin servers through security features like access control lists (ACLs) and traffic filtering. However, if you’re running a highly dynamic web service, a misconfigured CDN might lead to the delivery of stale or, in the worst case, wrong data.If you’re hosting a dynamic web service and want to speed it up, this guide is for you. It explains the common issues dynamic services have with CDNs and how to solve them with Gcore CDN.How does dynamic data differ from static data?There are two main differences between static and dynamic data:Change frequency: Dynamic data changes more often than static data. Some websites stay the same for weeks or months; others change multiple times daily.Personalized responses: Static systems deliver the same response for a given URL path. Dynamic systems, by contrast, can generate different responses for each user, based on parameters like authentication, location, session data, or user preferences.Now, you might ask: Aren’t static websites simply HTML pages while dynamic ones are generated on-the-fly by application servers?It depends.A website consisting only of HTML pages might still be dynamic if the pages are changed frequently, and an application server that generates HTML responses can serve the same HTML forever and always provide everyone with the same content for a URL. The CDN network doesn’t know how you create the HTML. It only sees the finished product and decides how long it should cache it. You need to decide on a case-by-case basis.How do cache rules affect dynamic data?When using a CDN, you have to define rules that govern the caching of your data. If you consider this data dynamic, either because it changes frequently or because you deliver user-specific responses, those rules can drastically impact the user experience, ranging from the delivery of stale data to completely wrong data.Cache expirationFirst, consider cache expiration time. With Gcore CDN, you have two options:Let your origin server control it. This is ideal for dynamic systems using application servers because it gives you precise control without needing to adjust Gcore settings.Let Gcore CDN control it. This works well for static HTTP servers delivering HTML pages that change often. If you can’t modify the server’s cache configuration, using Gcore’s settings is easier.No matter which method you choose, understand what your users consider “stale” and set the expiration time accordingly.Query string handlingNext, decide how Gcore CDN should handle URL query parameters. Ignoring them can improve performance—but for dynamic systems that use query strings for server-side sorting, filtering, or pagination, this can break functionality.For example, a headless CMS might use: https://example.com/api/posts?sort=asc&start=99If the CDN ignores the query string, it will always deliver the cached response, even if new parameters are requested. So, make sure to disable the Ignore query string parameters setting when necessary.Cookie bypassingCookies are often used for session handling. While ignoring cookies can boost performance, doing so risks breaking applications that rely on them.For example: https://example.com/api/users/profileIf this endpoint relies on a session cookie, caching without considering the cookie will serve the same user profile to everyone. Be sure to disable “Ignore cookies” if your server uses them for authentication or personalization.Cache key customizationIf you need more detailed control over the caching, you can modify the cache key generation. This key defines the mapping of a request to a cache entry and allows you to manage the granularity of your caching.The Gcore Customer Portal offers basic customization functionality, and the support team can help with advanced rules. For example, adding the request method (e.g., GET, HEAD, POST, etc.) to your cache key ensures a single URL has a dedicated cache entry for each method instead of using one for all.GraphQL considerationsMost GraphQL implementations only use POST requests and include the GraphQL query in the request body. This means every GraphQL request will use the same URL and the same method, regardless of the query. Gcore CDN doesn’t check the request body when caching, so every query will result in the same cache key and override each other.To make sure the CDN doesn’t break your API, turn off caching for all your GraphQL endpoints.Path-based CDN rules for hybrid contentIf your application serves both static and dynamic content across different paths, Gcore CDN rules offer a powerful way to manage caching more granularly.Using the CDN rules engine, you can create specific rules for individual file paths or extensions. This allows you to apply dynamic-appropriate settings—like disabling caching or respecting cookies—only to dynamic endpoints (e.g., /api/**), while using more aggressive caching for static assets (e.g., /assets/**, /images/**, or /js/**).This path-level control delivers performance gains from CDN caching without compromising the correctness of dynamic content delivery.SummaryUsing a CDN is an easy way to improve your site’s performance, and even dynamic applications can benefit from CDN caching when configured correctly. Check that:Expiration times reflect real-world freshness needsQuery strings and cookies aren’t ignored if they affect the responseCache keys are customized where neededGraphQL endpoints are excluded from cachingCDN rules are used to apply different settings for dynamic and static pathsWith the right setup, you can safely speed up even the most complex applications.Explore our step-by-step guide to setting rules for particular files in Gcore CDN.Discover Gcore CDN
How AI is reshaping the future of interactive streaming
Interactive streaming is entering a new era. Artificial intelligence is changing how live content is created, delivered, and experienced. Advances in real-time avatars, voice synthesis, deepfake rendering, and ultra-low-latency delivery are giving rise to new formats and expectations.Viewers don’t want to be passive audiences anymore. They want to interact, influence, and participate. For platforms that want to lead, the stakes are growing: innovate now, or fall behind.At Gcore, we support this shift with global streaming infrastructure built to handle responsive, AI-driven content at scale. This article explores how real-time interactivity is evolving and how you can prepare for what’s next.A new era for live contentStreaming used to mean watching someone else perform. Today, it’s becoming a conversation between the creator and the viewer. AI tools are making live content more reactive and personalized. A cooking show host can take ingredient requests from the audience and generate live recipes. A language tutor can assess student pronunciation and adjust the lesson plan on the spot. These aren’t speculative use cases—they’re already being piloted.Traditional cameras and presenters are no longer required. Some creators now use entirely digital hosts, powered by motion capture and generative AI. They can stream with multiple personas, switch backgrounds on command, or pause for mid-session translations. This evolution is not about replacing humans but creating new ways to engage that scale across time zones, languages, and platforms.Creating virtual influencersVirtual influencers are digital characters designed to build audiences, promote products, and hold conversations with followers. Unlike human influencers, they don’t get tired, change jobs, or need extensive re-shoots when messaging changes. They’re fully programmable, and the most successful ones are backed by teams of writers, animators, and brand strategists.For example, a skincare company might launch a virtual influencer with a consistent tone, recognizable look, and 24/7 availability. This persona could host product tutorials in the morning, respond to DMs during the day, and livestream reactions to customer feedback at night—all in the local language of the audience.These characters are not limited to influencer marketing. A virtual celebrity might appear as a guest at a live product launch or provide commentary during a sports event. The point is consistency, scalability, and control. Gcore’s global delivery network ensures these digital personas perform without delay, wherever the audience is located.Real-time avatars and AI-generated personasReal-time avatars use motion capture and emotion detection to mimic human behavior with digital models. A fitness instructor can appear as a stylized avatar while tracking their own real movements. A virtual talk show host can gesture, smile, or pause in response to viewer comments. These avatars do more than just look the part—they respond dynamically.AI-generated personas build on this foundation with language generation and decision-making. For instance, an edtech company could deploy a digital tutor that asks learners comprehension questions and adapts its tone based on their engagement level. In entertainment, a music artist might perform live as a virtual character that reflects audience mood through color shifts, dance patterns, or facial expression.These experiences require ultra-low latency. If the avatar lags, the illusion collapses. Gcore’s infrastructure supports the real-time input-output loop needed to make digital characters feel present and responsive.Deepfake technology for creative storytellingDeepfakes are often associated with misinformation, but the same tools can be used to build engaging, high-integrity content. The technology enables face-swapping, voice cloning, and character animation, all of which are powerful in live formats.A museum might use deepfake avatars of historical figures for interactive educational sessions. Visitors could ask questions, and Abraham Lincoln or Golda Meir might respond with historically grounded answers in real time. A brand could create a fictional spokesperson who evolves over time, appearing in product demos, ads, and livestreams. Deepfake technology also allows multilingual content without re-recording—the speaker’s lip movements and tone are modified to match each language.These applications raise legitimate ethical questions. Gcore’s streaming infrastructure includes controls to ensure the source and integrity of AI-generated content are traceable and secure. We provide the technical foundation that enables deepfake use cases without compromising trust.Synthetic voices and personalized audioAudio is often overlooked in discussions about AI streaming, but it’s just as important as video. Synthetic voices today can express subtle emotions and match speaking styles. They can whisper, shout, pause for dramatic effect, and even mimic regional accents.Let’s consider a news platform that offers interactive daily briefings. Viewers choose their preferred language, delivery style (casual, serious, humorous), and even the voice profile. The AI generates a personalized broadcast on the fly. In gaming, synthetic characters can offer encouragement, warn about strategy mistakes, or narrate progress—all without human voice actors.Gcore’s streaming infrastructure ensures that synthetic voice outputs are tightly synchronized with video, so users don’t experience out-of-sync dialogue or lag during back-and-forth exchanges.Increasing interactivity through feedback and participationInteractivity in streaming now goes far beyond comments or emoji reactions. It includes live polls that influence story outcomes, branching narratives based on audience behavior, and user-generated content layered into the broadcast.For example, a live talent show might allow viewers to suggest challenges mid-broadcast. An online classroom could let students vote on the next topic. A product launch might include a real-time Q&A where the host pulls questions from chat and answers them in the moment.All of these use cases rely on real-time data processing, behavior tracking, and adaptive rendering. Gcore’s platform handles the underlying complexity so that creators can focus on building experiences, not infrastructure.Why low latency is criticalInteractive content only works if it feels immediate. A delay of even a second can break immersion, especially when users are trying to influence the outcome or receive a response. Low latency is essential for real-time gaming, sports, interviews, and educational formats.A live trivia game with hundreds of participants won’t retain users if there’s a lag between the question appearing and the timer starting. A remote surgery training session won’t work if the avatar’s responses trail behind the mentor’s instructions. In each of these cases, timing is everything.Gcore Video Streaming minimizes buffering, supports high-resolution streams, and synchronizes data flows to keep participants engaged. Our infrastructure is built to support high-throughput, globally distributed audiences with the responsiveness that interactive formats demand.Preparing for what’s nextAI-generated content is no longer a novelty. It’s becoming a standard feature of modern streaming strategies. Whether you’re building a platform that features virtual influencers, immersive avatars, or interactive educational streams, the foundation matters. That foundation is infrastructure.If you’re planning the next generation of live content, we’re ready to help you bring it to life. At Gcore, we provide the performance, scale, and security to launch these experiences with confidence. Our streaming solutions are designed to support real-time content generation, audience interaction, and global delivery without compromise.Want to see interactive streaming in action? Learn how fan.at used Gcore Video Streaming to deliver ultra-low-latency streams and boost fan engagement with real-time features.Read the case study
What are captions and subtitles, and how do they work?
Subtitles and captions are essential to consuming video content today. But how do they work behind the scenes?Creating subtitles and captions involves a five-step process to ensure that your video’s spoken and auditory content is accurately and effectively conveyed. The five steps are transcription, correction, synchronization/spotting, translation, and simulation/display on screen.The whole process is usually managed using specialized subtitle or caption creator software.In this blog, we explain the five steps in more detail, what the end user sees, and how to choose the right caption/subtitle service for your needs.Step 1: TranscriptionSpoken content is transformed into a text-based format. Formats are different ways to implement the textual elements, depending on technical needs.Transcription creates the raw materials that will be refined in stages 2–4.Step 2: CorrectionCorrection enhances readability by improving the textual flow. Punctuation, grammar, and sentence structure are adjusted so that the user’s reading experience is seamless and doesn’t detract from the content.Step 3: Synchronization/spottingNext, the text and audio are aligned precisely. Each caption or subtitle’s timing is adjusted so it appears and disappears at the correct moment.Step 4: TranslationTranslation is required for content intended for consumption in multiple languages. During this stage, it’s important to consider format requirements and character limitations. For example, a caption that fits on two lines in English might require three in Spanish, and so in Spanish, one caption becomes two. As a result, additional synchronization might be necessary.Step 5: Simulation/display on screenFinally, the captions or subtitles need to be integrated onto the end user’s screen. Formatting issues might arise at this stage, requiring tweaks for an optimal user experience.How does the end user see subtitles and captions?After the technical process of creating captions and subtitles, the next step is understanding how these elements appear to the end user. The type of captions you choose can greatly impact the user experience, especially when considering accessibility, engagement, and clarity. Below, we break down the different options available and how they serve different viewing scenarios.Open captions: These are always visible to viewers and are a fixed part of the video. They’re popular, for example, for video installations in museums and employee training videos—cases where maximum accessibility is the key consideration when it comes to captions and/or subtitles.Closed captions: Viewers can turn these on or off based on preference. For instance, an online course might offer this feature, allowing learners to choose how to consume the content. Students could opt temporarily to turn on closed captions to note the spelling of a new term introduced during the course.Real-time captions: These are great for live events like webinars, where the text appears almost simultaneously as the words are spoken. They keep the audience engaged in real time without missing out on crucial points. For example, ambient noise like chatter in a sports bar might obscure commentary on a live TV basketball game. Real-time captions allow viewers to benefit from near-live commentary regardless of the bar’s noise levels or if the TV’s sound is muted.Burned-in subtitles: These are etched onto the video and cannot be turned off. A promotional video targeting a multilingual audience might use this feature so that everyone understands the message, regardless of their language preference.What to look for in captioning and subtitling servicesTo deliver high-quality captions and subtitles, it's important to choose a provider that offers key features for accuracy, efficiency, and audience engagement.Original language transcription: Accurate documentation of every spoken word in your video for unrivaled accuracy.Tailored translation: Localized content that integrates translations with cultural relevance, increasing resonance with diverse audiences.Alignment synchronization: Time-annotated subtitles, matching words perfectly to the on-screen action.Automatic SRT file generation: A simplified subtitling and captioning process through effortless file creation for a better user experience.Transform your videos with cutting-edge captions and subtitles from GcoreNo matter your video content needs, it’s essential to be aware of the best type of captions and subtitles for your audience’s needs. Choosing the right format ensures a smoother viewing experience, better accessibility, and stronger engagement across every platform.Gcore Video Streaming offers subtitles and closed captions to enhance users’ experience. Each feature within the subtitling and captioning toolkit is crafted to expand your video content’s reach and impact, catering to a multitude of use cases. Embedding captions is quick and easy, and AI-automated speech recognition also saves you time and money.Try Gcore's automated subtitle and caption solution for free
Why captions and subtitles are essential for video engagement
From TikToks on silent commutes to training videos in noisy offices, silent viewing is now standard. Captions and subtitles aren’t just accessibility features anymore. They’re essential for user engagement, global reach, and video performance.This article explores why captions and subtitles matter and how they boost engagement with your videos, providing a better user experience for your audience. If you want to know how captions and subtitles work, we’ve got an article for that too.How subtitles and captions improve your video performanceSubtitles are now widely used across platforms and age groups. For many younger viewers, reading along while watching is second nature, especially on social media. For others, subtitles are a practical solution: watching videos in public spaces, scrolling during breaks, or learning on the go—all without needing sound.Captions offer tangible benefits across four key areas:Engagement and comprehension: Improve clarity in movies, boost understanding in online courses, and increase focus in business content.Accessibility and inclusion: Make content available to hard-of-hearing users and break language barriers for global audiences.SEO and discoverability: Search engines can crawl subtitle text, making your video content more findable, even when autoplayed without sound.Silent usability: Your content works in all environments, from crowded trains to quiet offices.Captions have shifted from niche to norm, helping creators reach more people, boost retention, and deliver clearer messages.Common challenges and their solutionsImplementing captions at scale poses three major challenges: cost, delay, and accuracy. Here's why these challenges exist and how Gcore Video Streaming can help you overcome them at the click of a button.CostInvesting in high-quality transcriptions can be a financial burden, especially for smaller players in online education. Specialized expertise is required for accurate educational content, and human oversight adds ongoing labor costs. Transcription is a recurring expense that grows with multiple languages or regulatory compliance.Gcore scalable AI-powered transcription services reduce reliance on costly manual processes, offering affordable, multi-language support with built-in compliance features, making transcription cost-effective for all budgets.Delay/latencyIn live events, even slight delays in captioning can disengage audiences. For example, in a Formula One race, missing real-time commentary on pit stops or track conditions can leave viewers confused or frustrated. Lagging captions fail to keep pace with the action, breaking immersion.Real-time AI ASR (automatic speech recognition) from Gcore minimizes captioning delay, so that live captions sync perfectly with events, keeping viewers fully engaged without lag.AccuracyA small text error in captions can distort the message and harm reputation. Errors in MOOCs or corporate webinars risk undermining credibility and discouraging future participation. Precision is critical to maintain trust and clarity.Gcore leverages advanced AI models fine-tuned for domain-specific vocabulary and includes automated quality checks, drastically reducing errors and preserving message integrity across all video content.Enhance your video content with Gcore AI-powered caption and subtitles toolsCaptions are now a strategic content layer, not just an accessibility checkbox. With video now the dominant format across marketing, education, and entertainment, it's critical to implement captions efficiently, affordably, and at scale.Gcore’s AI-powered Video Streaming lets you generate accurate, real-time captions across multiple languages with minimal developer effort. Built-in AI ASR (automatic speech recognition) means your captions stay synchronized even during fast-paced live events. Whether you’re running an LMS, hosting global events, or publishing OTT content, Gcore Video Streaming helps you scale captions with speed and precision.Request a demo of Gcore AI ASR
How to cut egress costs and speed up delivery using Gcore CDN and Object Storage
If you’re serving static assets (images, videos, scripts, downloads) from object storage, you’re probably paying more than you need to, and your users may be waiting longer than they should.In this guide, we explain how to front your bucket with Gcore CDN to cache static assets, cut egress bandwidth costs, and get faster TTFB globally. We’ll walk through setup (public or private buckets), signed URL support, cache control best practices, debugging tips, and automation with the Gcore API or Terraform.Why bother?Serving directly from object storage hits your origin for every request and racks up egress charges. With a CDN in front, cached files are served from edge—faster for users, and cheaper for you.Lower TTFB, better UXWhen content is cached at the edge, it doesn’t have to travel across the planet to get to your user. Gcore CDN caches your assets at PoPs close to end users, so requests don’t hit origin unless necessary. Once cached, assets are delivered in a few milliseconds.Lower billsMost object storage providers charge $80–$120 per TB in egress fees. By fronting your storage with a CDN, you only pay egress once per edge location—then it’s all cache hits after that. If you’re using Gcore Storage and Gcore CDN, there’s zero egress fee between the two.Caching isn’t the only way you save. Gcore CDN can also compress eligible file types (like HTML, CSS, JavaScript, and JSON) on the fly, further shrinking bandwidth usage and speeding up file delivery—all without any changes to your storage setup.Less origin traffic and less data to transfer means smaller bills. And your storage bucket doesn’t get slammed under load during traffic spikes.Simple scaling, globallyThe CDN takes the hit, not your bucket. That means fewer rate-limit issues, smoother traffic spikes, and more reliable performance globally. Gcore CDN spans the globe, so you’re good whether your users are in Tokyo, Toronto, or Tel Aviv.Setup guide: Gcore CDN + Gcore Object StorageLet’s walk through configuring Gcore CDN to cache content from a storage bucket. This works with Gcore Object Storage and other S3-compatible services.Step 1: Prep your bucketPublic? Check files are publicly readable (via ACL or bucket policy).Private? Use Gcore’s AWS Signature V4 support—have your access key, secret, region, and bucket name ready.Gcore Object Storage URL format: https://<bucket-name>.<region>.cloud.gcore.lu/<object> Step 2: Create CDN resource (UI or API)In the Gcore Customer Portal:Go to CDN > Create CDN ResourceChoose "Accelerate and protect static assets"Set a CNAME (e.g. cdn.yoursite.com) if you want to use your domainConfigure origin:Public bucket: Choose None for authPrivate bucket: Choose AWS Signature V4, and enter credentialsChoose HTTPS as the origin protocolGcore will assign a *.gcdn.co domain. If you’re using a custom domain, add a CNAME: cdn.yoursite.com CNAME .gcdn.co Here’s how it works via Terraform: resource "gcore_cdn_resource" "cdn" { cname = "cdn.yoursite.com" origin_group_id = gcore_cdn_origingroup.origin.id origin_protocol = "HTTPS" } resource "gcore_cdn_origingroup" "origin" { name = "my-origin-group" origin { source = "mybucket.eu-west.cloud.gcore.lu" enabled = true } } Step 3: Set caching behaviorSet Cache-Control headers in your object metadata: Cache-Control: public, max-age=2592000 Too messy to handle in storage? Override cache logic in Gcore:Force TTLs by path or extensionIgnore or forward query strings in cache keyStrip cookies (if unnecessary for cache decisions)Pro tip: Use versioned file paths (/img/logo.v3.png) to bust cache safely.Secure access with signed URLsWant your assets to be private, but still edge-cacheable? Use Gcore’s Secure Token feature:Enable Secure Token in CDN settingsSet a secret keyGenerate time-limited tokens in your appPython example: import base64, hashlib, time secret = 'your_secret' path = '/videos/demo.mp4' expires = int(time.time()) + 3600 string = f"{expires}{path} {secret}" token = base64.urlsafe_b64encode(hashlib.md5(string.encode()).digest()).decode().strip('=') url = f"https://cdn.yoursite.com{path}?md5={token}&expires={expires}" Signed URLs are verified at the CDN edge. Invalid or expired? Blocked before origin is touched.Optional: Bind the token to an IP to prevent link sharing.Debug and cache tuneUse curl or browser devtools: curl -I https://cdn.yoursite.com/img/logo.png Look for:Cache: HIT or MISSCache-ControlX-Cached-SinceCache not working? Check for the following errors:Origin doesn’t return Cache-ControlCDN override TTL not appliedCache key includes query strings unintentionallyYou can trigger purges from the Gcore Customer Portal or automate them via the API using POST /cdn/purge. Choose one of three ways:Purge all: Clear the entire domain’s cache at once.Purge by URL: Target a specific full path (e.g., /images/logo.png).Purge by pattern: Target a set of files using a wildcard at the end of the pattern (e.g., /videos/*).Monitor and optimize at scaleAfter rollout:Watch origin bandwidth dropCheck hit ratio (aim for >90%)Audit latency (TTFB on HIT vs MISS)Consider logging using Gcore’s CDN logs uploader to analyze cache behavior, top requested paths, or cache churn rates.For maximum savings, combine Gcore Object Storage with Gcore CDN: egress traffic between them is 100% free. That means you can serve cached assets globally without paying a cent in bandwidth fees.Using external storage? You’ll still slash egress costs by caching at the edge and cutting direct origin traffic—but you’ll unlock the biggest savings when you stay inside the Gcore ecosystem.Save money and boost performance with GcoreStill serving assets direct from storage? You’re probably wasting money and compromising performance on the table. Front your bucket with Gcore CDN. Set smart cache headers or use overrides. Enable signed URLs if you need control. Monitor cache HITs and purge when needed. Automate the setup with Terraform. Done.Next steps:Create your CDN resourceUse private object storage with Signature V4Secure your CDN with signed URLsCreate a free CDN resource now
Subscribe to our newsletter
Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.