Cannot access 'WWW-authenticate' header within $http response in angular

The Access-Control-Expose-Headers header can be set to include www-authenticate. This header will allow clients, including Angular, to read those response headers on a CORS request.

If you're using ASP.NET Web API, then you set the exposedHeaders either directly on the System.Web.Cors.CorsPolicy.ExposedHeaders parameter or you can add an attribute to the controller method. The attribute method is described at Enabling Cross-Origin Requests in ASP.NET Web API 2.

Here are a couple examples using ASP.NET Web API.

Example: Setting the ExposedHeaders parameter

var corsPolicy = new CorsPolicy();
corsPolicy.ExposedHeaders.Add("www-authenticate");

var corsOptions = new CorsOptions
{
    PolicyProvider = new CorsPolicyProvider
    {
        PolicyResolver = context => Task.FromResult(corsPolicy)
    }
};

app.UseCors(corsOptions);

Example: Using an attribute

[EnableCors(origins: "*", headers: "*", methods: "*", exposedHeaders: "www-authenticate")]
public class TestController : ApiController
{
    // ...
}

If you're using a different framework for your API, then you'll need to research that framework to see how to set the Access-Control-Expose-Headers header.