diff --git a/core/lib/Drupal/Core/EventSubscriber/DefaultExceptionHtmlSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/DefaultExceptionHtmlSubscriber.php
index fc5375c..e3ec321 100644
--- a/core/lib/Drupal/Core/EventSubscriber/DefaultExceptionHtmlSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/DefaultExceptionHtmlSubscriber.php
@@ -16,6 +16,7 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
 
 /**
  * Exception subscriber for handling core default HTML error pages.
@@ -76,6 +77,16 @@ protected function getHandledFormats() {
   }
 
   /**
+   * Handles a 401 error for HTML.
+   *
+   * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
+   *   The event to process.
+   */
+  public function on401(GetResponseForExceptionEvent $event) {
+    $this->makeSubrequest($event, Url::fromRoute('system.401')->toString(), Response::HTTP_UNAUTHORIZED);
+  }
+
+  /**
    * Handles a 403 error for HTML.
    *
    * @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
@@ -107,6 +118,7 @@ public function on404(GetResponseForExceptionEvent $event) {
    */
   protected function makeSubrequest(GetResponseForExceptionEvent $event, $url, $status_code) {
     $request = $event->getRequest();
+    $exception = $event->getException();
 
     if (!($url && $url[0] == '/')) {
       $url = $request->getBasePath() . '/' . $url;
@@ -136,6 +148,12 @@ protected function makeSubrequest(GetResponseForExceptionEvent $event, $url, $st
 
         $response = $this->httpKernel->handle($sub_request, HttpKernelInterface::SUB_REQUEST);
         $response->setStatusCode($status_code);
+
+        // Persist any special HTTP headers that were set on the exception.
+        if ($exception instanceof HttpExceptionInterface) {
+          $response->headers->add($exception->getHeaders());
+        }
+
         $event->setResponse($response);
       }
       catch (\Exception $e) {
diff --git a/core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php b/core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php
index fcc2239..dfe6f1e 100644
--- a/core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php
+++ b/core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php
@@ -156,6 +156,31 @@ function testLocale() {
   }
 
   /**
+   * Tests if a comprehensive message is displayed rather then a raw exception
+   * when route is denied.
+   */
+  function testUnauthorizedErrorMessage() {
+    $account = $this->drupalCreateUser();
+    $url = Url::fromRoute('router_test.11');
+
+    // Case when no credentials are passed.
+    $this->drupalGet($url);
+    $this->assertResponse('401', 'The user is blocked when no credentials are passed.');
+    $this->assertNoText('Exception', "No raw exception is displayed on the page.");
+    $this->assertText('Please log in to access this page.', "A user friendly access unauthorized message is displayed.");
+
+    // Case when empty credentials are passed.
+    $this->basicAuthGet($url, NULL, NULL);
+    $this->assertResponse('403', 'The user is blocked when empty credentials are passed.');
+    $this->assertText('Access denied', "A user friendly access denied message is displayed");
+
+    // Case when wrong credentials are passed.
+    $this->basicAuthGet($url, $account->getUsername(), $this->randomMachineName());
+    $this->assertResponse('403', 'The user is blocked when wrong credentials are passed.');
+    $this->assertText('Access denied', "A user friendly access denied message is displayed");
+  }
+
+  /**
    * Does HTTP basic auth request.
    *
    * We do not use \Drupal\simpletest\WebTestBase::drupalGet because we need to
diff --git a/core/modules/system/src/Controller/Http4xxController.php b/core/modules/system/src/Controller/Http4xxController.php
index 7add79e..c664324 100644
--- a/core/modules/system/src/Controller/Http4xxController.php
+++ b/core/modules/system/src/Controller/Http4xxController.php
@@ -15,10 +15,22 @@
 class Http4xxController extends ControllerBase {
 
   /**
+   * The default 401 content.
+   *
+   * @return array
+   *   A render array containing the message to display for 401 pages.
+   */
+  public function on401() {
+    return [
+      '#markup' => $this->t('Please log in to access this page.'),
+    ];
+  }
+
+  /**
    * The default 403 content.
    *
    * @return array
-   *  A render array containing the message to display for 404 pages.
+   *   A render array containing the message to display for 404 pages.
    */
   public function on403() {
     return [
@@ -30,7 +42,7 @@ public function on403() {
    * The default 404 content.
    *
    * @return array
-   *  A render array containing the message to display for 404 pages.
+   *   A render array containing the message to display for 404 pages.
    */
   public function on404() {
     return [
diff --git a/core/modules/system/system.routing.yml b/core/modules/system/system.routing.yml
index 39755b6..661f4e0 100644
--- a/core/modules/system/system.routing.yml
+++ b/core/modules/system/system.routing.yml
@@ -7,6 +7,14 @@ system.ajax:
   requirements:
     _access: 'TRUE'
 
+system.401:
+  path: '/system/401'
+  defaults:
+    _controller: '\Drupal\system\Controller\Http4xxController:on401'
+    _title: 'Unauthorized'
+  requirements:
+    _access: 'TRUE'
+
 system.403:
   path: '/system/403'
   defaults: