Basic-Auth headers for functions url not working

I’ve been trying to lock 2 Netlify function url’s behind basic authentication. I think I’m following the correct steps, but when testing the the specified url’s don’t request any authentication.

I created a _headers file:

Basic-Auth: username:password
Basic-Auth: username:password

In my netlify.toml I added:

command = “yarn build && cp _headers public/_headers”
functions = “functions” # netlify-lambda reads this
publish = “public”

During deploying I can see it’s picking this up:

2:38:08 PM: ┌────────────────────────────────────┐
2:38:08 PM: │ 2. build.command from netlify.toml │
2:38:08 PM: └────────────────────────────────────┘
2:38:08 PM: $ yarn build && cp _headers public/_headers

Also after the deploy has finished and I download the deploy, I can see the _headers file. It’s equal to my local file.

However, with all this, when surfing to “” the page does not request a username and password. The page behaves like no authentication is present.

Does anyone know what might be missing in my setup?


Anyone an idea? Have been trying to find the solution, but no luck so far.

I followed steps of:

It’s a problem with the subscription. I was under the impression we were PRO users, but we’re not.