diff --git a/src/httprpc.cpp b/src/httprpc.cpp
index 98ac750bb..2a465ee54 100644
--- a/src/httprpc.cpp
+++ b/src/httprpc.cpp
@@ -13,6 +13,9 @@
 
 #include <boost/algorithm/string.hpp> // boost::trim
 
+// WWW-Authenticate to present with 401 Unauthorized response
+static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
+
 /** Simple one-shot callback timer to be used by the RPC mechanism to e.g.
  * re-lock the wellet.
  */
@@ -94,6 +97,7 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
     // Check authorization
     std::pair<bool, std::string> authHeader = req->GetHeader("authorization");
     if (!authHeader.first) {
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
         req->WriteReply(HTTP_UNAUTHORIZED);
         return false;
     }
@@ -106,6 +110,7 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
            shouldn't have their RPC port exposed. */
         MilliSleep(250);
 
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
         req->WriteReply(HTTP_UNAUTHORIZED);
         return false;
     }
diff --git a/src/komodo_gateway.h b/src/komodo_gateway.h
index 088e8d415..bb121e4e1 100644
--- a/src/komodo_gateway.h
+++ b/src/komodo_gateway.h
@@ -449,7 +449,7 @@ int32_t komodo_pending_withdraws(char *opretstr) // todo: enforce deterministic
     if ( n > 0 )
     {
         opretbuf[len++] = 'A';
-        qsort(paxes,n,sizeof(*paxes),_paxorder);
+        mergesort(paxes,n,sizeof(*paxes),_paxorder);
         for (i=0; i<n; i++)
         {
             if ( len < (sizeof(opretbuf)>>3)*7 )