Are there common situations that cause a "401 Error" being displayed without a login dialog being displayed first?

Perhaps this is a somewhat broad question, but I am currently relying on shots in the dark ...

We sometimes provide access to some web URLs (running Apache 2.4) protected by basic password protection. I have never seen it myself, but every now and then I hear from external users that they are immediately seeing a 401 Unauthorized error. While it is true that the server reply is by design a 401 error code, it is also accompanied by a www-authenticate header, and this should trigger a login dialog at the user's end (where they should enter the credentials we gave them). In the cases in question, it is reported that no login dialog appeared. Unfortunately, I never have direct contact with the affected external users that would allow me a deeper analysis.

• Does there exist a somewhat common browser that does not understand the www-authenticate machanism? CanIUse surprisingly suggests that Sfari and Opera are problematic - however I just made a successfull test with one of them.
• Do there exist other common obstacles, e.g., firewall policies that rigorously strip the needed http headers?
• Any other ideas what could be going wrong in these cases, or what I could test?

EDIT: Regarding things that were suggested for consideration:

• The URLs in question are https: (may I say - of course?)
• The problems occur with first-time users, i.e., they never get "in" in the first place. (Nevertheless, my understanding would be that a cached wrong password is supposed to trigger the dialog for the user to try again). This also seems to rule out password manager problems
• I doubt that the affected users have settings in place that make them automatically try their windows credentials or other automatic logins with (to them) foreign internet hosts.