diff --git a/src/Microsoft.AspNetCore.Http.Connections.Client/Internal/WebSocketsTransport.cs b/src/Microsoft.AspNetCore.Http.Connections.Client/Internal/WebSocketsTransport.cs
index 6530953b5b..eeafd86822 100644
--- a/src/Microsoft.AspNetCore.Http.Connections.Client/Internal/WebSocketsTransport.cs
+++ b/src/Microsoft.AspNetCore.Http.Connections.Client/Internal/WebSocketsTransport.cs
@@ -82,6 +82,8 @@ namespace Microsoft.AspNetCore.Http.Connections.Client.Internal
                 _closeTimeout = httpOptions.CloseTimeout;
             }
 
+            // Set this header so the server auth middleware will set an Unauthorized instead of Redirect status code
+            // See: https://github.com/aspnet/Security/blob/ff9f145a8e89c9756ea12ff10c6d47f2f7eb345f/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs#L42
             _webSocket.Options.SetRequestHeader("X-Requested-With", "XMLHttpRequest");
 
             _logger = (loggerFactory ?? NullLoggerFactory.Instance).CreateLogger<WebSocketsTransport>();