Authentication Header, the part of IPsec that provides authentication. AH is designed to "provide connectionless integrity and data origin authentication for IP datagrams, and to provide protection against replays." While it is supposed to authenticate the entire IP packet, some fields in the IP header (TTL, Checksum, Type of Service, IP Flags, and Fragment Offset are excluded in IPv4, as well as several of the IP Header Options).

AH is described and defined by RFC 2402.