Basic HTTP Authentication getting blocked in a certain environment

Question

I have the need for a simple user/pass prompt on a page in an internal network, to pass those credentials along to an api call. I spent hours yesterday troubleshooting why this simple example:

    <?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>

When saved as "pw.php" on the root of my html/ dir, shows "Text to send if user hits Cancel button" with no sign of a prompt asking for username/passwd. I tested in Chrome/IE/Edge. I tested in multiple different (linux) VMs running apache 2.4; php 7.3.

I recreated, as closely as I could, this same setup at home. Same flavor of linux, same versions of apache and php. I created pw.php with the same code and immediately got a popup asking for user & password.

I verified both sides had $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] not defined before going to pw.php, at which point the home network shows both variables with the values I entered in the popup. The work network never shows "$_SERVER['PHP_AUTH_USER']" or "$_SERVER['PHP_AUTH_PW']".

Can anyone give me any ideas on what might be causing my work environment to act differently and never prompt for a password?

Both environments have a fairly new/fresh install of apache & php. All other functionality seem to be working, with complex website loading and running identically. I can't figure out what is causing this simple authentication POC from working. Thanks

Edit to add:

Using Chrome's network dev tool, I see a difference in:

Home: Status Code (200 OK)
Work: Status Code (401 Unauthorized) 

**Home Response Headers**
     Connection: Keep-Alive
     Keep-Alive: timeout=5, max=100
     (no authenticate attribute)
**Work Response Headers**
     Connection: close
     (no Keep-Alive attribute)
     "WWW-Authenticate: Basic realm="My Realm" 

There's a firewall on the work side but I have a similar "other work" network with similar firewall/F5/etc and there's no issues there.

When I clear cookies/cache and reload the home network while watching the network monitor in Chrome, I see the same "401 Unauthorized" and other headers until a user/pw is entered, then it goes to "200 OK". On the work side, I never get the prompt; so with the same request headers what else could I look for?