Version 0.99.109.1.3-beta (WebKit 613.1.12)
When accessing a site that uses HTTP Basic Auth, (notwithstanding other reported bugs) it works fine. Orion's favicon request is however being made without setting the Authorization header, which means this request will normally fail.
Orion should use the Authorization header value from the session when requesting the favicon, so it is more likely to succeed. This might need to be cached if the user hasn't elected to store the password.