Comment by graypegg
4 hours ago
Your browser (if you're using one of the "usual ones") doesn't really do much with the response's status code if it doesn't match a few specific ones for redirecting/caching/protocol shenanigans.
Anything in the 4XX range is going to be treated as just a regular ol' response, just like 404. (You could serve an entire site with all responses set to status=404, and be fine... other than probably never getting any cache hits) If you don't include a body in the response, the browser might sub in it's own error page, but it will just communicate that the user agent made a bad request.
I've seen sites that use unexpected HTTP response codes, I think to try to defeat bots. The front page would return a 503 Service Unavailable, but the body was just normal content that would load a bot detection script and then redirect you to the actual content.
I successfully wrote a bot that would bypass it all, but it was weird, and became a slight challenge since I couldn't rely on response codes to determine if I succeeded. When I solved the challenge, it would return a 400 Bad Request while serving me the content I was looking for.
Once upon a time, Internet Explorer used to substitute its own error pages if the body of the error response was too short for its liking. Those depended on whcih error code it got. (I expect nobody has used an old enough IE to see those pages for at least a decade.)