Quiz — Do You Know Your HTTP?
At work, we’ve recently experienced an unfortunate adventure. Before downtime (scheduled downtime), one of the ops guys updated the website maintenance page (the one that says “under renovation, come back later, sorry and stuff”). These kinds of pages have an attribute in common: they share a status code, a code that says to browsers and proxies “don’t remember this result because it is not the result to expect under normal circumstances.” But this day, at work, my colleague had forgotten to check this specific point, and the maintenance page said something like:
“Status: everything works as intended.
Content: no, not working.”
The dire consequence was that once we were done with the maintenance and asked him to reactivate the website … our client’s system kept showing them the dreaded maintenance page.
All because of the wrong status code.
And we couldn’t blame our client’s system because if everything was okay (according to our page), there were no reasons not to cache the result with the intent to deliver it faster in the future.
Luckily, no search engine came during that period to update their result pages — it would have been regrettable to see, as the first result in search engines, “Company name, not working”.
This was when I decided to write this quiz for the team, to see if everyone was well versed in the art of HTTP codes. And everyone was — But are you?
Let’s see.
Question #1
Your company used to sell this great product, but for a reason you have yet to understand, the CEO doesn’t want to hear about it anymore. He wants all references to this old product page to disappear. You delete the page … but when someone tries to access it, what status code should they see?
Answer
Of course, you should answer with a message that says, “Nope, not here.” But you also have to add, “and it won’t be back there at any time in the future.” And that’s 410 — Gone. You want all references from the outside world to this specific page to be (also) gone.
Question #2
Someone knows that your company is about to sell a new product, a new killer product (a game changer they say). This someone is trying to guess its name and tries to access web pages with these incorrect names. As a result, when this fan lands on your website, you have no choice but to say that the guess was wrong. What status code should you send to that person?
Answer
Yes, that one was easy, there are no other solutions than, “Don’t know what you’re talking about. The content doesn’t exist.” 404 — Not found.
Question #3
You’ve published a fantastic blog post on your website. Some people have already bookmarked it, but you realize that there is a typo in the URL … and you happen to be a perfectionist. The URL has to be fixed! Though, you still want the old link to work as intended because people have started to share it (and you don’t want those who followed the former link to land on a “404 — Not Found”.) What are you going to do about this?
Answer
Yes, you want your user to be automatically redirected to the new page, sending the browser a status code that says, “Hey, the content is now available there, and it will permanently be there, update your bookmark if possible.” And that’s 301 — Moved Permanently.
On a side note, don’t mess around with 301 responses, because some browsers take it seriously and will never again call the original URL, even if you type it directly in your address bar.
Question #4
It’s Black Friday today. You have resisted the urge to fill your users’ mailboxes with spam, but you still want them to land on a dedicated page (that has a different address than the common one) during this day. What should be the proper response to this need?
Answer
You’ll tell your users that you found what they were looking for, but that it is temporarily located elsewhere: 302 — Found. So next time they come to your website, they should keep asking for the former location (and chances are you’ll bring them somewhere else a few days later on Cyber Monday).
Question #5
Some ill-intentioned user tries to call a web service with corrupted data. The wannabe-hacker sends a string instead of an integer for the number of articles to order. Obviously, banana is not a valid number. But how will you let this person know that you have taken care of this situation?
Answer
By answering, “Stop messing around, this request is not a valid request.” And that’s 400 — Bad Request. (Meaning don’t send it again, I won’t ever handle it.)
Question #6
You have to put a whole different version of your application online while updating the database system while moving everything to a different data center while … well, you just have to update the whole system and can’t find a way to not interrupt the service for your beloved user. Your application won’t be accessible during the update, but you’ve managed to catch every request on a temporary server and need to tell your user that your IT is undergoing maintenance. What code goes along with the polite message asking for your user to come back at a later time? (Yes, this is the situation I was talking about in the introduction.)
Answer
HTTP 503 — Service Unavailable (And by the way, at work, it has become kind of a joke to say, “Just send a 200 OK, it’ll do.”)
Question #7
You had to deliver a half-finished application. Some of your end points are online, but they are not handling every use case that they should (and even if you’re mad about that, you have to wait until next week for the other team to be ready). Anyway, a user is not aware of this limitation and tries to query your API with this parameter that you don’t know how to deal with. You have to tell this beta tester the truth, which is you don’t know how to handle the request (yet). But how?
Answer
That’s a case of 501 — Not Implemented. The client request is OK, the server is online, but the code is not ready.
Question #8
The website database is down; the system cannot fulfill the answer for the user. You have to apologize, but what is the correct status code?
Answer
Yes, a stark 500 — Internal Server Error will do, along with apologies. Don’t hesitate to be creative there, showing unicorns, baby cats, puppies or whatever … depending on your user base, of course.
Question #9
Some user is snooping around your website, anonymously, and tries to consult a webpage that needs an authenticated user with the required credentials. Obviously, you see that none of these conditions are respected. How can you politely refuse to show the information?
Answer
401 — Unauthorized. As you don’t know who the user is, you can’t say whether they can access the information or not. So you just tell them that they are not authenticated.
Question #10
That same (unreasonable) person, once connected, tries to access that same page without the proper credentials. How do you politely insist and say that, “No, Mr. Headstrong, I won’t disclose the information”?
Answer
There are no other ways than, 403 — Forbidden. Of course, you could also try to be inconspicuous and say, 404 — Not found.
I hope you have enjoyed this little quiz! Don’t hesitate to add other questions in the comments :-)
Bonus Question — If you’re a teapot, what should you say? (Not a joke, it’s really in the norm)
