4 comments

[ 2.7 ms ] story [ 36.4 ms ] thread
I return this as a status code for bad bots. It is my way of saying go sing the "teapot" song.
If the NSA is hacking into your site - that's the code to use :)
I return that status code for requests that aren't made over SSL, but only for sites which aren't meant for use by the general public.
In certain CTF, for example SQL injection challenges, the target webpage returns 418 to make more difficult the success of blind injection scripts (they will fail randomly, so you have to check that the return code is weird and retry)