What HTTP status code use when the required header is not specified?

Question

If the user sends request to the server and the link requires specific custom headers to be set in order to work. In this case the error code should be 400, 403 or 422 ?

Answer 1

The HTTP specification requires any client to treat the response as 400 by default if it does not understand the specific meaning of the final two digits. So you must always design with the assumption that some clients will treat the response as 400.

If you can find a 4xx status code whose special extra handling works better for your application, then use it. When the client understands enough to do that extra handling you are slightly better off than if you had sent the default status.

The currently registered status codes which seem to match your servers meaning are:

• 403 Forbidden - this is about server refusing the request until it is somehow changed. Preferrably with the reason stated in the response body.
• 406 Not Acceptible - this is more specifically about values in the request headers not being right. Most commonly used for the Accept: header values.
• 412 Precondition Failed - this is about the problems with headers involved with negotiating which response body would be sent. Most commonly used for the If-* header values.

The 403 seems to be most accurate for when a server refused to deliver anything unless the custom headers is sent.