The Oracle Problem — How HTTP Compliance Leaks Information
HTTP status codes are designed to be informative. That's exactly what makes them dangerous. Part 1 of a series on how RFC-compliant behavior creates exploitable information channels — and when breaking the spec is the right call.