34
votes

Sometimes (when the resource is requested too often) I'm intercepting the presentation of a (HTML) resource with a captcha. The interception doesn't produce any redirection. It happens all at the same URI.

I'm wondering now which HTTP status code would fit most for these requirements:

  • it should fit semantically.

  • Google should understand that this interception is a temporary condition which should not affect the existing resource in its index.

  • A web browser will display the response body with the captcha.

These are my candidates which I identified so far:

409 Conflict

The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request. The response body SHOULD include enough information for the user to recognize the source of the conflict.

This sounds perfect. The conflict state comes from those clients requesting the resource too often. The response also includes enough information to identify the source of conflict plus resolve it.

503 Service Unavailable

The server is currently unable to handle the request due to a temporary overloading […] of the server. The implication is that this is a temporary condition […]. If known, the length of the delay MAY be indicated in a Retry-After header.

This sounds moderately appropriate. I might even know the length of delay and provide such header. But I'm missing here the point that the user can resolve the problem. Furthermore the scope is too broad (overloaded server vs. overloaded resource).

2

2 Answers

14
votes

You may want to consider status code 429, defined in http://tools.ietf.org/html/rfc6585#section-4.

1
votes

For me 422 is somewhat accurate for this case:

response status code indicates that the server understands the content type of the request entity, and the syntax of the request entity is correct, but it was unable to process the contained instructions.