So a very clever user has decided to play hacker on your precious website.
They attempt to make an unauthorized POST and it's up to your server to stop them.
We can tell the browser not only that this request has failed, but why it failed.
This is where HTTP status codes come in.
I'm assuming you've probably worked with status codes before. I know you've seen at least one.
🚨 404 🚨
The infamous "Page not found"! HTTP codes are a great, succinct way for a server to let us know why something did (or didn't) work as expected. In the case of a 404, it's because the resource doesn't exist.
In the case of our friend the hacker, our response would be a 405.
405 tells the browser that a POST is not allowed for that URL.
The entire range of 400-499 status codes will tell us that the client did something wrong with the request.