EDIT: In an attempt to clarify my question, here's what I'm trying to understand.
If a web page embeds an image like so:
`<img src="...">`
How do browser handle receiving different HTTP error status codes from the image url? Is it very consistent across browser, and basically treated the same as if the image wasn't there (404) ?
Note that I'm aware that I can "just try it", but I don't have every browser/os/phone around to try it out on, and I'd like to understand how this actually works in reasonably modern desktop and mobile browsers (~IE9 and newer as a fuzzy line). Plus if anyone else is every wondering the same thing, they could come here and see the answer too ;-)
ORIGINAL QUESTION:
I'm implementing a REST service that returns images and videos securely for a client.
I was thinking it'd be nice to send out different HTTP response codes for different types of failures:
Will responding with these different error codes work exactly the same as a 404 response for all reasonably modern browsers from both an HTML and Javascript perspective?
I know the error code would be different of course, but what I'm trying to ensure is that no strange security errors pop up as a result of using these different HTTP responses.
A 403 is given by lots of public APIs, for example, Amazon's S3 service responds with a 403 when an object with a temporary access time expires.
e.g. An url like so would generate a 403 with the following response (Note: the below isn't a valid S3 url... keys/signature have been changed)
<Error>
<script/>
<Code>AccessDenied</Code>
<Message>Request has expired</Message>
<Expires>2015-02-24T13:02:33Z</Expires>
<ServerTime>2015-02-24T13:02:55Z</ServerTime>
<RequestId>F4949A0376EC9DCD</RequestId>
<HostId>
BV8KMzUcmymBUWctoB8mzFAhzcCAMil/F3NXP/KyKxJd/Hun6O2lUh4b0BsVcP9iwjL1sJxreug=
</HostId>
</Error>