Password page should have 401 HTTP status

Hi! Feedback/bug:

When using the “Password Protected Site” feature, the password page has an HTTP 200 OK response code. I believe this should actually be 401 Unauthorized.

Returning the wrong response code means that certain automated tests don’t flag a password protected site correctly.



Thanks for writing in, this is a good idea so I filed an issue for our team to look at. I can’t say when it’ll be addressed, but we’ll update this thread when that happens. Note that as an alternative, you can use http basic auth which will return a 401:


The use case issue is monitoring for people accidentally turning on password protection for production sites via Netlify UI, which basic auth wouldn’t have any bearing on.