Reminds me of this DefCon talk which discussed the effects of returning different HTTP status codes on various vulnerability scanners (without affecting the web browser).
https://www.youtube.com/watch?v=4OztMJ4EL1s
Differentials in how browsers handled weird status codes allowed for fingerprinting.
Differentials in how different automated tools/scanners handled weird status codes allowed for defensive tactics.
Differentials in how browsers handled weird status codes allowed for fingerprinting. Differentials in how different automated tools/scanners handled weird status codes allowed for defensive tactics.