@Mtt Yeah, I don't have an opinion about the actual HTTP status code. It could be whatever. As long as there's no way for an attacker to tell if there's been a note at a certain URL or not, like in Apple's case, I'm happy. 😊