Something I've been thinking about lately is the correct use of headers; more specifically in what circumstances they should be sent. I've seen a lot of sites that don't bother with the majority of headers but I'm starting to believe this is an extremely bad practice. By sending the correct status codes in the header at all times it enables an API for interacting with your site to function far easier such as any software that can post using XML-RPC.
One example is when it comes to pages behind a login - how many people when coding just redirect the user to a log in page? I believe this is wrong - it should also send a 403 or 401 header to indicate that access to the page is restricted. This being said though, a login page should not send a 403 normally - it should send a 200 code unless the user has been redirected to it from a page that did require login.
Another example is the use of the 404 Not Found status code. Almost everyone will use it for files and URLs that cannot be found. Though there are other places you should also use a 404 code. If you're using a CMS or some other method that generates the page through a page that does exist but uses parameters to determine the page contents (such as this site) then there will also be circumstances where you also need to send a 404 - because the content being retrieved from the database doesn't exist. This is especially useful for deleted content to indicate to search engine crawlers that the content is no longer there. Otherwise it will check the page, receive a 200 OK status code and continue to keep the page indexed.
If you're interested in reading more about HTTP status codes there are more details available on the W3C website.
