The Distil platform is designed to detect and mitigate unwanted automation that performs login attacks and other undesirable behaviors. However, the Distil platform does not natively know if a web application is responding back to a successful or failed log in attempt. This is also true for credit card submissions, gift card checking, and other sensitive information checking.
Distil needs an identifier to know when a login or credit card submission attempt was unsuccessful. Distil recommends that failed form submission attempts use either a 401 or 403 HTTP response code. For the RFC on how the HTTP status code 401 should be used, refer to the following link.
By doing using a status code to differentiate between successful and failed login attempts, Distil is able to identify and measure the ration of attempted, successful, and failed login attempts.