diff --git a/www/pr.php b/www/pr.php
index 2a728fc..747b78b 100644
--- a/www/pr.php
+++ b/www/pr.php
@@ -3,24 +3,27 @@ include('config.php');
 
 // check for POST request
 if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-    error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
-    exit();
+  header("HTTP/1.1 405 Method Not Allowed");
+  error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
+  exit();
 }
 
 // get content type
 $content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
 
 if ($content_type != 'application/json') {
-    error_log('FAILED - not application/json - '. $content_type);
-    exit();
+  header("HTTP/1.1 403 Forbidden");
+  error_log('FAILED - not application/json - '. $content_type);
+  exit();
 }
 
 // get payload
 $payload = trim(file_get_contents("php://input"));
 
 if (empty($payload)) {
-    error_log('FAILED - no payload');
-    exit();
+  header("HTTP/1.1 403 Forbidden");
+  error_log('FAILED - no payload');
+  exit();
 }
 
 // convert json to array
@@ -28,14 +31,16 @@ $decoded = json_decode($payload, true);
 
 // check for json decode errors
 if (json_last_error() !== JSON_ERROR_NONE) {
-    error_log('FAILED - json decode - '. json_last_error());
-    exit();
+  header("HTTP/1.1 403 Forbidden");
+  error_log('FAILED - json decode - '. json_last_error());
+  exit();
 }
 
 if($decoded['secret'] != $secret_key['pr']) {
-    echo("WRONG SECRET");
-    error_log('FAILED - wrong secret key');
-    exit();
+  header("HTTP/1.1 403 Forbidden");
+  echo("WRONG SECRET");
+  error_log('FAILED - wrong secret key');
+  exit();
 }
 
 file_put_contents("log.txt", print_r($decoded, true));
@@ -56,5 +61,4 @@ foreach($recipients['pr'] as $recp) {
   mail($recp, $subject, $message, $from);
 }
 echo("SENT");
-// success, do something
 ?>