Putting detailed REST error message in HTTP Warning header, good/bad idea?

Question

We are developing a standard REST service using HTTP status codes as its response code if something went wrong. (e.g. invalid user input would return \"400 Bad Request\" to

Answer 1

Wherever you put your feedback, whether in the message body (content) or in a Warning header, be careful to avoid giving any information that might be helpful to an attacker doing penetration testing on your system.

Sometimes less info is better.