diff --git a/main.go b/main.go
index 2fad806..36a2b33 100644
--- a/main.go
+++ b/main.go
@@ -37,12 +37,14 @@ func (rcv *receiver) handleWebhooks(w http.ResponseWriter, r *http.Request) {
 	defer r.Body.Close()
 
 	if r.Method != http.MethodPost {
+		http.Error(w, "Only POST allowed", http.StatusMethodNotAllowed)
 		rcv.logger.Debugf("illegal HTTP method: expected %q, got %q", "POST", r.Method)
 		return
 	}
 
 	contentType := r.Header.Get("Content-Type")
 	if contentType != "application/json" {
+		http.Error(w, "Only application/json allowed", http.StatusUnsupportedMediaType)
 		rcv.logger.Debugf("illegal content type: %s", contentType)
 		return
 	}
@@ -117,6 +119,7 @@ func (rcv *receiver) basicAuthMiddleware(handler http.HandlerFunc) http.HandlerF
 		}
 
 		if user != rcv.cfg.User || pass != rcv.cfg.Password {
+			http.Error(w, "Unauthorized", http.StatusUnauthorized)
 			rcv.logger.Debug("basic auth: wrong user or password")
 			return
 		}