AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-06-16 · Documentation low

File: waf/latest/developerguide/customizing-the-response-status-codes.md

Summary

Added documentation for HTTP status code 402 (Payment Required) used by the new Monetize action.

Security assessment

This change documents security-related functionality where the 402 response contains payment verification details and license terms. It supports the monetization security flow by providing machine-readable payment requirements to agents, but doesn't address any specific vulnerability.

Diff

diff --git a/waf/latest/developerguide/customizing-the-response-status-codes.md b/waf/latest/developerguide/customizing-the-response-status-codes.md
index c087d278e..8a895e2bb 100644
--- a//waf/latest/developerguide/customizing-the-response-status-codes.md
+++ b//waf/latest/developerguide/customizing-the-response-status-codes.md
@@ -76,0 +77,2 @@ The following are the HTTP status codes that AWS WAF supports for custom respons
+  * **402 (Payment Required)** – Used by the Monetize action to return a price manifest to AI agents. The response body contains machine-readable pricing, accepted payment methods, and license terms in JSON format.
+