HTTP Status Codes

Interactive HTTP status code reference

1xx Informational

100
Continue
The server has received the request headers and the client should proceed to send the request body.
101
Switching Protocols
The requester has asked the server to switch protocols and the server has agreed to do so.
102
Processing
The server has received and is processing the request, but no response is available yet.
103
Early Hints
Used to return some response headers before final HTTP message.

2xx Success

200
OK
The request has succeeded. The meaning of the success depends on the HTTP method.
201
Created
The request has been fulfilled and a new resource has been created.
202
Accepted
The request has been accepted for processing, but the processing has not been completed.
203
Non-Authoritative Information
The returned meta-information is not from the origin server but from a local or third-party copy.
204
No Content
The server has fulfilled the request but does not need to return a body.
205
Reset Content
The server has fulfilled the request and the user agent should reset the document view.
206
Partial Content
The server is delivering only part of the resource due to a range header sent by the client.
207
Multi-Status
A Multi-Status response conveys information about multiple resources in situations where multiple status codes might be appropriate.
208
Already Reported
Used inside a DAV: propstat response element to avoid enumerating the internal members of multiple bindings to the same collection repeatedly.
226
IM Used
The server has fulfilled a GET request for the resource and the response is a representation of one or more instance-manipulations applied to the current instance.

3xx Redirection

300
Multiple Choices
The request has more than one possible response. The user agent should choose one of them.
301
Moved Permanently
The requested resource has been permanently moved to a new URL.
302
Found
The requested resource resides temporarily under a different URL.
303
See Other
The response to the request can be found under a different URL using the GET method.
304
Not Modified
The resource has not been modified since the version specified by the request headers.
305
Use Proxy
The requested resource must be accessed through the proxy given by the Location field.
307
Temporary Redirect
The request should be repeated with another URI but future requests should still use the original URI.
308
Permanent Redirect
The request and all future requests should be repeated using another URI.

4xx Client Error

400
Bad Request
The server cannot or will not process the request due to an apparent client error.
401
Unauthorized
Authentication is required and has failed or has not yet been provided.
402
Payment Required
Reserved for future use. Originally intended for digital payment schemes.
403
Forbidden
The server understood the request but refuses to authorize it.
404
Not Found
The requested resource could not be found on the server.
405
Method Not Allowed
The request method is not supported for the requested resource.
406
Not Acceptable
The requested resource is capable of generating only content not acceptable according to the Accept headers.
407
Proxy Authentication Required
The client must first authenticate itself with the proxy.
408
Request Timeout
The server timed out waiting for the request.
409
Conflict
The request could not be processed because of conflict in the current state of the resource.
410
Gone
The resource requested is no longer available and will not be available again.
411
Length Required
The request did not specify the length of its content, which is required by the requested resource.
412
Precondition Failed
The server does not meet one of the preconditions specified in the request headers.
413
Payload Too Large
The request is larger than the server is willing or able to process.
414
URI Too Long
The URI provided was too long for the server to process.
415
Unsupported Media Type
The request entity has a media type which the server does not support.
416
Range Not Satisfiable
The client has asked for a portion of the file, but the server cannot supply that portion.
417
Expectation Failed
The server cannot meet the requirements of the Expect request-header field.
418
I'm a Teapot
The server refuses the attempt to brew coffee with a teapot.
421
Misdirected Request
The request was directed at a server that is not able to produce a response.
422
Unprocessable Entity
The request was well-formed but was unable to be followed due to semantic errors.
423
Locked
The resource that is being accessed is locked.
424
Failed Dependency
The request failed because it depended on another request and that request failed.
425
Too Early
The server is unwilling to risk processing a request that might be replayed.
426
Upgrade Required
The client should switch to a different protocol.
428
Precondition Required
The origin server requires the request to be conditional.
429
Too Many Requests
The user has sent too many requests in a given amount of time.
431
Request Header Fields Too Large
The server is unwilling to process the request because its header fields are too large.
451
Unavailable For Legal Reasons
The resource is unavailable due to legal demands.

5xx Server Error

500
Internal Server Error
A generic error message when the server encounters an unexpected condition.
501
Not Implemented
The server does not recognize the request method or lacks the ability to fulfill the request.
502
Bad Gateway
The server received an invalid response from the upstream server.
503
Service Unavailable
The server is not ready to handle the request, often due to maintenance or overloading.
504
Gateway Timeout
The server was acting as a gateway and did not receive a timely response from the upstream server.
505
HTTP Version Not Supported
The server does not support the HTTP version used in the request.
506
Variant Also Negotiates
Transparent content negotiation for the request results in a circular reference.
507
Insufficient Storage
The server is unable to store the representation needed to complete the request.
508
Loop Detected
The server detected an infinite loop while processing the request.
510
Not Extended
Further extensions to the request are required for the server to fulfill it.
511
Network Authentication Required
The client needs to authenticate to gain network access.

How to use the HTTP Status Codes Reference

  1. Browse by category using the grouped sections: 1xx Informational, 2xx Success, 3xx Redirection, 4xx Client Error, and 5xx Server Error.
  2. Search for a specific code by typing the status number or a keyword (like "not found" or "unauthorized") in the search field.
  3. Click on any status code to see its detailed description, common causes, and usage guidance.
  4. Use it as a reference during development, debugging, or API design to ensure you are returning semantically correct status codes.

What are HTTP Status Codes?

HTTP status codes are three-digit numbers returned by a web server in response to a client's request. They are defined in RFC 9110 (which superseded RFC 7231) and are fundamental to how the web works. Every time your browser loads a page, submits a form, or calls an API, the server responds with a status code indicating the outcome.

The codes are organized into five classes:

1xx (Informational): The request was received and the server is continuing to process it. 100 Continue tells the client to proceed with sending the request body. 101 Switching Protocols is used in WebSocket handshakes.

2xx (Success): The request was successfully received, understood, and accepted. 200 OK is the standard success response. 201 Created indicates a new resource was created (common in REST APIs after POST requests). 204 No Content means success with no response body (common for DELETE operations).

3xx (Redirection): The client must take additional action to complete the request. 301 Moved Permanently tells search engines and browsers to update their records. 302 Found (temporary redirect) and 304 Not Modified (use your cached version) are also common.

4xx (Client Error): The request contains an error on the client's side. 400 Bad Request for malformed syntax, 401 Unauthorized for missing authentication, 403 Forbidden for insufficient permissions, 404 Not Found for nonexistent resources, and 429 Too Many Requests for rate limiting.

5xx (Server Error): The server failed to fulfill a valid request. 500 Internal Server Error is the generic catch-all. 502 Bad Gateway means an upstream server sent an invalid response. 503 Service Unavailable indicates temporary overload or maintenance.

Common use cases

  • API design: Choosing the correct status code for each endpoint response is a core part of RESTful API design. This reference helps you select semantically appropriate codes.
  • Debugging failed requests: When an API call returns an unexpected status code, looking up its meaning is the first step in diagnosing the issue.
  • Monitoring and alerting: DevOps engineers configure alerts based on status code patterns. A spike in 5xx errors indicates a server problem; increased 4xx errors may signal a broken client integration.
  • SEO and web crawling: Understanding 301 vs. 302 redirects is critical for SEO. Incorrect redirects can cause search engines to lose page ranking.

FAQ

Q: What is the difference between 401 and 403? A: 401 Unauthorized means the request lacks valid authentication credentials -- the user needs to log in. 403 Forbidden means the user is authenticated but does not have permission to access the resource. Despite the confusing name, 401 is about authentication, not authorization.

Q: When should I use 404 vs. 410? A: Use 404 Not Found when a resource does not exist and may or may not have existed before. Use 410 Gone when you know the resource previously existed but has been permanently deleted. The 410 status tells search engines to remove the URL from their index more quickly.

Q: Is it bad practice to always return 200 with an error in the body? A: Yes. This is a common anti-pattern in APIs. Returning 200 OK with {"error": "not found"} in the body defeats the purpose of status codes. HTTP clients, proxies, CDNs, and monitoring tools rely on status codes to understand responses without parsing the body.

Is my data safe?

Yes. This tool runs entirely in your browser. Your data is never sent to our servers.

How to use the HTTP Status Codes Reference

  1. Browse by category using the grouped sections: 1xx Informational, 2xx Success, 3xx Redirection, 4xx Client Error, and 5xx Server Error.
  2. Search for a specific code by typing the status number or a keyword (like "not found" or "unauthorized") in the search field.
  3. Click on any status code to see its detailed description, common causes, and usage guidance.
  4. Use it as a reference during development, debugging, or API design to ensure you are returning semantically correct status codes.

What are HTTP Status Codes?

HTTP status codes are three-digit numbers returned by a web server in response to a client's request. They are defined in RFC 9110 (which superseded RFC 7231) and are fundamental to how the web works. Every time your browser loads a page, submits a form, or calls an API, the server responds with a status code indicating the outcome.

The codes are organized into five classes:

1xx (Informational): The request was received and the server is continuing to process it. 100 Continue tells the client to proceed with sending the request body. 101 Switching Protocols is used in WebSocket handshakes.

2xx (Success): The request was successfully received, understood, and accepted. 200 OK is the standard success response. 201 Created indicates a new resource was created (common in REST APIs after POST requests). 204 No Content means success with no response body (common for DELETE operations).

3xx (Redirection): The client must take additional action to complete the request. 301 Moved Permanently tells search engines and browsers to update their records. 302 Found (temporary redirect) and 304 Not Modified (use your cached version) are also common.

4xx (Client Error): The request contains an error on the client's side. 400 Bad Request for malformed syntax, 401 Unauthorized for missing authentication, 403 Forbidden for insufficient permissions, 404 Not Found for nonexistent resources, and 429 Too Many Requests for rate limiting.

5xx (Server Error): The server failed to fulfill a valid request. 500 Internal Server Error is the generic catch-all. 502 Bad Gateway means an upstream server sent an invalid response. 503 Service Unavailable indicates temporary overload or maintenance.

Common use cases

  • API design: Choosing the correct status code for each endpoint response is a core part of RESTful API design. This reference helps you select semantically appropriate codes.
  • Debugging failed requests: When an API call returns an unexpected status code, looking up its meaning is the first step in diagnosing the issue.
  • Monitoring and alerting: DevOps engineers configure alerts based on status code patterns. A spike in 5xx errors indicates a server problem; increased 4xx errors may signal a broken client integration.
  • SEO and web crawling: Understanding 301 vs. 302 redirects is critical for SEO. Incorrect redirects can cause search engines to lose page ranking.

FAQ

Q: What is the difference between 401 and 403? A: 401 Unauthorized means the request lacks valid authentication credentials -- the user needs to log in. 403 Forbidden means the user is authenticated but does not have permission to access the resource. Despite the confusing name, 401 is about authentication, not authorization.

Q: When should I use 404 vs. 410? A: Use 404 Not Found when a resource does not exist and may or may not have existed before. Use 410 Gone when you know the resource previously existed but has been permanently deleted. The 410 status tells search engines to remove the URL from their index more quickly.

Q: Is it bad practice to always return 200 with an error in the body? A: Yes. This is a common anti-pattern in APIs. Returning 200 OK with {"error": "not found"} in the body defeats the purpose of status codes. HTTP clients, proxies, CDNs, and monitoring tools rely on status codes to understand responses without parsing the body.

Is my data safe?

Yes. This tool runs entirely in your browser. Your data is never sent to our servers.