HTTP Status Codes
Every HTTP status code with its meaning
1xx — Informational
100
Continue
The server received the request headers. The client should proceed to send the body. Used with large uploads to confirm the server is ready.
101
Switching Protocols
The server is switching to the protocol requested by the client via the Upgrade header. Common when upgrading HTTP to WebSocket.
102
Processing
The server received the request and is working on it, but has no response yet. Prevents the client from timing out on long operations.
103
Early Hints
The server sends preliminary headers before the final response. Used to preload resources (CSS, JS) while the server prepares the full response.
2xx — Success
200
OK
The request succeeded. The most common response for successful GET, PUT, or DELETE requests. The response body contains the requested data.
201
Created
The request succeeded and a new resource was created. Typical response for successful POST requests. Should include a Location header.
202
Accepted
The request was accepted for processing, but hasn't completed yet. Used for async operations like batch jobs or queued tasks.
203
Non-Authoritative Information
The response was modified by a proxy or intermediate server. The data is valid but may differ from the origin server's response.
204
No Content
The request succeeded but there's nothing to return. Common for successful DELETE requests or PUT updates that don't need to return data.
205
Reset Content
Like 204, but the client should reset the document view. Used to tell the browser to clear a form after successful submission.
206
Partial Content
The server is returning only part of the resource due to a Range header. Used for resumable downloads and video streaming.
207
Multi-Status
A WebDAV response containing multiple status codes for multiple operations. The body is an XML document with individual results.
208
Already Reported
WebDAV. The members of a DAV binding have already been listed in a previous response and are not included again.
226
IM Used
The server fulfilled a GET request using instance-manipulation. The response is a representation of the result of one or more manipulations applied to the current instance.
3xx — Redirection
300
Multiple Choices
There are multiple options for the resource. The server might list alternatives in the response body. Rarely used in practice.
301
Moved Permanently
The resource has permanently moved to a new URL. Search engines transfer ranking to the new URL. Browsers cache this redirect.
302
Found
The resource is temporarily at a different URL. Originally meant 'Moved Temporarily'. Browsers often incorrectly change POST to GET on redirect.
303
See Other
The response is at a different URL and should be retrieved with GET. Used after POST/PUT to redirect to a confirmation page.
304
Not Modified
The resource hasn't changed since the last request. The client should use its cached copy. Triggered by If-None-Match or If-Modified-Since headers.
307
Temporary Redirect
Like 302, but the client must use the same HTTP method for the redirected request. POST stays POST, unlike 302's ambiguous behavior.
308
Permanent Redirect
Like 301, but the client must use the same HTTP method. POST stays POST. Used when you need a permanent redirect that preserves the method.
4xx — Client Error
400
Bad Request
The server couldn't understand the request due to malformed syntax, invalid parameters, or missing required fields. Check your request format.
401
Unauthorized
Authentication is required but missing or invalid. Despite the name, this is about authentication (who you are), not authorization (what you can do).
402
Payment Required
Reserved for future use. Some APIs use it to indicate a billing issue or exceeded quota, but it has no standard behavior.
403
Forbidden
The server understood the request but refuses to authorize it. Unlike 401, re-authenticating won't help — you simply don't have permission.
404
Not Found
The server can't find the requested resource. The most well-known error code. Could mean the URL is wrong or the resource was deleted.
405
Method Not Allowed
The HTTP method (GET, POST, etc.) is not supported for this URL. The response should include an Allow header listing valid methods.
406
Not Acceptable
The server can't produce a response matching the Accept headers sent by the client. Usually a content negotiation issue.
407
Proxy Authentication Required
Like 401, but authentication is needed with an intermediate proxy server, not the origin server.
408
Request Timeout
The server timed out waiting for the client's request. The client took too long to send data. Can be retried.
409
Conflict
The request conflicts with the current state of the server. Common for version conflicts in PUT requests or duplicate resource creation.
410
Gone
The resource is permanently gone and won't be coming back. Unlike 404, this is intentional and permanent. Search engines remove 410 pages faster.
411
Length Required
The server requires a Content-Length header in the request. Add it and retry.
412
Precondition Failed
A condition in the request headers (If-Match, If-Unmodified-Since) evaluated to false. Used for conditional updates to prevent conflicts.
413
Content Too Large
The request body exceeds the server's size limit. Try reducing the payload or uploading in chunks. Formerly called 'Payload Too Large'.
414
URI Too Long
The URL is too long for the server to process. Usually means too many query parameters. Consider using POST with a body instead.
415
Unsupported Media Type
The server doesn't support the Content-Type of the request. Check you're sending the right format (JSON, XML, form data, etc.).
416
Range Not Satisfiable
The requested byte range is invalid or outside the file's size. Common with partial downloads when the file has changed.
417
Expectation Failed
The server can't meet the requirements of the Expect header. Usually related to Expect: 100-continue.
418
I'm a Teapot
An April Fools' joke from 1998 (RFC 2324). The server refuses to brew coffee because it is a teapot. Not expected to be implemented by real servers.
421
Misdirected Request
The request was sent to a server that can't produce a response. Can happen with HTTP/2 connection coalescing when certificates don't match.
422
Unprocessable Content
The request was well-formed but contains semantic errors. Common in APIs when validation fails (e.g., email format invalid, date in the past).
423
Locked
The WebDAV resource is locked. Another user or process has an exclusive lock on it.
424
Failed Dependency
A WebDAV request failed because it depended on another request that also failed.
425
Too Early
The server won't process a request that might be replayed in a TLS 1.3 early data (0-RTT) scenario to prevent replay attacks.
426
Upgrade Required
The server refuses the request using the current protocol but might accept it after the client upgrades. Response includes an Upgrade header.
428
Precondition Required
The server requires the request to be conditional (include If-Match or similar headers) to prevent lost-update conflicts.
429
Too Many Requests
Rate limiting — you've sent too many requests in a given time window. Check the Retry-After header for when to try again.
431
Request Header Fields Too Large
The server won't process the request because the headers are too large. Often caused by oversized cookies.
451
Unavailable For Legal Reasons
Access is denied for legal reasons (censorship, court order, GDPR). Named after Ray Bradbury's Fahrenheit 451.
5xx — Server Error
500
Internal Server Error
The server encountered an unexpected condition. The catch-all error for unhandled exceptions. Check server logs for the actual cause.
501
Not Implemented
The server doesn't support the requested HTTP method. Different from 405 — this means the method isn't implemented at all, not just for this URL.
502
Bad Gateway
The server acting as a gateway/proxy received an invalid response from the upstream server. Usually means the backend service is down or misbehaving.
503
Service Unavailable
The server can't handle the request right now — typically due to overload or maintenance. Should be temporary. Check the Retry-After header.
504
Gateway Timeout
The gateway/proxy server didn't get a response from the upstream server in time. The backend is too slow or unresponsive.
505
HTTP Version Not Supported
The server doesn't support the HTTP version used in the request. Rare in practice.
506
Variant Also Negotiates
Transparent content negotiation resulted in a circular reference. A misconfiguration error.
507
Insufficient Storage
The WebDAV server can't store the representation needed to complete the request. The server is out of disk space.
508
Loop Detected
The WebDAV server detected an infinite loop while processing a request with Depth: infinity.
510
Not Extended
The server requires further extensions to the request to fulfill it.
511
Network Authentication Required
The client needs to authenticate to access the network. Used by captive portals (hotel/airport WiFi login pages).
What are HTTP Status Codes?
HTTP status codes are three-digit numbers a server sends back with every response. They tell you whether a request succeeded (2xx), got redirected (3xx), had a client error (4xx), or hit a server problem (5xx).