HTTP Status Codes
Every HTTP response begins with a three-digit status code. The first digit identifies the class of response, the remaining two specify the meaning within that class.
On this page
1xx — Informational
The request has been received and the server is continuing to process. Modern clients rarely need to handle 1xx responses directly; servers send them and frameworks deal with them transparently.
| Code | Name | Meaning |
|---|---|---|
100 | Continue | The initial part of the request has been received and not yet rejected. The client may proceed to send the body. |
101 | Switching Protocols | The server is switching protocols as requested by the Upgrade header (e.g. to WebSockets). |
102 | Processing | WebDAV — the server has accepted the request but has not completed it yet. |
103 | Early Hints | Hints to start preloading resources before the final response (typically used with Link headers). |
2xx — Success
The request was successfully received, understood, and accepted. The most common HTTP status class in any healthy application.
| Code | Name | Meaning |
|---|---|---|
200 | OK | Standard success — the response body contains the requested resource. |
201 | Created | A new resource was created; the Location header points to it. |
202 | Accepted | Accepted for processing but not yet acted on. Use for async jobs. |
203 | Non-Authoritative Information | Metadata is a transformed version from an upstream — rare. |
204 | No Content | Success; no body to return. Useful for DELETE and PUT. |
205 | Reset Content | Reset the document view that initiated the request. |
206 | Partial Content | Range request fulfilled (resumable downloads, video streaming). |
207 | Multi-Status | WebDAV — body contains an XML report of multiple results. |
3xx — Redirection
Further action must be taken to fulfil the request. The Location header tells the client where to go next.
| Code | Name | Meaning |
|---|---|---|
300 | Multiple Choices | Multiple representations; client picks one. |
301 | Moved Permanently | Resource moved permanently — update bookmarks and link targets. |
302 | Found | Temporarily at a different URI. Method may be changed to GET (historical behavior). |
303 | See Other | Use GET to retrieve the response at the Location URI. |
304 | Not Modified | Cached resource still valid. No body returned. |
307 | Temporary Redirect | Like 302 but the method must be preserved. |
308 | Permanent Redirect | Like 301 but the method must be preserved. |
301 vs 308. Both are permanent redirects. 301 historically allowed clients to change the method to GET; 308 requires preserving the original method. For modern APIs that need to redirect POST requests intact, use 308.
4xx — Client errors
The request contains bad syntax, is unauthorized, or cannot otherwise be fulfilled with this client and this request.
| Code | Name | Meaning |
|---|---|---|
400 | Bad Request | Malformed syntax or invalid request framing. |
401 | Unauthorized | Authentication required (despite the name, not authorization). |
402 | Payment Required | Reserved; used by some paywalls. |
403 | Forbidden | The server understood the request but refuses authorization. |
404 | Not Found | No resource at this URI; may be temporary or permanent. |
405 | Method Not Allowed | Method known but not supported for this resource. |
406 | Not Acceptable | No representation satisfies the Accept headers. |
408 | Request Timeout | Client took too long to send the request. |
409 | Conflict | Current resource state conflicts with the request (e.g. edit conflicts). |
410 | Gone | Resource intentionally removed; do not retry. |
411 | Length Required | Content-Length missing. |
412 | Precondition Failed | An If-Match or similar precondition failed. |
413 | Payload Too Large | Body exceeds server's accepted size. |
414 | URI Too Long | URI exceeds server limits. |
415 | Unsupported Media Type | Server can't handle the request's media type. |
418 | I'm a teapot | RFC 2324 April Fools' joke. Used in real life by humorous error pages. |
422 | Unprocessable Content | Syntactically valid request, semantically wrong (e.g. validation errors). |
425 | Too Early | Server unwilling to risk replay. |
426 | Upgrade Required | Client must use a newer protocol (e.g. TLS upgrade). |
428 | Precondition Required | Server requires conditional requests to prevent lost-update. |
429 | Too Many Requests | Rate-limited. Retry-After header tells client when to try again. |
431 | Request Header Fields Too Large | Headers exceed server limits. |
451 | Unavailable For Legal Reasons | Geographic or legal restriction blocks the resource. |
401 vs 403. 401 means "I don't know who you are — authenticate." 403 means "I know who you are, and you're not allowed." Both are about access, but they answer different questions.
5xx — Server errors
The server failed to fulfil an apparently valid request. The problem is on the server side.
| Code | Name | Meaning |
|---|---|---|
500 | Internal Server Error | Generic catch-all. Check server logs. |
501 | Not Implemented | Server doesn't support the requested method. |
502 | Bad Gateway | An upstream server returned an invalid response. |
503 | Service Unavailable | Server overloaded or undergoing maintenance. Often comes with Retry-After. |
504 | Gateway Timeout | An upstream server didn't respond in time. |
505 | HTTP Version Not Supported | Server doesn't support the HTTP version used. |
507 | Insufficient Storage | WebDAV — out of storage to perform the operation. |
508 | Loop Detected | WebDAV — server detected an infinite loop. |
511 | Network Authentication Required | Captive portal — client must authenticate to access the network. |