📖 Guide
HTTP Status Codes — Complete Reference
Every standard HTTP status code with descriptions, use cases, and common patterns for web developers.
72 commands across 6 categories
1xx Informational
| Command | Description |
|---|---|
100 Continue | Server received request headers; client should proceed to send the body |
101 Switching Protocols | Server is switching protocols as requested by the client (e.g., to WebSocket) |
102 Processing | Server has received and is processing the request, but no response is available yet (WebDAV) |
103 Early Hints | Used to return some response headers before final HTTP message, allowing preloading of resources |
2xx Success
| Command | Description |
|---|---|
200 OK | Standard success response. Body contains the requested resource |
201 Createde.g. POST /api/users -> 201 with Location header | Request succeeded and a new resource was created. Typically returned after POST/PUT |
202 Accepted | Request accepted for processing, but processing is not yet complete (async operations) |
203 Non-Authoritative Information | Response from a transforming proxy; metadata differs from origin server |
204 No Contente.g. DELETE /api/users/123 -> 204 | Request succeeded but no body returned. Common for DELETE or PUT responses |
205 Reset Content | Request succeeded; client should reset the document view (e.g., clear a form) |
206 Partial Contente.g. Range: bytes=0-1023 -> 206 with Content-Range header | Server is delivering part of the resource due to a Range header |
207 Multi-Status | Conveys information about multiple resources where multiple status codes might be appropriate (WebDAV) |
208 Already Reported | Members of a DAV binding have already been enumerated and are not included again (WebDAV) |
226 IM Used | Server has fulfilled a GET request with instance-manipulations applied to the current instance |
3xx Redirection
| Command | Description |
|---|---|
300 Multiple Choices | Multiple possible responses; user or user agent should choose one |
301 Moved Permanentlye.g. Location: https://new-domain.com/page | Resource has been permanently moved to a new URL. Search engines update their links |
302 Found | Resource temporarily at a different URI. Client should continue using the original URI for future requests |
303 See Other | Server redirects to a different resource via GET, typically after a POST operation |
304 Not Modifiede.g. If-None-Match: "etag" -> 304 (use cached version) | Resource has not been modified since last request. Used with caching headers (ETag, If-Modified-Since) |
305 Use Proxy | Requested resource must be accessed through the proxy in the Location header (deprecated) |
307 Temporary Redirect | Like 302 but guarantees the HTTP method will NOT change (POST stays POST) |
308 Permanent Redirect | Like 301 but guarantees the HTTP method will NOT change (POST stays POST) |
4xx Client Error
| Command | Description |
|---|---|
400 Bad Request | Server cannot process the request due to malformed syntax, invalid framing, or deceptive routing |
401 Unauthorized | Authentication is required and has failed or not been provided. Include WWW-Authenticate header |
402 Payment Required | Reserved for future use. Sometimes used for paywalled content or API rate limiting |
403 Forbidden | Server understood the request but refuses to authorize it. Authentication won't help |
404 Not Found | Requested resource could not be found on the server |
405 Method Not Allowede.g. Allow: GET, POST | HTTP method is not supported for the requested resource. Must include Allow header |
406 Not Acceptable | Server cannot produce a response matching the Accept headers sent by the client |
407 Proxy Authentication Required | Client must first authenticate itself with the proxy |
408 Request Timeout | Server timed out waiting for the request from the client |
409 Conflicte.g. POST /users with duplicate email -> 409 | Request conflicts with the current state of the resource (e.g., edit conflicts, duplicate entries) |
410 Gone | Resource is permanently gone and will not be available again. Unlike 404, this is intentional |
411 Length Required | Server requires a Content-Length header in the request |
412 Precondition Failed | One or more conditions in the request headers evaluated to false (e.g., If-Match) |
413 Content Too Large | Request body is larger than the server is willing to process |
414 URI Too Long | URI provided was too long for the server to process |
415 Unsupported Media Typee.g. Sending XML when only JSON is accepted -> 415 | Server does not support the media type of the request body |
416 Range Not Satisfiable | Range specified in the Range header cannot be fulfilled |
417 Expectation Failed | Server cannot meet the requirements of the Expect request header |
418 I'm a Teapot | Returned by teapots asked to brew coffee (RFC 2324). Used humorously as an Easter egg |
421 Misdirected Request | Request was directed at a server that cannot produce a response |
422 Unprocessable Contente.g. POST /users with invalid email format -> 422 | Request was well-formed but contained semantic errors (e.g., validation failures) |
423 Locked | Resource being accessed is locked (WebDAV) |
424 Failed Dependency | Request failed because it depended on another request that failed (WebDAV) |
425 Too Early | Server unwilling to process a request that might be replayed (TLS Early Data) |
426 Upgrade Required | Server refuses the request using the current protocol; client must upgrade (e.g., to TLS) |
428 Precondition Required | Server requires the request to be conditional (e.g., include If-Match header) |
429 Too Many Requestse.g. Retry-After: 60 | Client has sent too many requests in a given time period (rate limiting) |
431 Request Header Fields Too Large | Server refuses the request because headers are too large |
451 Unavailable For Legal Reasons | Resource is unavailable due to legal demands (censorship, court order) |
5xx Server Error
| Command | Description |
|---|---|
500 Internal Server Error | Generic server error when no more specific message is suitable |
501 Not Implemented | Server does not support the functionality required to fulfill the request |
502 Bad Gateway | Server acting as a gateway received an invalid response from the upstream server |
503 Service Unavailablee.g. Retry-After: 120 | Server is currently unable to handle the request (overloaded or under maintenance) |
504 Gateway Timeout | Server acting as a gateway did not receive a timely response from the upstream server |
505 HTTP Version Not Supported | Server does not support the HTTP version used in the request |
506 Variant Also Negotiates | Transparent content negotiation results in a circular reference |
507 Insufficient Storage | Server is unable to store the representation needed to complete the request (WebDAV) |
508 Loop Detected | Server detected an infinite loop while processing the request (WebDAV) |
510 Not Extended | Further extensions to the request are required for the server to fulfill it |
511 Network Authentication Required | Client needs to authenticate to gain network access (captive portals) |
Common Patterns
| Command | Description |
|---|---|
REST: GET -> 200 | Successful resource retrieval |
REST: POST -> 201 | Successful resource creation with Location header |
REST: PUT -> 200 or 204 | Successful update (200 with body, 204 without) |
REST: DELETE -> 204 | Successful deletion, no body returned |
Auth: 401 vs 403 | 401 = not logged in (can retry with credentials). 403 = logged in but not authorized (retrying won't help) |
Redirect: 301 vs 308 | Both permanent. 301 may change POST to GET. 308 preserves the HTTP method |
Redirect: 302 vs 307 | Both temporary. 302 may change POST to GET. 307 preserves the HTTP method |
Validation: 400 vs 422 | 400 = malformed request (bad JSON). 422 = well-formed but semantically invalid (failed validation) |
Caching: ETag + 304 | Client sends If-None-Match with ETag. Server returns 304 if unchanged, saving bandwidth |
Rate Limiting: 429 + Retry-After | Always include Retry-After header to tell clients when to retry |
📖 Free, searchable command reference. Bookmark this page for quick access.