HTTP Reference

HTTP Status Codes Reference

Complete searchable reference of all standard HTTP status codes from 1xx to 5xx, with descriptions, explanations, and common use cases.

61 of 61 codes shown

What are HTTP Status Codes?

HTTP status codes are three-digit numbers returned by a web server in response to a browser or client request. Every time you visit a web page, your browser sends a request to the server, and the server responds with an HTTP status code to indicate the result of the request. These codes are part of the HTTP (Hypertext Transfer Protocol) specification and are essential for communication between web clients and servers.

Status codes help developers debug issues, search engines understand page availability, and monitoring systems detect problems. Understanding HTTP status codes is fundamental for web development, API design, SEO optimization, and server administration.

HTTP Status Code Categories

1xx Informational

The request was received and the process is continuing. These are provisional responses indicating that the server has received the request and is continuing to process it.

2xx Success

The request was successfully received, understood, and accepted. These are the codes you want to see — they indicate everything worked as expected.

3xx Redirection

Further action must be taken to complete the request. These codes indicate that the client must take additional steps, typically following a redirect to a different URL.

4xx Client Error

The request contains bad syntax or cannot be fulfilled. These errors indicate a problem on the client side — the request was invalid in some way.

5xx Server Error

The server failed to fulfill a valid request. These errors indicate that something went wrong on the server side while processing the request.

Most Common HTTP Status Codes

200 OK — The most common status code. It indicates the request succeeded and the response body contains the requested data.

301 Moved Permanently — Used when a page has permanently moved to a new URL. Essential for SEO when restructuring a website.

304 Not Modified — Tells the browser that the cached version of the resource is still valid, saving bandwidth.

400 Bad Request — The server cannot process the request because the client sent malformed data.

401 Unauthorized — Authentication is required. The client must provide valid credentials.

403 Forbidden — The server understands the request but refuses to authorize it, regardless of authentication.

404 Not Found — The most well-known error code. The requested resource does not exist on the server.

500 Internal Server Error — A generic server-side error indicating something unexpected happened.

502 Bad Gateway — The server received an invalid response from an upstream server. Common with reverse proxies and load balancers.

503 Service Unavailable — The server is temporarily unable to handle requests, often due to maintenance or overload.

REST API Status Code Best Practices

When designing REST APIs, using the correct HTTP status codes is crucial for building intuitive and well-documented interfaces. Here are key best practices:

  • Use 200 for successful GET requests that return data in the response body.
  • Use 201 for successful POST requests that create new resources. Include a Location header pointing to the new resource.
  • Use 204 for successful DELETE requests or updates that do not need to return data.
  • Use 400 for client validation errors where the request data is malformed or missing required fields.
  • Use 401 for authentication failures and 403 for authorization failures — these are distinct concerns.
  • Use 404 for resources that do not exist, not for authorization failures (use 403 instead to avoid information leakage).
  • Use 409 for conflict errors such as duplicate entries or version mismatches.
  • Use 422 for semantic validation errors where the request syntax is correct but the data is invalid.
  • Use 429 for rate limiting and always include a Retry-After header.
  • Avoid using 200 for everything — proper status codes make your API self-documenting and easier to consume.

Frequently Asked Questions

What is an HTTP status code?

An HTTP status code is a three-digit number returned by a web server in response to a client's request. It indicates whether the request was successful, redirected, resulted in a client error, or caused a server error. Status codes are grouped into five classes: 1xx (Informational), 2xx (Success), 3xx (Redirection), 4xx (Client Error), and 5xx (Server Error).

What is the difference between 401 and 403?

A 401 Unauthorized response means the client has not provided valid authentication credentials — the user needs to log in or provide a valid token. A 403 Forbidden response means the client is authenticated but does not have permission to access the requested resource. In short: 401 = 'Who are you?', 403 = 'I know who you are, but you cannot access this.'

What is the difference between 301 and 302 redirects?

A 301 redirect is permanent — it tells search engines and browsers that the resource has moved permanently to a new URL, and they should update their records. A 302 redirect is temporary — it indicates the resource is temporarily at a different URL, and the original URL should continue to be used for future requests. For SEO, 301 redirects pass link equity to the new URL, while 302 redirects do not.

When should I use 200 vs 201 vs 204?

Use 200 OK for successful GET requests that return data, or successful updates. Use 201 Created when a new resource has been created (typically after a POST request) — include the new resource's URL in the Location header. Use 204 No Content when the request was successful but there is no content to return (e.g., after a DELETE request or a save operation that does not need a response body).

What does a 500 Internal Server Error mean?

A 500 Internal Server Error is a generic server-side error indicating that the server encountered an unexpected condition that prevented it from fulfilling the request. It does not indicate a problem with the client's request. Common causes include unhandled exceptions, database connection failures, misconfigured server settings, or bugs in server-side code. If you encounter a 500 error as a user, try refreshing the page or contacting the website administrator.

What is a 429 Too Many Requests error?

A 429 status code means you have sent too many requests in a given period of time and have been rate-limited. The server should include a Retry-After header indicating how many seconds to wait before retrying. This is commonly seen with APIs that enforce rate limits. To handle it, implement exponential backoff, respect Retry-After headers, and consider caching responses.

Why do I keep getting a 404 Not Found error?

A 404 error means the server cannot find the requested resource. Common causes include: a mistyped URL, a page that has been deleted or moved without a redirect, broken internal links on the website, or an incorrect API endpoint. Check the URL for typos, try navigating from the homepage, or use a search function if available.

What is the 418 I'm a Teapot status code?

The 418 status code is an April Fools' joke defined in RFC 2324 (Hyper Text Coffee Pot Control Protocol) from 1998. It states that a teapot should not be used to brew coffee. While not a real production status code, it has become a beloved internet easter egg and is sometimes implemented by developers as a fun response. Google even has an easter egg page for it.