Updated
Complete HTTP Status Codes List & Reference
This is a comprehensive reference of every HTTP status code defined in the HTTP specification (RFC 9110) and common extensions. Use it as a quick lookup when you encounter a status code in your browser, server logs, or API responses.
For a beginner-friendly guide to the most common codes, see From 200 to 503: Understanding the Most Common HTTP Status Codes.
How HTTP Status Codes Work
Every HTTP response includes a three-digit status code. The first digit defines the class:
| First Digit | Category | Count | Meaning |
|---|---|---|---|
| 1xx | Informational | 4 codes | The request was received, processing continues |
| 2xx | Success | 10 codes | The request was successfully processed |
| 3xx | Redirection | 9 codes | The client must take additional action |
| 4xx | Client Error | 29 codes | The request has a problem |
| 5xx | Server Error | 12 codes | The server failed to process a valid request |
1xx Informational Responses
These codes indicate that the server received the request and is continuing to process it. You rarely see these in practice.
| Code | Name | Description |
|---|---|---|
| 100 | Continue | The server received the request headers and the client should send the request body. Used with the Expect: 100-continue header to avoid sending a large body if the server would reject it. |
| 101 | Switching Protocols | The server is switching to a different protocol as requested by the client. Most commonly seen during a WebSocket handshake (Upgrade: websocket). |
| 102 | Processing | The server received the request and is processing it, but no response is available yet. Defined by WebDAV (RFC 2518). Prevents the client from timing out on long operations. |
| 103 | Early Hints | The server sends preliminary response headers before the final response. Used to let the browser start preloading resources (CSS, JS) while the server is still preparing the full response. |
2xx Success
These codes indicate that the request was successfully received, understood, and processed.
| Code | Name | Description |
|---|---|---|
| 200 | OK | The request succeeded. The response body contains the requested data. This is the most common status code on the web. Learn more |
| 201 | Created | The request succeeded and a new resource was created. Typically returned after a successful POST request. The response should include the new resource or a Location header pointing to it. |
| 202 | Accepted | The request was accepted for processing, but processing hasn't completed yet. Used for asynchronous operations like queued jobs or batch processing. |
| 203 | Non-Authoritative Information | The request succeeded, but the response has been modified by a proxy or intermediary. The data may not match what the origin server sent. |
| 204 | No Content | The request succeeded, but there's no content to return. Common response for DELETE operations or PUT updates where no response body is needed. |
| 205 | Reset Content | The request succeeded, and the client should reset the document view (e.g., clear a form). Rarely used in practice. |
| 206 | Partial Content | The server is returning only part of the resource, as requested by a Range header. Used for resumable downloads and video streaming. |
| 207 | Multi-Status | The response contains status information for multiple resources. Defined by WebDAV. The response body is an XML document with individual status codes. |
| 208 | Already Reported | Used inside a WebDAV 207 Multi-Status response to avoid listing the same resource multiple times. |
| 226 | IM Used | The server fulfilled a GET request with instance-manipulations applied. Defined by RFC 3229 (Delta Encoding). Rarely seen in practice. |
3xx Redirection
These codes indicate that the client must take additional action to complete the request, usually by following a redirect to a different URL.
| Code | Name | Description |
|---|---|---|
| 300 | Multiple Choices | The request has multiple possible responses, and the client should choose one. Rarely used — most servers pick a default and redirect with 301/302 instead. |
| 301 | Moved Permanently | The resource has permanently moved to a new URL (provided in the Location header). Browsers and search engines will update their references. SEO note: passes link equity to the new URL. |
| 302 | Found | The resource has temporarily moved to a different URL. The client should continue using the original URL for future requests. The HTTP method may change to GET on redirect (this ambiguity led to 307). |
| 303 | See Other | The server is redirecting to a different URL using GET. Commonly used after a POST submission to redirect to a confirmation page (Post/Redirect/Get pattern). |
| 304 | Not Modified | The resource hasn't changed since the last request. The client should use its cached version. Triggered by conditional headers like If-None-Match (ETag) or If-Modified-Since. Saves bandwidth. |
| 307 | Temporary Redirect | Same as 302, but guarantees the HTTP method won't change. A POST redirect stays as POST. Use this instead of 302 when method preservation matters. |
| 308 | Permanent Redirect | Same as 301, but guarantees the HTTP method won't change. A POST redirect stays as POST. Use this instead of 301 when method preservation matters. |
301 vs 302 vs 307 vs 308
| Code | Permanent? | Preserves HTTP method? |
|---|---|---|
| 301 | Yes | No (may change to GET) |
| 302 | No | No (may change to GET) |
| 307 | No | Yes |
| 308 | Yes | Yes |
4xx Client Errors
These codes indicate that the client made an error — the request is invalid, unauthorized, or the resource doesn't exist.
| Code | Name | Description |
|---|---|---|
| 400 | Bad Request | The server can't process the request due to a client error: malformed syntax, invalid parameters, or bad request body. Check your JSON, query parameters, and headers. |
| 401 | Unauthorized | The request requires authentication. The client must provide valid credentials (API key, token, session). Despite the name, this is about authentication, not authorization. 401 vs 403 explained |
| 402 | Payment Required | Reserved for future use. Some APIs use it to indicate that a paid subscription is required, but this is non-standard. |
| 403 | Forbidden | The server understood the request but refuses to authorize it. The client is authenticated but lacks permission. Re-authenticating won't help. 401 vs 403 explained |
| 404 | Not Found | The server can't find the requested resource. The most recognizable HTTP error. Could mean the URL is wrong, the page was deleted, or the API endpoint doesn't exist. 404 vs 500 explained |
| 405 | Method Not Allowed | The HTTP method (GET, POST, PUT, DELETE) isn't supported for this URL. The response includes an Allow header listing valid methods. Example: trying to DELETE on a read-only endpoint. |
| 406 | Not Acceptable | The server can't produce a response matching the client's Accept headers. Example: requesting Accept: application/xml from an API that only returns JSON. |
| 407 | Proxy Authentication Required | Similar to 401, but the client must authenticate with a proxy server first. |
| 408 | Request Timeout | The server timed out waiting for the client to send the complete request. The client can retry the same request. Common with slow network connections. |
| 409 | Conflict | The request conflicts with the current state of the server. Common examples: trying to create a resource that already exists, or editing a resource that was modified by someone else (optimistic concurrency conflict). |
| 410 | Gone | The resource existed but has been permanently removed. Unlike 404, this is definitive — the resource is not coming back. Search engines will deindex the URL faster than with 404. |
| 411 | Length Required | The server requires a Content-Length header, but the request didn't include one. |
| 412 | Precondition Failed | A condition in the request headers (If-Match, If-Unmodified-Since) evaluated to false. Used for conditional requests to prevent conflicts. |
| 413 | Content Too Large | The request body is larger than the server is willing to process. Example: uploading a file that exceeds the server's size limit. Previously called "Payload Too Large." |
| 414 | URI Too Long | The URL is longer than the server can handle. Usually happens when a GET request includes too much data in query parameters. Consider using POST instead. |
| 415 | Unsupported Media Type | The server doesn't support the media type in the request. Example: sending Content-Type: text/plain to an endpoint that expects application/json. |
| 416 | Range Not Satisfiable | The requested byte range (via Range header) is outside the resource's size. Example: requesting bytes 1000-2000 of a 500-byte file. |
| 417 | Expectation Failed | The server can't meet the requirement in the Expect header. |
| 418 | I'm a Teapot | An April Fools' joke from RFC 2324 (Hyper Text Coffee Pot Control Protocol). The server refuses to brew coffee because it's a teapot. Some APIs use this for Easter eggs. |
| 421 | Misdirected Request | The request was directed at a server that can't produce a response. Can happen with HTTP/2 connection coalescing. |
| 422 | Unprocessable Content | The request body is well-formed (valid JSON/XML) but contains semantic errors. Example: {"email": "not-an-email"}. Common in REST APIs for validation errors. Previously "Unprocessable Entity." |
| 423 | Locked | The resource is locked. Defined by WebDAV. |
| 424 | Failed Dependency | The request failed because it depended on another request that also failed. Defined by WebDAV. |
| 425 | Too Early | The server is unwilling to process a request that might be replayed. Related to TLS 1.3 early data (0-RTT). |
| 426 | Upgrade Required | The server refuses to process the request using the current protocol but might if the client upgrades. The response includes an Upgrade header (e.g., Upgrade: TLS/1.3). |
| 428 | Precondition Required | The server requires the request to be conditional (include If-Match or similar headers). Prevents lost updates when multiple clients modify the same resource. |
| 429 | Too Many Requests | The client has sent too many requests in a given time period (rate limiting). The response may include a Retry-After header indicating when to try again. Implement exponential backoff in your client. |
| 431 | Request Header Fields Too Large | The request headers are too large for the server to process. Can happen with huge cookies or many custom headers. |
| 451 | Unavailable For Legal Reasons | The resource is blocked for legal reasons, such as government censorship or court-ordered takedowns. Named after Ray Bradbury's novel Fahrenheit 451. |
5xx Server Errors
These codes indicate that the server failed to process a valid request. The problem is on the server side.
| Code | Name | Description |
|---|---|---|
| 500 | Internal Server Error | A generic "something went wrong" error. The server encountered an unexpected condition. Check server logs for the actual error (stack trace, exception). 404 vs 500 explained |
| 501 | Not Implemented | The server doesn't support the functionality required to fulfill the request. Example: the server doesn't support the HTTP method used. Different from 405 (which means the method exists but isn't allowed for this resource). |
| 502 | Bad Gateway | A server acting as a gateway or proxy received an invalid response from the upstream server. Common with Nginx when the application server (Node.js, Python, etc.) crashes. |
| 503 | Service Unavailable | The server is temporarily unable to handle requests due to maintenance or overload. Should include a Retry-After header. Use this for planned maintenance. 503 in detail |
| 504 | Gateway Timeout | A gateway or proxy server didn't receive a response from the upstream server in time. Similar to 502, but the issue is timeout rather than an invalid response. Increase timeout settings or optimize the slow backend operation. |
| 505 | HTTP Version Not Supported | The server doesn't support the HTTP version used in the request. |
| 506 | Variant Also Negotiates | The server has an internal configuration error related to content negotiation. Very rare. |
| 507 | Insufficient Storage | The server can't store the representation needed to complete the request. Defined by WebDAV. |
| 508 | Loop Detected | The server detected an infinite loop while processing the request. Defined by WebDAV. |
| 510 | Not Extended | The server requires further extensions to the request to fulfill it. |
| 511 | Network Authentication Required | The client needs to authenticate to gain network access. Commonly used by captive portals (hotel/airport Wi-Fi login pages). |
Unofficial but Common Status Codes
These codes aren't part of the official HTTP specification but are used by specific servers or services:
| Code | Name | Used By | Description |
|---|---|---|---|
| 420 | Enhance Your Calm | Twitter (legacy) | Rate limiting (now uses 429) |
| 444 | No Response | Nginx | The server closed the connection without sending a response. Used to block malicious requests. |
| 499 | Client Closed Request | Nginx | The client closed the connection before the server finished responding. |
| 520 | Web Server Returned Unknown Error | Cloudflare | The origin server returned something unexpected. |
| 521 | Web Server Is Down | Cloudflare | The origin server refused the connection from Cloudflare. |
| 522 | Connection Timed Out | Cloudflare | Cloudflare couldn't reach the origin server. |
| 523 | Origin Is Unreachable | Cloudflare | Cloudflare can't reach the origin due to DNS issues. |
| 524 | A Timeout Occurred | Cloudflare | Cloudflare connected but the origin didn't respond in time. |
| 525 | SSL Handshake Failed | Cloudflare | SSL/TLS handshake between Cloudflare and origin failed. |
| 530 | Site Frozen | Pantheon / Cloudflare | The site has been frozen (Pantheon) or an origin error with additional 1xxx error (Cloudflare). |
Quick Reference by Use Case
Building a REST API?
| Action | Success | Common Errors |
|---|---|---|
| Read a resource | 200 | 401, 403, 404 |
| Create a resource | 201 | 400, 409, 422 |
| Update a resource | 200 or 204 | 400, 404, 409, 422 |
| Delete a resource | 204 | 401, 403, 404 |
| List resources | 200 | 401, 403 |
| Async operation | 202 | 400, 401 |
Debugging a Website?
| Symptom | Likely Code | What to Check |
|---|---|---|
| Page not loading | 500, 502, 503 | Server logs, is the server running? |
| Page not found | 404 | URL spelling, was the page moved? |
| Access denied | 401, 403 | Login status, permissions |
| Redirect loop | 301, 302 | Server redirect configuration |
| Slow page load | 504 | Backend performance, database queries |
Monitoring Your Site?
Set up uptime monitoring to check your critical endpoints. Get alerted when responses change from 200 to error codes, before your users notice. Pair it with a status page to keep your users informed during outages, and on-call scheduling with escalation policies to route alerts to the right engineer.
Further Reading
- From 200 to 503: Understanding the Most Common HTTP Status Codes — beginner-friendly guide to the codes you'll see most often
- 401 vs 403: What's the Difference? — authentication vs authorization errors explained
- 404 vs 500: Client vs Server Errors — how to tell if it's your fault or the server's
- 503 Service Unavailable: What Is It and How to Fix It? — deep dive into the 503 error
- HTTP Status Code 200: What Does It Mean? — everything about the 200 OK response
- How to Fix Request Method 'POST' Not Supported — fixing 405 errors in your application
- Incident Communication Templates — how to communicate outages to your users
- MTTR Guide — measure and reduce your mean time to resolution
- SLA Calculator — calculate exactly how much downtime your SLA allows
Article by
Léo Baecker
I'm Léo Baecker, the heart and soul behind Hyperping, steering our ship through the dynamic seas of the monitoring industry.
