HTTP Status Codes

Every response status code from 1xx to 5xx. See each code's meaning, when it happens, causes, fixes, and examples.

2xxSuccess10
200OK common200 OK is the most basic and common status code, signaling that the request succeeded. The meaning of the response body depends on the method: for GET it is the fetched resource, for POST/PUT it is the result of the operation.201Created common201 Created means the request succeeded and, as a result, a new resource was created. It is typically returned for POST or PUT, and the URL of the new resource is given in the Location header.202Accepted202 Accepted means the request has been accepted for processing but is not yet complete. The server uses it when it queues the request or hands it to an asynchronous worker and wants to respond immediately without waiting for the outcome.203Non-Authoritative Information203 Non-Authoritative Information signals that the returned metadata (headers, etc.) came from a proxy or local copy rather than the origin server. The status is still a success (2xx), but it warns that the response may differ from the original.204No Content common204 No Content means the request succeeded but there is no body to return. The server processed the action fine, and the client should keep its current view or state as is.205Reset Content205 Reset Content means the request succeeded and the client should reset the document view that sent it to its initial state — most often clearing an input form so it is ready for the next entry.206Partial Content206 Partial Content means the server delivered only part of the resource (a byte range) that the client asked for with a Range header. The Content-Range header states which range was sent and out of what total size.207Multi-Status207 Multi-Status is a WebDAV response that reports individual statuses for several resources in one XML body when a single request affects many of them. The overall request succeeded with 200, but each inner item may have a different outcome.208Already Reported208 Already Reported is used by the WebDAV bindings extension to say that a resource was already enumerated elsewhere in the response, so its members will not be listed again. It appears mainly as an item status inside a 207 Multi-Status body.226IM Used226 IM Used means the server returned the result of one or more instance-manipulations (delta encoding) rather than the full resource. The technique sends only the difference (delta) from the version the client already holds, reducing bandwidth.
3xxRedirection8
300Multiple Choices300 Multiple Choices means the requested resource has several possible representations, and the client or user must pick one. The server sends it when content negotiation alone cannot automatically choose a single option, so it presents a list of candidates.301Moved Permanently common301 Moved Permanently announces that a resource has permanently moved to a new URL, given in the Location header. Browsers and search engines treat it as a permanent move, sending future requests to the new URL and transferring link equity (ranking, reputation) to it.302Found common302 Found says the resource temporarily resides at a different URL and you should keep using the original URL going forward. Because it is not a permanent move, search engines do not transfer link equity to the new URL.303See Other303 See Other instructs the client to fetch the response from a different URL using GET. Even if the original request was a POST, the redirected request is specified to become a GET.304Not Modified common304 Not Modified answers a conditional request by saying the client's cached copy is still valid, so no body is sent. The client states which version it holds via If-None-Match (ETag-based) or If-Modified-Since (time-based).305Use Proxy305 Use Proxy was defined to mean the requested resource must be accessed through the proxy given in the Location header. However, it is deprecated for security reasons, and modern browsers and clients do not obey it.307Temporary Redirect307 Temporary Redirect means the resource is temporarily at a different URL and the client must re-issue the request to the new URL while keeping the original method and body. A POST stays a POST, a PUT stays a PUT.308Permanent Redirect308 Permanent Redirect announces that a resource has permanently moved to a new URL while requiring the client to re-issue the request with the original HTTP method and body unchanged. In short, it is the method-preserving version of 301.
4xxClient Error29
400Bad Request common400 Bad Request is a generic client error meaning the request is malformed and the server cannot process it — broken body syntax, invalid framing, or failed basic validation.401Unauthorized common401 Unauthorized means authentication is required and the request was rejected because credentials are missing or invalid. Despite the name "Unauthorized," it really means "unauthenticated" — the server could not verify who is making the request.402Payment Required402 Payment Required was reserved for future use and has no officially standardized meaning in HTTP. Even so, some APIs and SaaS products use it pragmatically to signal that payment or a credit top-up is needed.403Forbidden common403 Forbidden means the server understood the request but refuses to authorize it. Unlike 401, the identity may be authenticated, but that identity lacks permission (authorization) for this resource, so re-logging in will not help.404Not Found common404 Not Found is the best-known status code, indicating the server cannot find the requested resource. The URL reached the server, but no resource exists at that path.405Method Not Allowed common405 Method Not Allowed is returned when the server recognizes the request's HTTP method but does not allow it for the target resource — for example sending GET to an endpoint that only accepts POST.406Not Acceptable406 Not Acceptable is returned when the server cannot produce a response in a format required by the request's Accept-family headers — that is, content negotiation failed.407Proxy Authentication Required407 Proxy Authentication Required means you must authenticate with an intermediate proxy before the request can proceed. Unlike 401, which asks for authentication to the origin server, 407 is the proxy between client and server demanding credentials.408Request Timeout408 Request Timeout means the server waited for a complete request from the client, exceeded its time limit, and closed the connection. The cause is the client sending the request line, headers, or body too slowly.409Conflict common409 Conflict means the request conflicts with the current state of the resource and cannot be processed. The request itself is well-formed, but it attempts a change incompatible with the server's present state.410Gone410 Gone declares that a resource has been permanently removed and has no forwarding address. Where 404 Not Found is a vaguer "can't find it right now", 410 is a firm "it was here, we deliberately deleted it for good, and it is not coming back".411Length Required411 Length Required means the server needs to know the size of the request body up front, but no Content-Length header was supplied, so it refuses to process the request. It happens when the server does not support chunked transfer encoding or policy requires an explicit body length.412Precondition Failed412 Precondition Failed means a condition in the request headers (If-Match, If-Unmodified-Since, etc.) evaluated to false on the server, so the request was not performed. It most commonly arises in optimistic concurrency control when someone else modified the resource first.413Content Too Large413 Content Too Large (formerly Payload Too Large) means the request body exceeds the size the server is willing to process. You hit it with file uploads, large JSON documents, or base64-encoded data.414URI Too Long414 URI Too Long means the request URI is longer than the server is willing to interpret. It is usually caused by stuffing too much data into a GET query string.415Unsupported Media Type415 Unsupported Media Type means the server rejected the request because the body's format (Content-Type) is not one it supports. For example, sending XML or text/plain to an endpoint that only accepts JSON triggers it.416Range Not Satisfiable416 Range Not Satisfiable means the byte range the client requested via the Range header lies outside the actual size of the resource. Asking for bytes at the 100 MB mark of a 5 MB file triggers it.417Expectation Failed417 Expectation Failed means the server cannot meet the expectation set in the request's Expect header — most commonly Expect: 100-continue. A client sends 100-continue to check whether the server will accept a large body before actually uploading it.418I'm a teapot418 I'm a teapot is a status code defined as an April Fools' joke in 1998 (RFC 2324, the Hyper Text Coffee Pot Control Protocol). It represents a teapot refusing a request to brew coffee: "I'm a teapot, so I can't make coffee."421Misdirected Request421 Misdirected Request means the request reached a server that cannot produce a response for that scheme/authority (host) — in other words, the request was delivered to the wrong place.422Unprocessable Content common422 Unprocessable Content (formerly Unprocessable Entity) means the request is syntactically well-formed (valid JSON, etc.) but the values it contains are semantically invalid, so the server cannot process it. It is used for validation failures such as a malformed email, a negative age, or a missing required field.423Locked423 Locked means the resource being accessed is locked (a WebDAV lock), so the request cannot proceed. WebDAV provides an explicit LOCK mechanism so collaborators do not overwrite each other's edits to the same file.424Failed Dependency424 Failed Dependency means the request could not be performed because another action it depended on failed first. In WebDAV batch or chained operations, if an earlier step fails, the dependent later steps are marked with this code.425Too Early425 Too Early means the server refused to process a request that might be replayed. It relates to TLS 1.3's 0-RTT "early data" feature.426Upgrade Required426 Upgrade Required means the server will not handle the request over the current protocol and the client must switch to a different one. The required protocol is named in the response's Upgrade header.428Precondition Required428 Precondition Required means the server requires this request to be conditional. If a client sends a write without a precondition header like If-Match, the server refuses it and demands one.429Too Many Requests common429 Too Many Requests means the client sent too many requests in a given window and hit a rate limit. The code protects the server from API abuse, excessive polling, and bot traffic.431Request Header Fields Too Large431 Request Header Fields Too Large means the request headers exceed the size the server allows, either individually or collectively. The usual culprits are oversized cookies and bloated Authorization or custom headers.451Unavailable For Legal Reasons451 Unavailable For Legal Reasons means the resource cannot be accessed due to legal demands — censorship, a court order, or government regulation. The number 451 references Ray Bradbury's novel Fahrenheit 451 about information censorship.
5xxServer Error11
500Internal Server Error common500 Internal Server Error is a generic catch-all telling the client the server hit an unexpected condition and failed while handling the request. The client's request may be perfectly valid; the fault lies in the server code or its dependencies.501Not Implemented501 Not Implemented means the server does not support the functionality needed to fulfill the request. It is returned for a request method the server does not recognize, or for a feature that simply has not been built yet.502Bad Gateway common502 Bad Gateway means a server acting as a gateway or proxy received an invalid response from an upstream server. The reverse proxy the user reached (Nginx, a load balancer, a CDN) is itself fine, but the actual backend behind it is down or returned a broken response.503Service Unavailable common503 Service Unavailable means the server is temporarily unable to handle the request due to overload or maintenance. The server is alive but cannot take requests right now — an intentional or temporary condition.504Gateway Timeout common504 Gateway Timeout means a gateway or proxy did not receive a timely response from an upstream server and gave up waiting. The backend is not necessarily dead, but it failed to finish responding within the proxy's time limit.505HTTP Version Not Supported505 HTTP Version Not Supported means the server does not support the major HTTP version used in the request. It occurs when the client forms its request line with an HTTP version the server cannot handle.506Variant Also Negotiates506 Variant Also Negotiates indicates a server configuration error: in transparent content negotiation, the chosen variant is itself a negotiable resource, so the negotiation falls into a loop.507Insufficient Storage507 Insufficient Storage means the server cannot store the representation needed to complete the request. Defined in WebDAV, it is returned when disk space or a quota runs out during an upload or storage operation.508Loop Detected508 Loop Detected means the server detected an infinite loop while processing the request. In WebDAV it is returned when a deep traversal (Depth: infinity) over bindings (similar to symbolic links) that reference each other would repeat endlessly.510Not Extended510 Not Extended means the server needs an additional extension to process the request, but that extension was not declared in the request. It is defined by the experimental HTTP Extension Framework (Mandatory Extensions) in RFC 2774.511Network Authentication Required511 Network Authentication Required means the client must authenticate to gain network access. The classic case is the "captive portal" login page you see on public Wi-Fi in cafes, airports, and hotels.