HTTP Status Codes

Searchable HTTP status code reference.

beats httpstatuses.com edge: RFC 9110 references + category filter

filter

61 codes

100 Continue RFC 9110 §15.2.1

Server received request headers and client should proceed to send the body.

101 Switching Protocols RFC 9110 §15.2.2

Server switching protocols per Upgrade header (e.g., to WebSocket).

102 Processing RFC 2518

WebDAV: server received and is processing, no response yet.

103 Early Hints RFC 8297

Lets the client preload resources before the final response.

200 OK RFC 9110 §15.3.1

Standard success response. Body has the result.

201 Created RFC 9110 §15.3.2

Request created a new resource. Location header points to it.

202 Accepted RFC 9110 §15.3.3

Accepted but processing not complete. No commitment to finish.

203 Non-Authoritative Info RFC 9110 §15.3.4

Returned by a transforming proxy with modified body.

204 No Content RFC 9110 §15.3.5

Success, no body. Common for DELETE.

205 Reset Content RFC 9110 §15.3.6

Tell client to reset its document view (e.g., clear a form).

206 Partial Content RFC 9110 §15.3.7

Range request fulfilled. Used for resumable downloads.

207 Multi-Status RFC 4918

WebDAV: multiple statuses for sub-requests in body.

208 Already Reported RFC 5842

WebDAV: members of a binding already enumerated.

226 IM Used RFC 3229

Server applied instance manipulations to the response.

300 Multiple Choices RFC 9110 §15.4.1

Multiple response options. Client picks via further requests.

301 Moved Permanently RFC 9110 §15.4.2

Permanent redirect. Search engines update their index.

302 Found RFC 9110 §15.4.3

Temporary redirect. Original URL still valid.

303 See Other RFC 9110 §15.4.4

Redirect to GET on the new URL. Used after POST.

304 Not Modified RFC 9110 §15.4.5

Cached version still valid. No body returned.

307 Temporary Redirect RFC 9110 §15.4.8

Like 302 but method must NOT change.

308 Permanent Redirect RFC 9110 §15.4.9

Like 301 but method must NOT change.

400 Bad Request RFC 9110 §15.5.1

Malformed request. Client should fix and retry.

401 Unauthorized RFC 9110 §15.5.2

Missing or invalid auth. WWW-Authenticate header tells how.

402 Payment Required RFC 9110 §15.5.3

Reserved for future use, occasionally used for paid APIs.

403 Forbidden RFC 9110 §15.5.4

Server understood, refuses to authorize. Auth won't help.

404 Not Found RFC 9110 §15.5.5

Resource does not exist or is hidden.

405 Method Not Allowed RFC 9110 §15.5.6

Method not allowed for this resource. Allow header lists valid ones.

406 Not Acceptable RFC 9110 §15.5.7

Cannot produce content matching Accept header.

407 Proxy Auth Required RFC 9110 §15.5.8

Auth needed by intermediate proxy.

408 Request Timeout RFC 9110 §15.5.9

Server gave up waiting for the request.

409 Conflict RFC 9110 §15.5.10

State conflict (e.g., concurrent edit). Retry after fix.

410 Gone RFC 9110 §15.5.11

Resource permanently removed. No forwarding.

411 Length Required RFC 9110 §15.5.12

Request needs Content-Length header.

412 Precondition Failed RFC 9110 §15.5.13

If-Match / If-None-Match did not match.

413 Content Too Large RFC 9110 §15.5.14

Request body too big for server limit.

414 URI Too Long RFC 9110 §15.5.15

URI longer than server willing to process.

415 Unsupported Media Type RFC 9110 §15.5.16

Body media type rejected.

416 Range Not Satisfiable RFC 9110 §15.5.17

Range header out of bounds.

417 Expectation Failed RFC 9110 §15.5.18

Expect header expectation cannot be met.

418 I'm a teapot RFC 2324

Hyper Text Coffee Pot Control Protocol joke. Some sites return for refused requests.

421 Misdirected Request RFC 9110 §15.5.20

Server cannot produce response for the requested authority.

422 Unprocessable Content RFC 9110 §15.5.21

Syntax fine but semantically invalid (e.g., schema violation).

423 Locked RFC 4918

WebDAV: resource is locked.

424 Failed Dependency RFC 4918

WebDAV: previous request failed so this one cannot proceed.

425 Too Early RFC 8470

Server unwilling to risk processing a request that might be replayed.

426 Upgrade Required RFC 9110 §15.5.22

Client must upgrade protocol (e.g., to TLS).

428 Precondition Required RFC 6585

Origin requires conditional headers to prevent lost updates.

429 Too Many Requests RFC 6585

Rate limited. Retry-After header may indicate how long to wait.

431 Request Header Fields Too Large RFC 6585

Headers too big.

451 Unavailable For Legal Reasons RFC 7725

Censorship or legal demand. References Fahrenheit 451.

500 Internal Server Error RFC 9110 §15.6.1

Generic server error. Logs will say more.

501 Not Implemented RFC 9110 §15.6.2

Method not supported by the server.

502 Bad Gateway RFC 9110 §15.6.3

Upstream server returned invalid response. Common with proxies.

503 Service Unavailable RFC 9110 §15.6.4

Server overloaded or down for maintenance. Retry-After may apply.

504 Gateway Timeout RFC 9110 §15.6.5

Upstream did not respond in time.

505 HTTP Version Not Supported RFC 9110 §15.6.6

HTTP version in request not supported.

506 Variant Also Negotiates RFC 2295

Transparent content negotiation circular reference.

507 Insufficient Storage RFC 4918

WebDAV: server out of storage.

508 Loop Detected RFC 5842

WebDAV: infinite loop detected during processing.

510 Not Extended RFC 2774

Further extensions to the request needed.

511 Network Authentication Required RFC 6585

Captive portal: auth required to use the network.

Guide

About HTTP Status Codes

All HTTP status codes from RFC 9110 (the modern HTTP semantics document), WebDAV, and IANA — with descriptions, RFC section links, and category filters (1xx informational, 2xx success, 3xx redirection, 4xx client error, 5xx server error). Search any code or description. The tab developers keep open.

What status codes communicate

A three-digit number that tells the client, in one byte, how the server interpreted the request. The first digit picks a category; the rest narrows the meaning:

1xx — informational, request received, continuing
2xx — success, request was received, understood, and accepted
3xx — redirection, further action needed to complete the request
4xx — client error, the request contains bad syntax or cannot be fulfilled
5xx — server error, the server failed to fulfill an apparently valid request

The codes you will see weekly

Code	Meaning	Common cause
200	OK	Successful GET, POST, PUT
201	Created	Successful POST creating a resource
204	No Content	Successful DELETE, idle PATCH
301	Moved Permanently	Permanent URL change, browsers cache
302	Found	Temporary redirect, browsers do not cache
304	Not Modified	Conditional request hit a cached resource
400	Bad Request	Malformed body or query
401	Unauthorized	No or invalid credentials
403	Forbidden	Authenticated but not allowed
404	Not Found	Resource does not exist
409	Conflict	Concurrent edit, duplicate ID
422	Unprocessable Entity	Validation errors
429	Too Many Requests	Rate-limited
500	Internal Server Error	Unhandled exception
502	Bad Gateway	Upstream returned garbage
503	Service Unavailable	Overloaded, maintenance
504	Gateway Timeout	Upstream took too long

The reference page has every code, including WebDAV, the 1xx informational set, and the rare 5xx variants.

Common workflows

Debug a failing API call. Look up the code, read the meaning, check the spec. Most “wrong” status codes are correct codes communicating something other than what the front-end assumed.

Audit your own API. A REST audit asks: are 4xx codes used correctly? Is 422 distinguished from 400? Is rate limiting 429 or improperly 503? This reference grounds the conversation.

Triage a load test. A spike of 503s means your servers; a spike of 502s means upstreams; a spike of 504s means upstreams that hang. The taxonomy guides the investigation.

Why a separate reference

Status code semantics are surprisingly stable but the spec is spread across RFC 9110 (semantics), 9111 (caching), 9112 (HTTP/1.1), 9113 (HTTP/2), 9114 (HTTP/3), plus WebDAV’s RFC 4918. A single searchable list with the citations is faster than Cmd+F across PDFs.

Frequently asked questions

What is the difference between 401 and 403?

401 Unauthorized means "you have not authenticated" — the server does not know who you are. 403 Forbidden means "I know who you are and you may not do this." Use 401 for missing or invalid credentials; 403 for authenticated requests denied by policy.

When do I use 422 vs 400?

400 Bad Request for malformed syntax (invalid JSON, missing required fields). 422 Unprocessable Entity for syntactically valid but semantically wrong input ("date is in the past", "email already exists"). 422 is common in form-validation responses.

What is 429 and how should clients respond?

429 Too Many Requests — rate limit. The server should include a Retry-After header with seconds until retry is allowed. Well-behaved clients honor it with exponential backoff.

Is 418 I'm a Teapot real?

Yes — RFC 2324, an April Fools' joke that became real. Some services use it for "we're not handling this request" facetiously. IANA registered it. It is in the spec to stay.

What is the difference between 502 and 503?

502 Bad Gateway — your server got an invalid response from an upstream. 503 Service Unavailable — your server itself is unable to handle the request right now (overloaded, maintenance). Both are 5xx retry-after candidates.

Should I use 200 or 204 for a successful DELETE?

204 No Content if there is no body to return. 200 OK if you return a representation (e.g. the deleted resource for confirmation). 204 is more common for DELETE.

Related tools

Last updated: 2025-01-15