HTTP Status Codes List
Complete reference for HTTP status codes: 1xx informational, 2xx success, 3xx redirection, 4xx client errors, and 5xx server errors — with descriptions and common use cases.
1xx — Informational
The request was received and the process is continuing. These are provisional responses.
| Code | Name | Description |
|---|---|---|
| 100 | Continue | The initial part of the request was received. The client should continue with the request body (used with Expect: 100-continue). |
| 101 | Switching Protocols | Server is switching protocols as requested by the client (e.g., upgrading to WebSocket). |
| 102 | Processing | WebDAV: server has received and is processing the request, but no response is available yet. |
| 103 | Early Hints | Lets the server send preliminary response headers (e.g., Link preload headers) before the final response. Used for performance. |
2xx — Success
The request was successfully received, understood, and accepted.
| Code | Name | Description |
|---|---|---|
| 200 | OK | Standard success response. The response body contains the requested data for GET; updated resource for PUT/PATCH. |
| 201 | Created | A resource was successfully created. The Location header typically points to the new resource's URL. Returned for successful POST. |
| 202 | Accepted | Request accepted for processing, but processing is not complete. Used for async operations (e.g., queued jobs). |
| 204 | No Content | Success with no body. Used for DELETE and PUT when nothing needs to be returned. Browsers don't navigate away. |
| 206 | Partial Content | Partial GET response, used when client sends a Range header (e.g., resumable downloads, video streaming). |
| 207 | Multi-Status | WebDAV: body contains multiple independent response codes for batched operations. |
3xx — Redirection
Further action is needed to complete the request. The client must follow the Location header.
| Code | Name | Description |
|---|---|---|
| 301 | Moved Permanently | Resource permanently moved to a new URL. Browsers cache this redirect. POST may change to GET on redirect. |
| 302 | Found | Temporary redirect. Not cached by default. Historically misused — prefer 307 to preserve method. |
| 303 | See Other | Redirect to a GET resource after a POST (Post/Redirect/Get pattern). Prevents double-submit on form refresh. |
| 304 | Not Modified | Conditional GET: resource hasn't changed since last fetch (validated via ETag or Last-Modified). No body returned; client uses cached copy. |
| 307 | Temporary Redirect | Temporary redirect that preserves the HTTP method (a POST stays POST). Not cached. Preferred over 302 for APIs. |
| 308 | Permanent Redirect | Permanent redirect that preserves the HTTP method. The 301 equivalent for APIs where you don't want method switching. |
4xx — Client Errors
The request contains bad syntax or cannot be fulfilled. The client should fix the request before retrying.
| Code | Name | Description |
|---|---|---|
| 400 | Bad Request | The server couldn't understand the request due to malformed syntax, invalid parameters, or missing required fields. |
| 401 | Unauthorized | Authentication is required and has failed or not been provided. Response includes WWW-Authenticate header. Despite the name, this means "unauthenticated". |
| 403 | Forbidden | Authenticated but not authorized — the server understood the request but refuses to fulfill it. No WWW-Authenticate header. |
| 404 | Not Found | The requested resource does not exist. Also used to hide existence of resources from unauthorized clients. |
| 405 | Method Not Allowed | HTTP method not supported for this endpoint. Response must include an Allow header listing valid methods. |
| 406 | Not Acceptable | Server cannot produce a response matching the Accept headers sent by the client (content negotiation failure). |
| 408 | Request Timeout | The client did not send the request within the time the server was prepared to wait. Client may retry. |
| 409 | Conflict | Request conflicts with the current state of the resource (e.g., duplicate entry, concurrent modification, version mismatch). |
| 410 | Gone | Resource is permanently gone and no forwarding address is available. Stronger than 404 — tells clients to remove links. |
| 413 | Payload Too Large | Request entity is larger than the server is willing to process. Server may include a Retry-After header for temporary limits. |
| 415 | Unsupported Media Type | The request's Content-Type is not supported by this endpoint (e.g., sending XML to a JSON-only API). |
| 418 | I'm a Teapot | April Fools' RFC 2324 joke: a teapot refuses to brew coffee. Used in practice to block unwanted requests or as Easter eggs. |
| 422 | Unprocessable Entity | Request body was syntactically valid but semantically invalid (e.g., validation error). Commonly used by REST APIs instead of 400. |
| 429 | Too Many Requests | Client has sent too many requests in a given timeframe. Response typically includes Retry-After and X-RateLimit-* headers. |
| 451 | Unavailable For Legal Reasons | Resource unavailable due to legal demands (DMCA takedown, government-ordered censorship). Named after Fahrenheit 451. |
5xx — Server Errors
The server failed to fulfill a valid request. The problem is on the server's side — clients may retry after a delay.
| Code | Name | Description |
|---|---|---|
| 500 | Internal Server Error | Generic server error — an unexpected condition was encountered. Check server logs for details. Catch-all for unhandled exceptions. |
| 501 | Not Implemented | The server does not support the functionality required to fulfill the request (e.g., unrecognized HTTP method). |
| 502 | Bad Gateway | A gateway or proxy server received an invalid response from an upstream server. Common when the backend is down. |
| 503 | Service Unavailable | Server temporarily unavailable due to overload or maintenance. Include Retry-After if duration is known. |
| 504 | Gateway Timeout | A gateway/proxy timed out waiting for a response from an upstream server. Common with slow backends or long-running queries. |
Look up any status code interactively with the HTTP Status Codes tool.
Frequently Asked Questions
What HTTP status code means success?
Any 2xx code indicates success. The most common ones: 200 OK for general success (GET, PUT, PATCH), 201 Created after a POST that creates a resource, and 204 No Content after a successful DELETE or an update with nothing to return.
What is the difference between 401 and 403?
401 Unauthorized means "you haven't logged in" — the request lacks valid authentication credentials. Despite the name, it's about authentication, not authorization. 403 Forbidden means "you're logged in but you don't have permission" — the server understood who you are and has decided you cannot access this resource. Use 401 when you need the client to authenticate, 403 when authentication won't help.
What does a 5xx error mean?
A 5xx status code means the server failed to handle a valid request — the problem is not with the client's input but with the server itself. Common ones: 500 (unhandled exception), 502 (bad upstream response), 503 (server down or overloaded), 504 (upstream timeout). Unlike 4xx errors, 5xx errors are often temporary and the request may succeed if retried later. Always check server logs when you see 5xx errors.