HTTP Status Codes Reference
Complete reference of HTTP status codes with meanings, use cases, and RFC citations. Search 60+ codes from 100 Continue to 511 Network Authentication Required.
Last updated:
Click any code for full documentation with RFC citations, use cases, common pitfalls, and related codes.
1xx Informational
Preliminary responses that convey the request has been received and understood.
Continue
The initial part of a request has been received and the client can proceed with the request body.
Switching Protocols
The server is switching protocols as requested by the client, typically to WebSocket.
Processing
WebDAV: the server has received and is processing the request, but no response is available yet.
Early Hints
The server sends preliminary response headers before the final response, typically Link headers for resource preloading.
2xx Success
The request was successfully received, understood, and accepted.
OK
The request succeeded. The response body contains the requested representation.
Created
A new resource has been created as a result of the request. The URI of the new resource is in the Location header.
Accepted
The request has been accepted for processing, but the processing has not been completed.
No Content
The request succeeded, and there is no additional content to send in the response body.
Reset Content
The server has fulfilled the request and asks the user agent to reset the view (e.g. clear a form).
Partial Content
The server is delivering only part of the resource due to a range header sent by the client.
3xx Redirection
Further action needs to be taken to complete the request.
Moved Permanently
The resource has been permanently moved to a new URL. Clients and search engines should update their references.
Found
The resource is temporarily at a different URL. The client should continue to use the original URL for future requests.
See Other
The response to the request can be found under a different URL, and the client should perform a GET to that URL.
Not Modified
The cached copy the client already has is still valid; no body is returned.
Temporary Redirect
Like 302 but explicitly preserves the request method (POST stays POST, etc.).
Permanent Redirect
Like 301 but explicitly preserves the request method.
4xx Client Error
The request contains bad syntax or cannot be fulfilled by the server.
Bad Request
The server cannot process the request due to a client error (malformed syntax, invalid framing, etc.).
Unauthorized
Authentication is required and has not been provided, or provided credentials are invalid.
Forbidden
The server understood the request and the client is authenticated, but access is refused.
Not Found
The server has not found anything matching the requested URL.
Method Not Allowed
The HTTP method is known but not supported for this specific URL.
Not Acceptable
The server cannot produce a response matching the Accept headers sent by the client.
Request Timeout
The server did not receive a complete request within the time it was prepared to wait.
Conflict
The request conflicts with the current state of the resource.
Gone
The resource is no longer available and has been permanently removed.
Length Required
The server refuses to accept the request without a Content-Length header.
Precondition Failed
A precondition given in the request headers (e.g. If-Match) evaluated to false.
Payload Too Large
The request body is larger than the server is willing or able to process.
URI Too Long
The URL is longer than the server is willing to interpret.
Unsupported Media Type
The server refuses to process the request because the payload format is unsupported.
I'm a teapot
The server refuses to brew coffee because it is, permanently, a teapot.
Unprocessable Entity
The request is well-formed but contains semantic errors and cannot be processed.
Too Early
The server is unwilling to risk processing a request that might be replayed (used with TLS 0-RTT).
Precondition Required
The server requires the request to be conditional (e.g. include If-Match).
Too Many Requests
The client has sent too many requests in a given amount of time (rate limited).
Request Header Fields Too Large
The server is unwilling to process the request because header fields are too large.
Unavailable For Legal Reasons
The resource is unavailable due to legal demands (censorship, DMCA, GDPR).
5xx Server Error
The server failed to fulfill a valid request.
Internal Server Error
A generic error message given when an unexpected condition was encountered on the server.
Not Implemented
The server does not support the functionality required to fulfill the request.
Bad Gateway
The server, acting as a gateway or proxy, received an invalid response from the upstream server.
Service Unavailable
The server is currently unable to handle the request due to temporary overloading or maintenance.
Gateway Timeout
The server, acting as a gateway or proxy, did not receive a response from the upstream server in time.
HTTP Version Not Supported
The server does not support the HTTP protocol version used in the request.
Insufficient Storage
WebDAV: the server is unable to store the representation needed to complete the request.
Loop Detected
WebDAV: the server detected an infinite loop while processing the request.
Network Authentication Required
The client needs to authenticate to gain network access (e.g. captive portal at a Wi-Fi hotspot).
What is HTTP Status Codes?
HTTP status codes are three-digit numbers a server returns to tell the client how a request went. They're grouped into five classes: 1xx (informational), 2xx (success), 3xx (redirection), 4xx (client errors), and 5xx (server errors). Knowing the exact meaning of each code — and choosing the right one in your own APIs — is fundamental to building correct, debuggable web services. This reference covers 60+ codes with meanings, use cases, and RFC citations.
Use Cases
Design correct REST APIs
Return the semantically right code (201 for created, 204 for no content, 422 for validation) so clients can react properly.
Debug failing requests
Look up an unfamiliar code (like 409, 425, or 451) to understand why a request was rejected.
Configure redirects and caching
Choose between 301/302/307/308 and understand 304 Not Modified when tuning redirects and cache behavior.
Key Concepts
- The five classes
- 1xx informational, 2xx success, 3xx redirection, 4xx client error, 5xx server error. The first digit tells you the category at a glance.
- 400 vs 422
- 400 Bad Request is for syntactic problems (malformed JSON, missing params). 422 Unprocessable Entity is for semantic/validation errors on well-formed input.
- 401 vs 403
- 401 Unauthorized means 'not authenticated' (who are you?). 403 Forbidden means 'authenticated but not allowed' (I know you, but no).
- Idempotent redirects
- 307 and 308 preserve the HTTP method and body; 301 and 302 historically let clients switch to GET. Use 307/308 to safely redirect POST/PUT.
Tips & Best Practices
- ▸Return 201 Created with a Location header when a POST creates a resource — not a bare 200.
- ▸Use 429 Too Many Requests with a Retry-After header for rate limiting so clients back off correctly.
- ▸Prefer 308 over 301 when redirecting non-GET endpoints to avoid method downgrade.
- ▸Never return 200 with an error message in the body — clients and monitoring rely on the status code.
Frequently Asked Questions
Which HTTP status code should I return for a validation error?
422 Unprocessable Entity is the best fit for semantic validation errors (the input parsed correctly but violates business rules). Use 400 Bad Request for syntactic errors (malformed JSON, missing required parameters).
301 vs 302 vs 307 vs 308 — what's the difference?
301 = permanent (may change method to GET). 302 = temporary (may change method to GET). 307 = temporary, method-preserving. 308 = permanent, method-preserving. For permanent redirects of non-GET endpoints, prefer 308. For temporary redirects that must preserve POST/PUT, prefer 307.
Should I use 401 or 403 for permission denied?
401 = 'I don't know who you are' (missing or invalid credentials). 403 = 'I know who you are, but you can't do this' (authenticated but not authorized). If a valid user hits a resource they don't own, return 403.
Related Tools
URL Encode/Decode
Percent-encode and decode URLs online. Handles query strings, path segments, and special characters correctly.
Color Converter
Convert colors between HEX, RGB, HSL, and HSV instantly. Includes a live color preview and copy-ready CSS strings.
User Agent Parser
Parse User-Agent strings to identify browser, engine, operating system, and device. Instantly see what your own browser sends.
CSS Gradient
Design linear and radial CSS gradients with a visual color-stop editor. Copy production-ready CSS or Tailwind classes.
JSON Formatter
Format, beautify, and validate JSON online. Free, fast, and 100% local — your data never leaves your browser.
JSON Validator
Validate JSON online with instant error location and structure statistics (depth, keys, node types). 100% local — your JSON never leaves the browser.