Network

HTTP Status Code List

Complete list of HTTP status codes (1xx-5xx) with meanings, common causes, and fixes for developers. Includes a lookup tool — enter a code number to see details instantly.

HTTP Status Code Reference Table
Code Name Meaning Common Causes
1xx — Informational
100 Continue (Continue) Indicates the server has received the initial part of the request and the client should continue sending the rest. Returned when a client sends an Expect: 100-continue header before a large request body.
101 Switching Protocols (Switching Protocols) Indicates the server accepts the Upgrade header request and is switching to a different protocol. A normal response seen when establishing a WebSocket connection.
102 Processing (Processing) Indicates the server has accepted the request and is still processing it, with no response ready yet (WebDAV). Sent to avoid timeouts during long-running WebDAV operations.
103 Early Hints (Early Hints) Sends preliminary headers such as Link before the final response, letting the browser preload resources. Added by CDNs or reverse proxies to speed up preloading of CSS/JS.
2xx — Success
200 OK (OK) The most common success response, indicating the request was processed successfully.
201 Created (Created) Indicates a new resource was created as a result of the request. Returned by APIs that create resources via POST; typically includes a Location header pointing to the new resource.
202 Accepted (Accepted) Indicates the request was accepted but processing is not yet complete (asynchronous processing). Used by asynchronous APIs that simply enqueue work, or batch-processing intake endpoints.
204 No Content (No Content) Indicates the request succeeded but there is no content to return. Common after a successful DELETE, or a PUT update where the API design omits a response body.
206 Partial Content (Partial Content) Indicates only part of the resource was returned, based on the client's Range header. A normal response for video seeking or resumable downloads.
3xx — Redirection
301 Moved Permanently (Moved Permanently) Indicates the resource has permanently moved to a new URL; search engines transfer ranking signals to the new URL. Used to redirect old URLs after a URL structure change or domain migration.
302 Found (Found) Indicates the resource is temporarily at a different URL. Permanent moves should use 301 instead. Commonly used for temporary routing during maintenance, or post-login redirects.
303 See Other (See Other) Indicates the result should be fetched with GET from another URL (the Post-Redirect-Get pattern). Used after a form submission (POST) to avoid the browser's resubmission dialog.
304 Not Modified (Not Modified) Indicates the cached resource has not changed, so the body is not resent. Returned for conditional requests using If-None-Match / If-Modified-Since when the cache is still valid.
307 Temporary Redirect (Temporary Redirect) A temporary redirect that, unlike 302, preserves the original method and body when resending. Used in API designs that need to redirect POST/PUT requests while preserving the body.
308 Permanent Redirect (Permanent Redirect) A permanent redirect that, unlike 301, preserves the original method and body when resending. Used for API version migrations that need a permanent move while preserving the method.
4xx — Client Error
400 Bad Request (Bad Request) Indicates the request syntax or parameters are malformed and the server cannot understand it. Typically caused by JSON syntax errors, missing required parameters, or type mismatches.
401 Unauthorized (Unauthorized) Indicates missing or invalid authentication credentials (despite the name, it really means "unauthenticated"). Often caused by an expired token, a missing Authorization header, or an incorrect API key.
402 Payment Required (Payment Required) Reserved for future use; sometimes used to indicate that payment is required. Some APIs repurpose this to signal usage limits exceeded or an expired billing plan.
403 Forbidden (Forbidden) Indicates the server understood the request but refuses to authorize it. Typical causes include insufficient permissions, IP restrictions, CORS policy violations, or file permission misconfigurations.
404 Not Found (Not Found) Indicates the requested resource could not be found. Usually caused by an unregistered route, a typo in the URL, or accessing an already-deleted resource.
405 Method Not Allowed (Method Not Allowed) Indicates the resource exists but the specified HTTP method is not allowed on it. Typically happens when POST is sent to a GET-only endpoint, or a similar method mismatch.
406 Not Acceptable (Not Acceptable) Indicates the server cannot produce a response matching the client's Accept header. Occurs when a client requests Accept: application/xml from an API that only returns JSON, for example.
408 Request Timeout (Request Timeout) Indicates the server timed out waiting for the client to complete the request. Often caused by slow connections, large uploads, or a client that stalls mid-request.
409 Conflict (Conflict) Indicates the request conflicts with the current state of the resource. Occurs with optimistic locking failures during concurrent edits, or attempts to create duplicates.
410 Gone (Gone) Indicates the resource has been permanently removed and will not return (a stronger signal than 404). Used to explicitly tell search engines that content was intentionally deleted and retired.
413 Payload Too Large (Payload Too Large) Indicates the request body exceeds the size the server is willing to accept. Usually caused by exceeding a file upload size limit, or an insufficient body-size setting in Nginx/PHP.
414 URI Too Long (URI Too Long) Indicates the request URI is longer than the server is willing to process. Often happens when a large amount of data is packed into GET query parameters.
415 Unsupported Media Type (Unsupported Media Type) Indicates the server does not support the media type of the request body. Common when sending Content-Type: text/plain to a JSON API, or similar header misconfigurations.
422 Unprocessable Entity (Unprocessable Entity) Indicates the request syntax is valid but semantic validation failed. Frequently used to report form validation errors, such as missing required fields or invalid formats.
425 Too Early (Too Early) Indicates the server refuses to process a request that might be replayed due to early-data risk. Can be returned as a defense against replay attacks using TLS 1.3 0-RTT data.
429 Too Many Requests (Too Many Requests) Indicates the client has sent too many requests within a given time window (rate limiting). Caused by exceeding an API rate limit; the Retry-After header often indicates how long to wait before retrying.
451 Unavailable For Legal Reasons (Unavailable For Legal Reasons) Indicates the content is unavailable due to a legal demand, such as a court order. Returned when a content provider blocks access due to a copyright claim or country-specific legal regulation.
5xx — Server Error
500 Internal Server Error (Internal Server Error) Indicates an unexpected error occurred on the server and the request could not be processed. Causes vary widely: unhandled exceptions in the application, misconfiguration, database connection failures, and more.
501 Not Implemented (Not Implemented) Indicates the server does not support the functionality required to fulfill the request. Occurs when an unimplemented HTTP method (e.g. PATCH) is sent to an older server implementation.
502 Bad Gateway (Bad Gateway) Indicates a proxy or gateway received an invalid response from the upstream server. Typically caused by the upstream application server being down or having crashed.
503 Service Unavailable (Service Unavailable) Indicates the server is temporarily overloaded or under maintenance and cannot handle the request. Mainly caused by resource exhaustion under heavy load, or a planned maintenance window.
504 Gateway Timeout (Gateway Timeout) Indicates a proxy or gateway did not receive a timely response from the upstream server. Often caused by long-running backend processing, network latency, or an upstream server that hangs.
505 HTTP Version Not Supported (HTTP Version Not Supported) Indicates the server does not support the HTTP version used in the request. Occurs when an old client or misconfigured proxy communicates using an unexpected HTTP version.
507 Insufficient Storage (Insufficient Storage) Indicates the server does not have enough storage to complete the request (WebDAV). Returned when a file-storage operation fails due to insufficient disk space.
508 Loop Detected (Loop Detected) Indicates the server detected an infinite loop while processing the request (WebDAV). Occurs when a WebDAV binding configuration contains a circular reference.
511 Network Authentication Required (Network Authentication Required) Indicates the client needs to authenticate to gain network access. Used to redirect to a captive portal login page, such as on public Wi-Fi.

Tips

  • 404 and 410 look similar, but 410 explicitly signals that content was intentionally removed and won't come back. Use 410 for content with no replacement to send a clearer signal to search engines.
  • 301 vs. 308 and 302 vs. 307 share the same "permanent vs. temporary" distinction, but 308 and 307 preserve the original POST body when resending, unlike 301 and 302.
  • When you receive a 429 Too Many Requests, check the Retry-After header and wait that long before retrying — hammering the endpoint anyway can get you blocked entirely.
  • A 5xx error signals a server-side problem, not a bug in your request — check server logs and uptime status before debugging your client code.
  • The Network tab in your browser's developer tools color-codes status codes for each request. Pairing that with this reference makes debugging much faster.

FAQ

Both indicate a resource wasn't found, but 404 is a general "not found" that may be temporary, while 410 explicitly signals the resource was permanently removed and will never return. Use 410 for intentionally deleted content to send a clearer signal for SEO.

A 301 (permanent) redirect transfers nearly all of the old URL's ranking signals to the new URL. A 302 (temporary) redirect tells search engines to keep treating the old URL as canonical, so permanent moves should always use 301.

401 Unauthorized actually means "not authenticated" — the client hasn't proven who it is. 403 Forbidden means the client is authenticated but lacks permission. Despite the naming, 401 is about authentication and 403 is about authorization.

A 502 means a reverse proxy or load balancer received an invalid response from the backend application server. Start by checking whether the application server process is running and hasn't crashed.

Use your browser's developer tools Network tab, the -i flag with curl, or enter the code number into this page's lookup tool to see its meaning.
ツールくん

Side Note — A Brief History of HTTP Status Codes

The HTTP status code system was first standardized in RFC 1945, the HTTP/1.0 specification published in 1996. HTTP/1.1 (RFC 2616), released in 1999, established most of the code system we use today, including the 4xx and 5xx families, and it has since carried forward through RFC 7231 (2014) and RFC 9110 (2022).

The famous joke code 418 I'm a teapot originated in an April Fools' Day RFC from 1998 describing the fictional "Hyper Text Coffee Pot Control Protocol" (HTCPCP). The code was meant to be returned if you asked a teapot to brew coffee.

The design principle where the leading digit signals a broad category is believed to have influenced later return-code systems in protocols like SMTP and FTP. The simplicity of "1xx = informational, 2xx = success" has remained essentially unchanged for nearly three decades.

451 Unavailable For Legal Reasons is a relatively recent addition, formally standardized in RFC 7725 in 2015. The number 451 was deliberately chosen as a nod to Ray Bradbury's dystopian novel "Fahrenheit 451," which centers on censorship.