Network
HTTP Status Code List
Complete list of HTTP status codes (1xx-5xx) with meanings, common causes, and fixes for developers. Includes a lookup tool — enter a code number to see details instantly.
| Code | Name | Meaning | Common Causes |
|---|---|---|---|
| 1xx — Informational | |||
| 100 | Continue (Continue) | Indicates the server has received the initial part of the request and the client should continue sending the rest. | Returned when a client sends an Expect: 100-continue header before a large request body. |
| 101 | Switching Protocols (Switching Protocols) | Indicates the server accepts the Upgrade header request and is switching to a different protocol. | A normal response seen when establishing a WebSocket connection. |
| 102 | Processing (Processing) | Indicates the server has accepted the request and is still processing it, with no response ready yet (WebDAV). | Sent to avoid timeouts during long-running WebDAV operations. |
| 103 | Early Hints (Early Hints) | Sends preliminary headers such as Link before the final response, letting the browser preload resources. | Added by CDNs or reverse proxies to speed up preloading of CSS/JS. |
| 2xx — Success | |||
| 200 | OK (OK) | The most common success response, indicating the request was processed successfully. | |
| 201 | Created (Created) | Indicates a new resource was created as a result of the request. | Returned by APIs that create resources via POST; typically includes a Location header pointing to the new resource. |
| 202 | Accepted (Accepted) | Indicates the request was accepted but processing is not yet complete (asynchronous processing). | Used by asynchronous APIs that simply enqueue work, or batch-processing intake endpoints. |
| 204 | No Content (No Content) | Indicates the request succeeded but there is no content to return. | Common after a successful DELETE, or a PUT update where the API design omits a response body. |
| 206 | Partial Content (Partial Content) | Indicates only part of the resource was returned, based on the client's Range header. | A normal response for video seeking or resumable downloads. |
| 3xx — Redirection | |||
| 301 | Moved Permanently (Moved Permanently) | Indicates the resource has permanently moved to a new URL; search engines transfer ranking signals to the new URL. | Used to redirect old URLs after a URL structure change or domain migration. |
| 302 | Found (Found) | Indicates the resource is temporarily at a different URL. Permanent moves should use 301 instead. | Commonly used for temporary routing during maintenance, or post-login redirects. |
| 303 | See Other (See Other) | Indicates the result should be fetched with GET from another URL (the Post-Redirect-Get pattern). | Used after a form submission (POST) to avoid the browser's resubmission dialog. |
| 304 | Not Modified (Not Modified) | Indicates the cached resource has not changed, so the body is not resent. | Returned for conditional requests using If-None-Match / If-Modified-Since when the cache is still valid. |
| 307 | Temporary Redirect (Temporary Redirect) | A temporary redirect that, unlike 302, preserves the original method and body when resending. | Used in API designs that need to redirect POST/PUT requests while preserving the body. |
| 308 | Permanent Redirect (Permanent Redirect) | A permanent redirect that, unlike 301, preserves the original method and body when resending. | Used for API version migrations that need a permanent move while preserving the method. |
| 4xx — Client Error | |||
| 400 | Bad Request (Bad Request) | Indicates the request syntax or parameters are malformed and the server cannot understand it. | Typically caused by JSON syntax errors, missing required parameters, or type mismatches. |
| 401 | Unauthorized (Unauthorized) | Indicates missing or invalid authentication credentials (despite the name, it really means "unauthenticated"). | Often caused by an expired token, a missing Authorization header, or an incorrect API key. |
| 402 | Payment Required (Payment Required) | Reserved for future use; sometimes used to indicate that payment is required. | Some APIs repurpose this to signal usage limits exceeded or an expired billing plan. |
| 403 | Forbidden (Forbidden) | Indicates the server understood the request but refuses to authorize it. | Typical causes include insufficient permissions, IP restrictions, CORS policy violations, or file permission misconfigurations. |
| 404 | Not Found (Not Found) | Indicates the requested resource could not be found. | Usually caused by an unregistered route, a typo in the URL, or accessing an already-deleted resource. |
| 405 | Method Not Allowed (Method Not Allowed) | Indicates the resource exists but the specified HTTP method is not allowed on it. | Typically happens when POST is sent to a GET-only endpoint, or a similar method mismatch. |
| 406 | Not Acceptable (Not Acceptable) | Indicates the server cannot produce a response matching the client's Accept header. | Occurs when a client requests Accept: application/xml from an API that only returns JSON, for example. |
| 408 | Request Timeout (Request Timeout) | Indicates the server timed out waiting for the client to complete the request. | Often caused by slow connections, large uploads, or a client that stalls mid-request. |
| 409 | Conflict (Conflict) | Indicates the request conflicts with the current state of the resource. | Occurs with optimistic locking failures during concurrent edits, or attempts to create duplicates. |
| 410 | Gone (Gone) | Indicates the resource has been permanently removed and will not return (a stronger signal than 404). | Used to explicitly tell search engines that content was intentionally deleted and retired. |
| 413 | Payload Too Large (Payload Too Large) | Indicates the request body exceeds the size the server is willing to accept. | Usually caused by exceeding a file upload size limit, or an insufficient body-size setting in Nginx/PHP. |
| 414 | URI Too Long (URI Too Long) | Indicates the request URI is longer than the server is willing to process. | Often happens when a large amount of data is packed into GET query parameters. |
| 415 | Unsupported Media Type (Unsupported Media Type) | Indicates the server does not support the media type of the request body. | Common when sending Content-Type: text/plain to a JSON API, or similar header misconfigurations. |
| 422 | Unprocessable Entity (Unprocessable Entity) | Indicates the request syntax is valid but semantic validation failed. | Frequently used to report form validation errors, such as missing required fields or invalid formats. |
| 425 | Too Early (Too Early) | Indicates the server refuses to process a request that might be replayed due to early-data risk. | Can be returned as a defense against replay attacks using TLS 1.3 0-RTT data. |
| 429 | Too Many Requests (Too Many Requests) | Indicates the client has sent too many requests within a given time window (rate limiting). | Caused by exceeding an API rate limit; the Retry-After header often indicates how long to wait before retrying. |
| 451 | Unavailable For Legal Reasons (Unavailable For Legal Reasons) | Indicates the content is unavailable due to a legal demand, such as a court order. | Returned when a content provider blocks access due to a copyright claim or country-specific legal regulation. |
| 5xx — Server Error | |||
| 500 | Internal Server Error (Internal Server Error) | Indicates an unexpected error occurred on the server and the request could not be processed. | Causes vary widely: unhandled exceptions in the application, misconfiguration, database connection failures, and more. |
| 501 | Not Implemented (Not Implemented) | Indicates the server does not support the functionality required to fulfill the request. | Occurs when an unimplemented HTTP method (e.g. PATCH) is sent to an older server implementation. |
| 502 | Bad Gateway (Bad Gateway) | Indicates a proxy or gateway received an invalid response from the upstream server. | Typically caused by the upstream application server being down or having crashed. |
| 503 | Service Unavailable (Service Unavailable) | Indicates the server is temporarily overloaded or under maintenance and cannot handle the request. | Mainly caused by resource exhaustion under heavy load, or a planned maintenance window. |
| 504 | Gateway Timeout (Gateway Timeout) | Indicates a proxy or gateway did not receive a timely response from the upstream server. | Often caused by long-running backend processing, network latency, or an upstream server that hangs. |
| 505 | HTTP Version Not Supported (HTTP Version Not Supported) | Indicates the server does not support the HTTP version used in the request. | Occurs when an old client or misconfigured proxy communicates using an unexpected HTTP version. |
| 507 | Insufficient Storage (Insufficient Storage) | Indicates the server does not have enough storage to complete the request (WebDAV). | Returned when a file-storage operation fails due to insufficient disk space. |
| 508 | Loop Detected (Loop Detected) | Indicates the server detected an infinite loop while processing the request (WebDAV). | Occurs when a WebDAV binding configuration contains a circular reference. |
| 511 | Network Authentication Required (Network Authentication Required) | Indicates the client needs to authenticate to gain network access. | Used to redirect to a captive portal login page, such as on public Wi-Fi. |
Tips
- 404 and 410 look similar, but 410 explicitly signals that content was intentionally removed and won't come back. Use 410 for content with no replacement to send a clearer signal to search engines.
- 301 vs. 308 and 302 vs. 307 share the same "permanent vs. temporary" distinction, but 308 and 307 preserve the original POST body when resending, unlike 301 and 302.
- When you receive a 429 Too Many Requests, check the
Retry-Afterheader and wait that long before retrying — hammering the endpoint anyway can get you blocked entirely. - A 5xx error signals a server-side problem, not a bug in your request — check server logs and uptime status before debugging your client code.
- The Network tab in your browser's developer tools color-codes status codes for each request. Pairing that with this reference makes debugging much faster.
FAQ
-i flag with curl, or enter the code number into this page's lookup tool to see its meaning.
Side Note — A Brief History of HTTP Status Codes
The HTTP status code system was first standardized in RFC 1945, the HTTP/1.0 specification published in 1996. HTTP/1.1 (RFC 2616), released in 1999, established most of the code system we use today, including the 4xx and 5xx families, and it has since carried forward through RFC 7231 (2014) and RFC 9110 (2022).
The famous joke code 418 I'm a teapot originated in an April Fools' Day RFC from 1998 describing the fictional "Hyper Text Coffee Pot Control Protocol" (HTCPCP). The code was meant to be returned if you asked a teapot to brew coffee.
The design principle where the leading digit signals a broad category is believed to have influenced later return-code systems in protocols like SMTP and FTP. The simplicity of "1xx = informational, 2xx = success" has remained essentially unchanged for nearly three decades.
451 Unavailable For Legal Reasons is a relatively recent addition, formally standardized in RFC 7725 in 2015. The number 451 was deliberately chosen as a nod to Ray Bradbury's dystopian novel "Fahrenheit 451," which centers on censorship.