Alle HTTP-Statuscodes nach Name oder Code suchen. Enthält Beschreibungen, Beispiele und Best Practices.
60 Statuscodes
The server has received the request headers and the client should proceed to send the request body.
Anwendungsfall: Large file uploads — client sends Expect: 100-continue before body.
The server agrees to switch protocols as requested by the client.
Anwendungsfall: WebSocket upgrades: HTTP → WebSocket.
The server has received and is processing the request, but no response is yet available.
Anwendungsfall: Long-running WebDAV operations to prevent client timeout.
Returns response headers before the final response, allowing the client to preload resources.
Anwendungsfall: Preloading critical CSS/JS while the server prepares the full response.
The request has succeeded. The response body contains the requested resource.
Anwendungsfall: Standard successful GET, POST, PUT, PATCH responses.
The request has been fulfilled and a new resource has been created.
Anwendungsfall: Successful POST that creates a resource. Include Location header pointing to new resource.
The request has been accepted for processing but processing has not been completed.
Anwendungsfall: Async operations: email sending, report generation, batch jobs.
The response is successful but the information was obtained from a third-party source.
Anwendungsfall: Proxies or mirrors that transform the original response.
The server successfully processed the request but returns no content.
Anwendungsfall: DELETE operations, form submissions with no redirect, successful PATCH with no body needed.
The server successfully processed the request and asks the client to reset the document view.
Anwendungsfall: Forms — server wants the client to clear the form after submission.
The server is delivering only part of the resource due to a range header sent by the client.
Anwendungsfall: Video streaming, resumable file downloads, pagination of large binary resources.
The response body contains status information for multiple independent operations.
Anwendungsfall: WebDAV batch operations where each sub-request has its own status.
Members of a DAV binding have already been enumerated in a previous reply.
Anwendungsfall: WebDAV — avoids re-listing resources already returned.
The server has fulfilled a GET for the resource and the response represents the result of one or more instance manipulations.
Anwendungsfall: HTTP delta encoding — differential responses for caching efficiency.
The request has more than one possible response. The user should choose one.
Anwendungsfall: Content negotiation — multiple formats or languages available.
The resource has been permanently moved to a new URL. Future requests should use the new URL.
Anwendungsfall: Site migration, domain changes. Passes full SEO link equity to new URL.
The resource is temporarily at a different URL. Client should continue using original URL.
Anwendungsfall: Temporary maintenance pages, A/B testing redirects.
The server directs the client to get the requested resource at another URI using a GET request.
Anwendungsfall: Post/Redirect/Get pattern — after a successful POST, redirect to a confirmation page.
The resource has not been modified since the last request. Client should use its cached version.
Anwendungsfall: Conditional GET with If-None-Match or If-Modified-Since. Saves bandwidth.
The resource is temporarily at a different URL. The method and body must not change.
Anwendungsfall: Like 302, but guarantees the HTTP method is preserved on redirect.
The resource has permanently moved. The method and body must not change.
Anwendungsfall: Like 301 but method-preserving. Good for migrating POST endpoints.
The server cannot process the request due to client error (malformed syntax, invalid parameters).
Anwendungsfall: Invalid JSON body, missing required fields, invalid query params, validation failures.
The client must authenticate itself to get the requested response.
Anwendungsfall: Missing or invalid Bearer token / API key. Should trigger a login prompt.
Reserved for future use; some APIs use it for subscription/paywall responses.
Anwendungsfall: Paywalled API endpoints, exceeded free-tier limits, subscription required.
The client is authenticated but lacks permission to access the resource.
Anwendungsfall: User is logged in but lacks the required role or ownership. Don't reveal resource existence.
The server cannot find the requested resource. The URL may be incorrect or the resource deleted.
Anwendungsfall: Missing pages, deleted resources, invalid IDs. Most common HTTP error.
The HTTP method is not supported for the requested resource.
Anwendungsfall: Calling DELETE on a read-only endpoint. Include Allow header listing valid methods.
The server cannot produce a response matching the Accept headers sent by the client.
Anwendungsfall: Client requests application/xml but only JSON is available.
The client must authenticate itself with the proxy server.
Anwendungsfall: Corporate proxy requiring credentials before passing requests through.
The server timed out waiting for the request.
Anwendungsfall: Client took too long to send the complete request. Server closes the connection.
The request conflicts with the current state of the server.
Anwendungsfall: Duplicate username registration, version conflicts in optimistic concurrency.
The resource is permanently deleted and will not be available again.
Anwendungsfall: Deleted content where you want search engines to deindex permanently.
The server requires a Content-Length header in the request.
Anwendungsfall: API endpoints that need to pre-allocate resources based on expected body size.
The server does not meet a precondition the client specified in its headers.
Anwendungsfall: Optimistic concurrency with If-Match/ETags. Edit conflict detection.
The request body is larger than the server is willing to process.
Anwendungsfall: File upload exceeds limit. Include Retry-After if temporary.
The URI provided was too long for the server to process.
Anwendungsfall: Excessively long query strings, typically from GET requests with too much data.
The media format of the request body is not supported by the server.
Anwendungsfall: Sending XML to an endpoint that only accepts JSON.
The range specified in the Range header cannot be fulfilled.
Anwendungsfall: File download resumed beyond the file's actual size.
The expectation indicated in the Expect header cannot be met by the server.
Anwendungsfall: Client sends Expect: 100-continue but server can't accommodate it.
The server refuses to brew coffee because it's a teapot (RFC 2324 April Fools' joke).
Anwendungsfall: Easter egg in APIs. Some services use it to reject clearly bot-driven requests.
The request was well-formed but failed semantic validation.
Anwendungsfall: JSON is valid but business logic validation fails (e.g., end date before start date).
The resource that is being accessed is locked.
Anwendungsfall: WebDAV — file checked out by another user.
The request failed because it depended on another request that failed.
Anwendungsfall: WebDAV batch operations where a prior step failed.
The server is unwilling to process a request that might be replayed.
Anwendungsfall: TLS 0-RTT early data that could be a replay attack.
The client should switch to a different protocol.
Anwendungsfall: Server requires HTTPS but received HTTP, or requires HTTP/2.
The server requires the request to be conditional to prevent lost updates.
Anwendungsfall: API requires If-Match header for update operations to prevent conflicts.
The user has sent too many requests in a given amount of time (rate limiting).
Anwendungsfall: API rate limits exceeded. Include Retry-After header with wait time.
The server is unwilling to process the request because its header fields are too large.
Anwendungsfall: Excessively large cookies or too many custom headers.
The resource is unavailable due to legal reasons such as government censorship.
Anwendungsfall: GDPR compliance blocking, DMCA takedowns, regional legal restrictions.
The server encountered an unexpected condition that prevented it from fulfilling the request.
Anwendungsfall: Unhandled exceptions, database errors, configuration issues. Generic catch-all.
The server does not support the functionality required to fulfill the request.
Anwendungsfall: HTTP method not recognized or not yet implemented by the server.
The server, while acting as a gateway, received an invalid response from the upstream server.
Anwendungsfall: Upstream API timeout, crashed microservice behind load balancer.
The server is temporarily unable to handle the request due to overload or maintenance.
Anwendungsfall: Planned maintenance, server overload. Include Retry-After header.
The server, acting as a gateway, did not receive a timely response from the upstream server.
Anwendungsfall: Slow database queries, slow microservices causing proxy timeouts.
The HTTP protocol version used in the request is not supported by the server.
Anwendungsfall: Rare — client uses an unsupported HTTP version.
The server has an internal configuration error with transparent content negotiation.
Anwendungsfall: Circular reference in content negotiation configuration.
The server is unable to store the representation needed to complete the request.
Anwendungsfall: WebDAV — disk full. Also used in some APIs for quota exhaustion.
The server detected an infinite loop while processing the request.
Anwendungsfall: WebDAV — infinite loop in directory binding.
Further extensions to the request are required for the server to fulfill it.
Anwendungsfall: HTTP Extension Framework — specific extension policy not met.
The client needs to authenticate to gain network access.
Anwendungsfall: Captive portals — hotel/airport Wi-Fi login pages.
HTTP-Statuscodes sind 3-stellige Zahlen, die ein Webserver als Antwort auf eine Client-Anfrage zurückgibt. Sie geben an, ob eine Anfrage erfolgreich war, weitergeleitet wurde oder auf einen Fehler gestoßen ist. Die erste Ziffer definiert die Antwortklasse: 1xx (informational), 2xx (Erfolg), 3xx (Weiterleitung), 4xx (Client-Fehler), 5xx (Server-Fehler).
301 (Moved Permanently) teilt Browsern und Suchmaschinen mit, dass eine Seite dauerhaft zu einer neuen URL verschoben wurde, und überträgt das vollständige SEO-Link-Equity an die neue URL. 302 (Found / Temporary Redirect) signalisiert eine vorübergehende Verschiebung; Browser leiten weiter, aber Suchmaschinen behalten in der Regel die ursprüngliche URL im Index.
401 Unauthorized bedeutet, dass der Client nicht authentifiziert ist — keine Anmeldedaten angegeben oder ungültige Anmeldedaten. 403 Forbidden bedeutet, dass der Client authentifiziert ist, aber keine Berechtigung hat, auf die Ressource zuzugreifen. Verwenden Sie 401, um zur Anmeldung aufzufordern, und 403, wenn der Benutzer angemeldet ist, aber keine Berechtigung hat.
Für einen erfolgreichen POST, der eine Ressource erstellt, geben Sie 201 Created mit einem Location-Header zurück, der auf die neue Ressource verweist. Für einen erfolgreichen POST, der eine Verarbeitung auslöst, ohne eine Ressource zu erstellen, geben Sie 200 OK zurück. Für asynchrone Vorgänge, bei denen die Verarbeitung noch nicht abgeschlossen ist, geben Sie 202 Accepted zurück.
Verwandte Tools