Complete reference for all HTTP response status codes β from 1xx informational to 5xx server errors.
60 status codes
The server has received the request headers and the client should proceed to send the request body.
Use case: Large file uploads β client sends Expect: 100-continue before body.
The server agrees to switch protocols as requested by the client.
Use case: WebSocket upgrades: HTTP β WebSocket.
The server has received and is processing the request, but no response is yet available.
Use case: Long-running WebDAV operations to prevent client timeout.
Returns response headers before the final response, allowing the client to preload resources.
Use case: Preloading critical CSS/JS while the server prepares the full response.
The request has succeeded. The response body contains the requested resource.
Use case: Standard successful GET, POST, PUT, PATCH responses.
The request has been fulfilled and a new resource has been created.
Use case: Successful POST that creates a resource. Include Location header pointing to new resource.
The request has been accepted for processing but processing has not been completed.
Use case: Async operations: email sending, report generation, batch jobs.
The response is successful but the information was obtained from a third-party source.
Use case: Proxies or mirrors that transform the original response.
The server successfully processed the request but returns no content.
Use case: DELETE operations, form submissions with no redirect, successful PATCH with no body needed.
The server successfully processed the request and asks the client to reset the document view.
Use case: Forms β server wants the client to clear the form after submission.
The server is delivering only part of the resource due to a range header sent by the client.
Use case: Video streaming, resumable file downloads, pagination of large binary resources.
The response body contains status information for multiple independent operations.
Use case: WebDAV batch operations where each sub-request has its own status.
Members of a DAV binding have already been enumerated in a previous reply.
Use case: WebDAV β avoids re-listing resources already returned.
The server has fulfilled a GET for the resource and the response represents the result of one or more instance manipulations.
Use case: HTTP delta encoding β differential responses for caching efficiency.
The request has more than one possible response. The user should choose one.
Use case: Content negotiation β multiple formats or languages available.
The resource has been permanently moved to a new URL. Future requests should use the new URL.
Use case: Site migration, domain changes. Passes full SEO link equity to new URL.
The resource is temporarily at a different URL. Client should continue using original URL.
Use case: Temporary maintenance pages, A/B testing redirects.
The server directs the client to get the requested resource at another URI using a GET request.
Use case: Post/Redirect/Get pattern β after a successful POST, redirect to a confirmation page.
The resource has not been modified since the last request. Client should use its cached version.
Use case: Conditional GET with If-None-Match or If-Modified-Since. Saves bandwidth.
The resource is temporarily at a different URL. The method and body must not change.
Use case: Like 302, but guarantees the HTTP method is preserved on redirect.
The resource has permanently moved. The method and body must not change.
Use case: Like 301 but method-preserving. Good for migrating POST endpoints.
The server cannot process the request due to client error (malformed syntax, invalid parameters).
Use case: Invalid JSON body, missing required fields, invalid query params, validation failures.
The client must authenticate itself to get the requested response.
Use case: Missing or invalid Bearer token / API key. Should trigger a login prompt.
Reserved for future use; some APIs use it for subscription/paywall responses.
Use case: Paywalled API endpoints, exceeded free-tier limits, subscription required.
The client is authenticated but lacks permission to access the resource.
Use case: User is logged in but lacks the required role or ownership. Don't reveal resource existence.
The server cannot find the requested resource. The URL may be incorrect or the resource deleted.
Use case: Missing pages, deleted resources, invalid IDs. Most common HTTP error.
The HTTP method is not supported for the requested resource.
Use case: Calling DELETE on a read-only endpoint. Include Allow header listing valid methods.
The server cannot produce a response matching the Accept headers sent by the client.
Use case: Client requests application/xml but only JSON is available.
The client must authenticate itself with the proxy server.
Use case: Corporate proxy requiring credentials before passing requests through.
The server timed out waiting for the request.
Use case: Client took too long to send the complete request. Server closes the connection.
The request conflicts with the current state of the server.
Use case: Duplicate username registration, version conflicts in optimistic concurrency.
The resource is permanently deleted and will not be available again.
Use case: Deleted content where you want search engines to deindex permanently.
The server requires a Content-Length header in the request.
Use case: API endpoints that need to pre-allocate resources based on expected body size.
The server does not meet a precondition the client specified in its headers.
Use case: Optimistic concurrency with If-Match/ETags. Edit conflict detection.
The request body is larger than the server is willing to process.
Use case: File upload exceeds limit. Include Retry-After if temporary.
The URI provided was too long for the server to process.
Use case: Excessively long query strings, typically from GET requests with too much data.
The media format of the request body is not supported by the server.
Use case: Sending XML to an endpoint that only accepts JSON.
The range specified in the Range header cannot be fulfilled.
Use case: File download resumed beyond the file's actual size.
The expectation indicated in the Expect header cannot be met by the server.
Use case: Client sends Expect: 100-continue but server can't accommodate it.
The server refuses to brew coffee because it's a teapot (RFC 2324 April Fools' joke).
Use case: Easter egg in APIs. Some services use it to reject clearly bot-driven requests.
The request was well-formed but failed semantic validation.
Use case: JSON is valid but business logic validation fails (e.g., end date before start date).
The resource that is being accessed is locked.
Use case: WebDAV β file checked out by another user.
The request failed because it depended on another request that failed.
Use case: WebDAV batch operations where a prior step failed.
The server is unwilling to process a request that might be replayed.
Use case: TLS 0-RTT early data that could be a replay attack.
The client should switch to a different protocol.
Use case: Server requires HTTPS but received HTTP, or requires HTTP/2.
The server requires the request to be conditional to prevent lost updates.
Use case: API requires If-Match header for update operations to prevent conflicts.
The user has sent too many requests in a given amount of time (rate limiting).
Use case: API rate limits exceeded. Include Retry-After header with wait time.
The server is unwilling to process the request because its header fields are too large.
Use case: Excessively large cookies or too many custom headers.
The resource is unavailable due to legal reasons such as government censorship.
Use case: GDPR compliance blocking, DMCA takedowns, regional legal restrictions.
The server encountered an unexpected condition that prevented it from fulfilling the request.
Use case: Unhandled exceptions, database errors, configuration issues. Generic catch-all.
The server does not support the functionality required to fulfill the request.
Use case: HTTP method not recognized or not yet implemented by the server.
The server, while acting as a gateway, received an invalid response from the upstream server.
Use case: Upstream API timeout, crashed microservice behind load balancer.
The server is temporarily unable to handle the request due to overload or maintenance.
Use case: Planned maintenance, server overload. Include Retry-After header.
The server, acting as a gateway, did not receive a timely response from the upstream server.
Use case: Slow database queries, slow microservices causing proxy timeouts.
The HTTP protocol version used in the request is not supported by the server.
Use case: Rare β client uses an unsupported HTTP version.
The server has an internal configuration error with transparent content negotiation.
Use case: Circular reference in content negotiation configuration.
The server is unable to store the representation needed to complete the request.
Use case: WebDAV β disk full. Also used in some APIs for quota exhaustion.
The server detected an infinite loop while processing the request.
Use case: WebDAV β infinite loop in directory binding.
Further extensions to the request are required for the server to fulfill it.
Use case: HTTP Extension Framework β specific extension policy not met.
The client needs to authenticate to gain network access.
Use case: Captive portals β hotel/airport Wi-Fi login pages.
HTTP status codes are 3-digit numbers returned by a web server in response to a client request. They indicate whether a request was successful, redirected, or encountered an error. The first digit defines the response class: 1xx (informational), 2xx (success), 3xx (redirection), 4xx (client error), 5xx (server error).
301 (Moved Permanently) tells browsers and search engines that a page has permanently moved to a new URL, passing full SEO link equity to the new URL. 302 (Found / Temporary Redirect) signals a temporary move; browsers redirect but search engines typically keep the original URL indexed.
401 Unauthorized means the client is not authenticated β no credentials provided or invalid credentials. 403 Forbidden means the client is authenticated but not authorized to access the resource. Use 401 to prompt a login and 403 when the user is logged in but lacks permission.
For a successful POST that creates a resource, return 201 Created with a Location header pointing to the new resource. For a successful POST that triggers processing without creating a resource, return 200 OK. For async operations where processing hasn't completed, return 202 Accepted.
Related tools