HTTP Status Codes Reference

HTTP status codes reference β€” 1xx, 2xx, 3xx, 4xx, 5xx all explained. 200 OK, 201 Created, 301, 400, 401, 403, 404, 429, 500, 503. What to return and when.

9 min read

What it is

A quick reference for HTTP status codes, explaining their meaning and common use cases.

Installation

No installation required. This is a reference document.

Core Concepts

HTTP status codes are three-digit codes returned by a web server in response to a request made by a client (like a web browser). They indicate the outcome of the request.

  • 1xx Informational: The request was received and understood.
  • 2xx Success: The action was successfully received, understood, and accepted.
  • 3xx Redirection: Further action needs to be taken to complete the request.
  • 4xx Client Error: The request contains bad syntax or cannot be fulfilled.
  • 5xx Server Error: The server failed to fulfill an apparently valid request.

Commands / Usage

1xx Informational

These codes are rarely seen by end-users but are important for network protocols.

  • 100 Continue HTTP/1.1 100 Continue The server has received the request headers and the client should proceed with sending the request body.

  • 101 Switching Protocols HTTP/1.1 101 Switching Protocols The server understands and will comply with the client’s request to switch protocols.

  • 102 Processing HTTP/1.1 102 Processing The server has received and is processing the request; this is a custom code used in WebDAV.

  • 103 Early Hints HTTP/1.1 103 Early Hints The server is sending some response headers before the final message, often to improve perceived performance.

2xx Success

Indicates that the request was successfully received, understood, and accepted.

  • 200 OK HTTP/1.1 200 OK The request has succeeded.

  • 201 Created HTTP/1.1 201 Created The request has been fulfilled, resulting in the creation of a new resource.

  • 202 Accepted HTTP/1.1 202 Accepted The request has been accepted for processing, but the processing has not been completed.

  • 203 Non-Authoritative Information HTTP/1.1 203 Non-Authoritative Information The information returned by the user agent is from a copy of the requested resource and may not be the most up to date.

  • 204 No Content HTTP/1.1 204 No Content The server successfully processed the request and is not returning any content.

  • 205 Reset Content HTTP/1.1 205 Reset Content The server has fulfilled the request and desires that the user agent reset the document view that accompanied the request.

  • 206 Partial Content HTTP/1.1 206 Partial Content The server is delivering only part of the resource because of a range header sent by the client.

3xx Redirection

Indicates that further action needs to be taken by the client to complete the request.

  • 300 Multiple Choices HTTP/1.1 300 Multiple Choices The requested resource has more than one possible representation.

  • 301 Moved Permanently HTTP/1.1 301 Moved Permanently The requested resource has been permanently moved to a new URL.

  • 302 Found HTTP/1.1 302 Found The requested resource resides temporarily under a different URI.

  • 303 See Other HTTP/1.1 303 See Other The response to the request can be found under another URI and should be retrieved using a GET method.

  • 304 Not Modified HTTP/1.1 304 Not Modified The client has performed a conditional GET request to a resource that has not been modified.

  • 307 Temporary Redirect HTTP/1.1 307 Temporary Redirect The requested resource resides temporarily under a different URI, but the client should continue to use the original URI for future requests.

  • 308 Permanent Redirect HTTP/1.1 308 Permanent Redirect The requested resource has been permanently moved to a new URL, and future requests should be made to the new URL.

4xx Client Error

The request contains bad syntax or cannot be fulfilled.

  • 400 Bad Request HTTP/1.1 400 Bad Request The server cannot or will not process the request due to something that is perceived to be a client error.

  • 401 Unauthorized HTTP/1.1 401 Unauthorized Authentication is required and has failed or has not yet been provided.

  • 402 Payment Required HTTP/1.1 402 Payment Required Reserved for future use; this code indicates that the server requires payment.

  • 403 Forbidden HTTP/1.1 403 Forbidden The server understood the request, but refuses to authorize it.

  • 404 Not Found HTTP/1.1 404 Not Found The server can not find the requested resource.

  • 405 Method Not Allowed HTTP/1.1 405 Method Not Allowed The request method is known by the server but is not supported by the target resource.

  • 406 Not Acceptable HTTP/1.1 406 Not Acceptable The server can not produce a response matching the list of media types given by the user agent.

  • 407 Proxy Authentication Required HTTP/1.1 407 Proxy Authentication Required The client must authenticate itself with a proxy.

  • 408 Request Timeout HTTP/1.1 408 Request Timeout The server timed out waiting for the request.

  • 409 Conflict HTTP/1.1 409 Conflict The request could not be completed because of a conflict with the current state of the resource.

  • 410 Gone HTTP/1.1 410 Gone The requested resource is no longer available and will not be available again.

  • 411 Length Required HTTP/1.1 411 Length Required The request did not specify the length of its content, and the server will not accept it without it.

  • 412 Precondition Failed HTTP/1.1 412 Precondition Failed The precondition specified by the user agent in the request evaluated to false.

  • 413 Payload Too Large HTTP/1.1 413 Payload Too Large The server refuses to accept the request because the request payload is too large.

  • 414 URI Too Long HTTP/1.1 414 URI Too Long The server refuses to service the request because the request URI is longer than the server is willing to interpret.

  • 415 Unsupported Media Type HTTP/1.1 415 Unsupported Media Type The server does not support the media type of the request.

  • 416 Range Not Satisfiable HTTP/1.1 416 Range Not Satisfiable The client has asked for a portion of the file that does not exist.

  • 417 Expectation Failed HTTP/1.1 417 Expectation Failed The server cannot meet the requirements of the Expect header field.

  • 418 I’m a teapot HTTP/1.1 418 I'm a teapot This code was defined in 1998 as one of the Internet’s most famous easter eggs, a reference to the "Teapot" incident. The code is part of the Hyper Text Coffee Pot Control Protocol.

  • 421 Misdirected Request HTTP/1.1 421 Misdirected Request The request was directed to a server that is not able to produce the requested service.

  • 422 Unprocessable Entity HTTP/1.1 422 Unprocessable Entity The server understands the content type of the request entity, and the syntax of the request entity is correct, but it was unable to process the contained instructions.

  • 423 Locked HTTP/1.1 423 Locked The resource that is being accessed is locked.

  • 424 Failed Dependency HTTP/1.1 424 Failed Dependency The request failed because of a previous failed request.

  • 425 Too Early HTTP/1.1 425 Too Early Indicates that the server is unwilling to risk processing a request that might be redundant.

  • 426 Upgrade Required HTTP/1.1 426 Upgrade Required The server refuses to perform the request using the current protocol but might be willing to do so under a different protocol.

  • 428 Precondition Required HTTP/1.1 428 Precondition Required The origin server requires the request to be conditional.

  • 429 Too Many Requests HTTP/1.1 429 Too Many Requests The user has sent too many requests in a given amount of time.

  • 431 Request Header Fields Too Large HTTP/1.1 431 Request Header Fields Too Large The server is unwilling to process the request because either an individual header field is too large, or the combination of all header fields is too large.

  • 451 Unavailable For Legal Reasons HTTP/1.1 451 Unavailable For Legal Reasons The user is denied access to the resource due to legal reasons.

5xx Server Error

The server failed to fulfill an apparently valid request.

  • 500 Internal Server Error HTTP/1.1 500 Internal Server Error A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.

  • 501 Not Implemented HTTP/1.1 501 Not Implemented The server does not support the functionality required to fulfill the request.

  • 502 Bad Gateway HTTP/1.1 502 Bad Gateway The server, while acting as a gateway or proxy, received an invalid response from the upstream server.

  • 503 Service Unavailable HTTP/1.1 503 Service Unavailable The server is not ready to handle the request.

  • 504 Gateway Timeout HTTP/1.1 504 Gateway Timeout The server, while acting as a gateway or proxy, did not get a response in time from the upstream server.

  • 505 HTTP Version Not Supported HTTP/1.1 505 HTTP Version Not Supported The server does not support the HTTP protocol version that was used in the request message.

  • 506 Variant Also Negotiates HTTP/1.1 506 Variant Also Negotiates Content negotiation for the request results in no content being acceptable.

  • 507 Insufficient Storage HTTP/1.1 507 Insufficient Storage The server is unable to store the representation needed to complete the request.

  • 508 Loop Detected HTTP/1.1 508 Loop Detected The server terminated an internal server error because it detected an infinite loop.

  • 510 Not Extended HTTP/1.1 510 Not Extended Further extensions to the request are required for the server to fulfill it.

  • 511 Network Authentication Required HTTP/1.1 511 Network Authentication Required The client needs to authenticate to gain network access.

Common Patterns

While this is a reference, understanding how these codes manifest in practice is key.

  • Checking for a successful response: if response.status_code >= 200 and response.status_code < 300: This common Python idiom checks if the request was successful (2xx codes).

  • Handling redirects: When a browser receives a 301 or 302, it automatically follows the Location header. Scripts might need to handle this explicitly.

  • Debugging API issues: A 4xx or 5xx code from an API endpoint is your first clue that something is wrong. The specific code tells you where to look (client vs. server).

  • Implementing caching: A 304 Not Modified response means the client’s cached version is still valid, saving bandwidth.

Gotchas

  • "Unauthorized" vs. "Forbidden": Both mean you can’t access a resource, but 401 Unauthorized implies you might be able to if you provide valid credentials, while 403 Forbidden means you’re denied access regardless of credentials.
  • Browser vs. Script Behavior: Browsers automatically handle redirects (3xx codes). If you’re writing a script (e.g., using curl or requests), you might need to configure it to follow redirects or handle them manually.
  • Custom Codes: While the standard codes are widely adopted, some applications or services might use custom HTTP status codes. These are less common and not universally understood.
  • HTTP/2 and HTTP/3: While the status codes themselves remain the same, the underlying transport and how they are communicated can differ, though this is usually abstracted away by client libraries.