HTTP Status Codes

Complete reference with descriptions, real-world examples, and troubleshooting guides for every common HTTP response code.

100 Continue Informational

The server has received the request headers and the client should proceed to send the request body.

When it occurs: Sent when a client makes a request with an Expect: 100-continue header, typically before uploading a large body. The server signals it's willing to accept the payload.

101 Switching Protocols Informational

The server is switching protocols as requested by the client via the Upgrade header.

When it occurs: During WebSocket connection upgrades. The client sends Upgrade: websocket and the server responds with 101 to confirm the protocol switch.

200 OK Success

The request succeeded. The meaning depends on the HTTP method used.

When it occurs: GET — resource retrieved. POST — resource created or action completed. PUT — resource updated. This is the standard successful response.

201 Created Success

The request succeeded and a new resource was created as a result.

When it occurs: After a successful POST request that creates a new record. The response typically includes a Location header pointing to the new resource.

204 No Content Success

The request succeeded but there is no content to return. The client should not navigate away from the current page.

When it occurs: After a successful DELETE request, or a PUT/PATCH where the server doesn't return the updated representation.

206 Partial Content Success

The server is delivering only part of the resource due to a range header sent by the client.

When it occurs: During video streaming, resumable downloads, or any time the client requests a byte range with the Range header. The response includes a Content-Range header.

301 Moved Permanently Redirection

The resource has been permanently moved to a new URL. All future requests should use the new URL.

When it occurs: When a page URL changes (e.g., site restructuring). Search engines transfer link equity to the new URL. Browsers cache this redirect.

302 Found Redirection

The resource is temporarily located at a different URL. Future requests should still use the original URL.

When it occurs: Temporary maintenance redirects, A/B testing, or login redirects. Search engines continue to index the original URL. Note: many clients change the method to GET on 302, which is technically incorrect — use 307 for preserving the method.

304 Not Modified Redirection

The resource has not been modified since the last request. The client should use its cached copy.

When it occurs: When the client sends an If-None-Match (ETag) or If-Modified-Since header and the server determines nothing changed. Saves bandwidth — no body is sent.

307 Temporary Redirect Redirection

The resource is temporarily at a different URL. The request method and body must not change when redirecting.

When it occurs: Similar to 302 but guarantees the HTTP method (POST, PUT, etc.) is preserved during the redirect. Used when you need a true temporary redirect without method conversion.

308 Permanent Redirect Redirection

The resource has permanently moved. The request method and body must not change when redirecting.

When it occurs: Like 301 but guarantees the HTTP method is preserved. Use when permanently redirecting a POST endpoint to a new URL and you need clients to continue sending POST requests to the new location.

400 Bad Request Client Error

The server cannot process the request due to something perceived to be a client error (e.g., malformed request syntax).

When it occurs: Invalid JSON body, missing required fields, malformed URL parameters, or invalid request headers.

How to fix: Validate your request body format, check URL encoding, ensure required headers are present, and verify parameter names and types match the API documentation.
401 Unauthorized Client Error

Authentication is required and has either not been provided or has failed.

When it occurs: Accessing a protected API without an Authorization header, using an expired JWT token, or providing invalid credentials.

How to fix: Include a valid Authorization header (e.g., Bearer token), refresh expired tokens, verify credentials, or log in to obtain a new session.
403 Forbidden Client Error

The server understood the request but refuses to authorize it. The client lacks permission to access the resource.

When it occurs: Trying to access admin pages without admin privileges, accessing another user's private data, or when IP-based access controls block the request.

How to fix: Verify your account has the required role/permissions, contact the resource owner for access, or check if IP allowlisting is needed.
404 Not Found Client Error

The requested resource could not be found on the server.

When it occurs: Typo in the URL, the page was deleted, the resource ID doesn't exist in the database, or the route is not configured on the server.

How to fix: Double-check the URL for typos, verify the resource still exists, check server route configuration, and ensure proper URL rewriting rules are in place.
405 Method Not Allowed Client Error

The request method is not supported for the requested resource.

When it occurs: Sending a POST to a read-only endpoint, or a DELETE to a resource that only supports GET. The response should include an Allow header listing valid methods.

How to fix: Check the Allow response header for supported methods, update your request to use the correct HTTP method, or add the missing method handler on the server.
408 Request Timeout Client Error

The server timed out waiting for the client to send the complete request.

When it occurs: The client opened a connection but took too long to send headers or body. Common on slow or unstable network connections, or when uploading large files.

How to fix: Retry the request, check your network connection, increase client-side timeouts, or reduce payload size. If persistent, check server timeout configuration.
429 Too Many Requests Client Error

The user has sent too many requests in a given amount of time (rate limiting).

When it occurs: Exceeding API rate limits, running aggressive scrapers, or sending too many login attempts. The response may include Retry-After header.

How to fix: Respect the Retry-After header, implement exponential backoff in your client, reduce request frequency, or contact the API provider to increase your rate limit.
500 Internal Server Error Server Error

The server encountered an unexpected condition that prevented it from fulfilling the request.

When it occurs: Unhandled exceptions in application code, database connection failures, configuration errors, or runtime crashes. This is the generic catch-all server error.

How to fix: Check server logs for stack traces, verify database connectivity, review recent code deployments, ensure all environment variables are set, and test edge cases in error handling.
502 Bad Gateway Server Error

The server, acting as a gateway or proxy, received an invalid response from the upstream server.

When it occurs: Nginx/Apache can't reach the backend application, the upstream server crashed, or there's a network issue between the proxy and origin server.

How to fix: Verify the upstream server is running, check proxy configuration, ensure the backend port and hostname are correct, and inspect network connectivity between proxy and origin.
503 Service Unavailable Server Error

The server is not ready to handle the request. Common causes are maintenance or overload.

When it occurs: Server is under heavy load, scheduled maintenance, or the application is starting up. Often temporary — the Retry-After header may indicate when to try again.

How to fix: Wait and retry (respect Retry-After), scale server resources, check for traffic spikes, review deployment status, and ensure health check endpoints are properly configured.
504 Gateway Timeout Server Error

The server, acting as a gateway, did not receive a timely response from the upstream server.

When it occurs: The upstream server is too slow to respond, database queries are taking too long, or there's a network timeout between the proxy and backend.

How to fix: Increase proxy timeout settings, optimize slow database queries, check upstream server health, review long-running processes, and consider async processing for heavy operations.
No status codes match your search. Try a different term.

Why Use This Reference

🔍

Instant Search

Filter by code number, name, or keyword in real time. Find any status code in under a second.

🎨

Color Coded

Visual category system — green for success, blue for redirects, yellow for client errors, red for server errors.

🛠️

Fix Guides

Actionable troubleshooting steps for every error code. Know exactly what to do when something breaks.

📱

Mobile Ready

Fully responsive design that works on phones, tablets, and desktops. Book it for quick lookups on the go.

Frequently Asked Questions

What is the difference between 301 and 302 redirects?
301 Moved Permanently tells browsers and search engines the move is permanent — link equity transfers to the new URL and browsers cache the redirect. 302 Found means the redirect is temporary — search engines keep indexing the original URL and clients should continue using it for future requests.
What is the difference between 401 Unauthorized and 403 Forbidden?
401 Unauthorized means authentication is missing or invalid — the user needs to log in or provide valid credentials. 403 Forbidden means the user is authenticated but does not have permission to access the specific resource — no amount of re-authentication will help.
How can I check what HTTP status code a URL returns?
Use curl -I https://example.com in your terminal, open browser DevTools (F12 → Network tab), or use online tools like HTTPStatus.io. For bulk checking, tools like Screaming Frog can crawl entire sites and report all status codes.

Stay Updated

Get notified when we add new HTTP references and web development guides.