HTTP Status Codes

Every status code developers actually encounter, organized by category.

1xxInformational

100Continue

Server received the request headers; client should proceed to send the body.

Common use: Large file uploads with Expect: 100-continue header.

101Switching Protocols

Server is switching protocols as requested by the client.

Common use: WebSocket upgrade handshake.

103Early Hints

Lets the browser start preloading resources while the server prepares a response.

Common use: Preloading CSS/JS before final response.

2xxSuccess

200OK

The request succeeded. Response body contains the requested resource.

Common use: Standard successful GET, PUT, or PATCH response.

201Created

The request succeeded and a new resource was created.

Common use: POST request that creates a new record. Return Location header.

202Accepted

The request was accepted for processing, but processing is not complete.

Common use: Async operations like batch jobs or email sending.

204No Content

The request succeeded but there is no content to return.

Common use: Successful DELETE request or PUT with no response body needed.

206Partial Content

Server is delivering only part of the resource due to a Range header.

Common use: Video streaming, resumable file downloads.

3xxRedirection

301Moved Permanently

The resource has been permanently moved to a new URL.

Common use: Domain migration, URL restructuring. Search engines update their index.

302Found

The resource temporarily resides under a different URL.

Common use: Temporary redirects during maintenance. Often misused instead of 303/307.

303See Other

Response to the request can be found at another URL using GET.

Common use: Redirect after POST form submission (Post/Redirect/Get pattern).

304Not Modified

The resource has not been modified since the last request.

Common use: Browser cache validation with If-None-Match or If-Modified-Since.

307Temporary Redirect

Same as 302 but the HTTP method must not change.

Common use: Temporary redirect that preserves POST method and body.

308Permanent Redirect

Same as 301 but the HTTP method must not change.

Common use: Permanent redirect that preserves POST method and body.

4xxClient Error

400Bad Request

The server cannot process the request due to malformed syntax.

Common use: Invalid JSON body, missing required fields, validation failures.

401Unauthorized

Authentication is required and has failed or not been provided.

Common use: Missing or expired JWT token, invalid API key.

403Forbidden

The server understood the request but refuses to authorize it.

Common use: User is authenticated but lacks permission for this resource.

404Not Found

The server cannot find the requested resource.

Common use: Resource does not exist at this URL. Check for typos.

405Method Not Allowed

The HTTP method is not supported for this resource.

Common use: Sending POST to a read-only endpoint. Include Allow header in response.

406Not Acceptable

The server cannot produce a response matching the Accept headers.

Common use: Client requests XML but API only serves JSON.

408Request Timeout

The server timed out waiting for the request.

Common use: Client took too long to send the complete request.

409Conflict

The request conflicts with the current state of the resource.

Common use: Duplicate entry, optimistic concurrency conflict, version mismatch.

410Gone

The resource was once here but has been permanently removed.

Common use: Deprecated API endpoint. Unlike 404, this is intentional and permanent.

411Length Required

The server requires a Content-Length header.

Common use: Chunked uploads to servers that need content length upfront.

413Content Too Large

The request body exceeds the server limit.

Common use: File upload exceeds max size. Previously called Payload Too Large.

415Unsupported Media Type

The media type of the request body is not supported.

Common use: Sending form data to an endpoint that only accepts JSON.

418I'm a Teapot

The server refuses to brew coffee because it is a teapot.

Common use: RFC 2324 April Fools joke. Sometimes used as an Easter egg.

422Unprocessable Content

The request is well-formed but contains semantic errors.

Common use: Valid JSON but business logic validation fails (e.g., end date before start date).

429Too Many Requests

The user has sent too many requests in a given time period.

Common use: Rate limiting. Include Retry-After header to indicate when to retry.

451Unavailable for Legal Reasons

Access is denied for legal reasons such as censorship or court order.

Common use: GDPR content restrictions, government-mandated blocks.

5xxServer Error

500Internal Server Error

The server encountered an unexpected condition that prevented it from fulfilling the request.

Common use: Unhandled exception, null reference, database connection failure.

501Not Implemented

The server does not support the functionality required to fulfill the request.

Common use: Unsupported HTTP method or feature not yet built.

502Bad Gateway

The server, acting as a gateway, received an invalid response from the upstream server.

Common use: Reverse proxy (nginx, Cloudflare) cannot reach the origin server.

503Service Unavailable

The server is not ready to handle the request, usually due to maintenance or overload.

Common use: Planned maintenance, server overload. Include Retry-After header.

504Gateway Timeout

The server, acting as a gateway, did not get a response from the upstream server in time.

Common use: Origin server is too slow. Check for long-running queries or deadlocks.