HTTP Response Codes
The HTTP protocol defines a standardized set of status codes to communicate the outcome of a client’s request. These codes indicate at which stage the request stands or why it may have failed. They fall into five primary categories:
1xx Informational
Indicates that the request was received and the process is continuing.
2xx Success
Indicates that the request was successfully received, understood, and accepted.
3xx Redirection
Instructs the client to perform additional actions to complete the request (typically follow a different URL).
4xx Client Error
Indicates that the error is due to something the client sent (invalid request, missing auth, etc.).
5xx Server Error
Indicates that the server failed to fulfill a valid request.
1xx Informational
These codes indicate that the request was received and the process is continuing. They do not finalize the HTTP transaction — the client must wait for or send more data.
100 Continue
The server has received the initial request headers and the client should proceed to send the request body (used with Expect: 100-continue
).
101 Switching Protocols
The server agrees to switch protocols as requested by the client (for example upgrading from HTTP to WebSocket).
102 Processing
(WebDAV) The server has received and is processing the request, but no response is available yet. Prevents client timeouts on long operations.
103 Early Hints
Used to return some response headers before the final HTTP message, typically to allow the client to start preloading resources (via Link
headers) while the server prepares the final response.
2xx Success
These codes indicate that the client’s request was successfully received, understood, and accepted.
200 OK
The standard response for successful HTTP requests. The actual response depends on the request method (GET returns a resource, POST might return confirmation, etc).
201 Created
The request was successful and resulted in the creation of a new resource. Often includes a Location
header pointing to the new resource.
202 Accepted
The request has been accepted for processing, but the processing is not complete. Typically used for async workflows.
203 Non-Authoritative Information
The server successfully processed the request but is returning information from another source (like a proxy or transformation) that might not be exactly the original.
204 No Content
The server successfully processed the request and is not returning any content. Useful for operations that do not need to change the current page (like clearing a form via JS).
205 Reset Content
The server processed the request successfully, but asks the client to reset the document view (like clearing form inputs).
206 Partial Content
The server is delivering only part of the resource due to a Range
header sent by the client. Used for resumable downloads or streaming.
207 Multi-Status
(WebDAV) Conveys information about multiple resources, returning XML that contains multiple status codes.
208 Already Reported
(WebDAV) Used inside a DAV: propstat response element to avoid repeatedly enumerating the same internal members.
3xx Redirection
These codes indicate that further action needs to be taken by the client in order to complete the request. Usually involves following a different URI.
300 Multiple Choices
Indicates multiple options for the resource that the client may follow (for example, different file formats). Rarely used in practice.
301 Moved Permanently
The resource has been permanently moved to a new URI. Clients should update their references. Future requests should use the new URL.
302 Found
The resource resides temporarily under a different URI. The client should continue to use the original URI for future requests. (Most common for standard redirects, but technically should use 303/307).
303 See Other
The server directs the client to get the requested resource at another URI using a GET request, typically after a POST.
304 Not Modified
Indicates that the resource has not been modified since the version specified by the If-Modified-Since
or If-None-Match
headers. Client can use cached version.
307 Temporary Redirect
The resource resides temporarily at a different URI, and the client should repeat the request using the same method. Unlike 302, it guarantees the same method (POST stays POST).
308 Permanent Redirect
The resource has been permanently moved to a new URI. The client should use the new URI and repeat the request with the same method. POST stays POST.
4xx Client Error
These codes indicate that the client seems to have made an error. The server understood the request, but it cannot or will not process it due to something that is perceived to be a client problem.
400 Bad Request
The server could not understand the request due to invalid syntax (malformed JSON, missing required parameters, invalid query strings, etc).
401 Unauthorized
Authentication is required and has failed or has not yet been provided. The client should provide valid authentication credentials.
402 Payment Required
Reserved for future use. Intended to be used for digital payment systems but rarely implemented.
403 Forbidden
The client does not have access rights to the content. Unlike 401, authentication will not help; it is an explicit refusal.
404 Not Found
The server can not find the requested resource. This is the most common client error.
405 Method Not Allowed
The method specified in the request (e.g. POST, GET, DELETE) is not allowed for the resource.
406 Not Acceptable
The requested resource is capable of generating only content not acceptable according to the Accept headers sent by the client.
407 Proxy Authentication Required
The client must authenticate itself with the proxy before the request can be served.
408 Request Timeout
The client did not produce a request within the time that the server was prepared to wait.
409 Conflict
The request could not be completed due to a conflict with the current state of the resource. Typical in REST APIs when there is a version conflict.
410 Gone
The requested resource is no longer available and will not be available again. Typically used to indicate intentionally removed resources.
411 Length Required
The server refuses to accept the request without a defined Content-Length header.
412 Precondition Failed
One or more conditions given in the request header fields evaluated to false when tested on the server.
413 Content Too Large
The request entity is larger than limits defined by the server. (Previously called Payload Too Large).
414 URI Too Long
The URI provided was too long for the server to process. Often happens with overly large query strings.
415 Unsupported Media Type
The media format of the requested data is not supported by the server (e.g., sending XML where JSON is expected).
416 Range Not Satisfiable
The range specified by the Range header field in the request can't be fulfilled; the requested range is outside the size of the target resource.
417 Expectation Failed
The server cannot meet the requirements of the Expect request-header field.
418 I'm a teapot
Defined in RFC 2324, returned by teapots requested to brew coffee. Not actually used in production systems.
421 Misdirected Request
The request was directed at a server that is not able to produce a response (commonly seen in HTTP/2 multiplexed connections).
422 Unprocessable Content
The server understands the content type of the request and the syntax is correct but was unable to process the contained instructions. (Common in REST validation errors).
423 Locked
The resource that is being accessed is locked. (WebDAV).
424 Failed Dependency
The request failed due to failure of a previous request. (WebDAV).
425 Too Early
Indicates that the server is unwilling to risk processing a request that might be replayed. Used in early TLS handshake.
426 Upgrade Required
The server refuses to perform the request using the current protocol but might be willing if the client upgrades to a different protocol (e.g., switch to TLS/1.2).
428 Precondition Required
The server requires the request to be conditional. Intended to prevent the 'lost update' problem.
429 Too Many Requests
The user has sent too many requests in a given amount of time (rate limiting).
431 Request Header Fields Too Large
The server is unwilling to process the request because its header fields are too large.
444 No Response
The server closes the connection without sending any HTTP response to the client. Typically used to drop malicious or unwanted requests silently. Logged in access.log
as 444
.
451 Unavailable For Legal Reasons
The server is denying access to the resource as a consequence of a legal demand (for example, geo-blocking or copyright takedown).
494 Request Header Too Large
The client sent HTTP headers that exceed the server’s configured maximum (large_client_header_buffers
). The server closes the connection.
495 SSL Certificate Error
The server failed to verify the client’s SSL certificate during the handshake (invalid or untrusted client cert).
496 SSL Certificate Required
The server expected a client SSL certificate (mutual TLS), but the client did not provide one.
497 HTTP Request Sent to HTTPS Port
The client sent a plain HTTP request to an HTTPS port (like port 443). The server detects this mismatch.
499 Client Closed Request
The client closed the connection before the server could send a response. This code appears in access.log
; it is not sent back to the client.
5xx Server Error
These codes indicate that the server failed to fulfill a valid request. The problem is on the server side, not the client's.
500 Internal Server Error
A generic error message indicating an unexpected condition was encountered and the server cannot fulfill the request. No more specific message is suitable.
501 Not Implemented
The server does not support the functionality required to fulfill the request (e.g. an unsupported HTTP method).
502 Bad Gateway
The server, while acting as a gateway or proxy, received an invalid response from the upstream server.
503 Service Unavailable
The server is currently unable to handle the request due to temporary overload or scheduled maintenance. Usually a temporary condition.
504 Gateway Timeout
The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server it needed to access.
505 HTTP Version Not Supported
The server does not support the HTTP protocol version used in the request (like HTTP/1.0 vs HTTP/2).
506 Variant Also Negotiates
Transparent content negotiation for the request results in a circular reference. Very rare.
507 Insufficient Storage
The server is unable to store the representation needed to complete the request (typically in WebDAV scenarios).
508 Loop Detected
The server detected an infinite loop while processing a request (also seen in WebDAV collections).
510 Not Extended
Further extensions to the request are required for the server to fulfill it. Very uncommon.
511 Network Authentication Required
The client needs to authenticate to gain network access, often used by captive portals (Wi-Fi login pages).
References
RFC 7231: HTTP/1.1 Semantics and Content (core HTTP methods, standard status codes)
RFC 7235: HTTP/1.1 Authentication (
401 Unauthorized
,407 Proxy Authentication Required
and authentication mechanisms)RFC 6585: Additional HTTP Status Codes (defines
429 Too Many Requests
,431 Request Header Fields Too Large
,511 Network Authentication Required
)RFC 4918: HTTP Extensions for WebDAV (defines WebDAV-specific codes like
207 Multi-Status
,422 Unprocessable Entity
,423 Locked
,424 Failed Dependency
,507 Insufficient Storage
,508 Loop Detected
)RFC 8470: HTTP 103 Early Hints (specifies
103 Early Hints
for resource preloading)
Last updated
Was this helpful?