HTTP Response Codes

The HTTP protocol defines a standardized set of status codes to communicate the outcome of a client’s request. These codes indicate at which stage the request stands or why it may have failed. They fall into five primary categories:

Category
Description

1xx Informational

Indicates that the request was received and the process is continuing.

2xx Success

Indicates that the request was successfully received, understood, and accepted.

3xx Redirection

Instructs the client to perform additional actions to complete the request (typically follow a different URL).

4xx Client Error

Indicates that the error is due to something the client sent (invalid request, missing auth, etc.).

5xx Server Error

Indicates that the server failed to fulfill a valid request.

1xx Informational

These codes indicate that the request was received and the process is continuing. They do not finalize the HTTP transaction — the client must wait for or send more data.

Code
Meaning

100 Continue

The server has received the initial request headers and the client should proceed to send the request body (used with Expect: 100-continue).

101 Switching Protocols

The server agrees to switch protocols as requested by the client (for example upgrading from HTTP to WebSocket).

102 Processing

(WebDAV) The server has received and is processing the request, but no response is available yet. Prevents client timeouts on long operations.

103 Early Hints

Used to return some response headers before the final HTTP message, typically to allow the client to start preloading resources (via Link headers) while the server prepares the final response.

2xx Success

These codes indicate that the client’s request was successfully received, understood, and accepted.

Code
Meaning

200 OK

The standard response for successful HTTP requests. The actual response depends on the request method (GET returns a resource, POST might return confirmation, etc).

201 Created

The request was successful and resulted in the creation of a new resource. Often includes a Location header pointing to the new resource.

202 Accepted

The request has been accepted for processing, but the processing is not complete. Typically used for async workflows.

203 Non-Authoritative Information

The server successfully processed the request but is returning information from another source (like a proxy or transformation) that might not be exactly the original.

204 No Content

The server successfully processed the request and is not returning any content. Useful for operations that do not need to change the current page (like clearing a form via JS).

205 Reset Content

The server processed the request successfully, but asks the client to reset the document view (like clearing form inputs).

206 Partial Content

The server is delivering only part of the resource due to a Range header sent by the client. Used for resumable downloads or streaming.

207 Multi-Status

(WebDAV) Conveys information about multiple resources, returning XML that contains multiple status codes.

208 Already Reported

(WebDAV) Used inside a DAV: propstat response element to avoid repeatedly enumerating the same internal members.

3xx Redirection

These codes indicate that further action needs to be taken by the client in order to complete the request. Usually involves following a different URI.

Code
Meaning

300 Multiple Choices

Indicates multiple options for the resource that the client may follow (for example, different file formats). Rarely used in practice.

301 Moved Permanently

The resource has been permanently moved to a new URI. Clients should update their references. Future requests should use the new URL.

302 Found

The resource resides temporarily under a different URI. The client should continue to use the original URI for future requests. (Most common for standard redirects, but technically should use 303/307).

303 See Other

The server directs the client to get the requested resource at another URI using a GET request, typically after a POST.

304 Not Modified

Indicates that the resource has not been modified since the version specified by the If-Modified-Since or If-None-Match headers. Client can use cached version.

307 Temporary Redirect

The resource resides temporarily at a different URI, and the client should repeat the request using the same method. Unlike 302, it guarantees the same method (POST stays POST).

308 Permanent Redirect

The resource has been permanently moved to a new URI. The client should use the new URI and repeat the request with the same method. POST stays POST.

4xx Client Error

These codes indicate that the client seems to have made an error. The server understood the request, but it cannot or will not process it due to something that is perceived to be a client problem.

Code
Meaning

400 Bad Request

The server could not understand the request due to invalid syntax (malformed JSON, missing required parameters, invalid query strings, etc).

401 Unauthorized

Authentication is required and has failed or has not yet been provided. The client should provide valid authentication credentials.

402 Payment Required

Reserved for future use. Intended to be used for digital payment systems but rarely implemented.

403 Forbidden

The client does not have access rights to the content. Unlike 401, authentication will not help; it is an explicit refusal.

404 Not Found

The server can not find the requested resource. This is the most common client error.

405 Method Not Allowed

The method specified in the request (e.g. POST, GET, DELETE) is not allowed for the resource.

406 Not Acceptable

The requested resource is capable of generating only content not acceptable according to the Accept headers sent by the client.

407 Proxy Authentication Required

The client must authenticate itself with the proxy before the request can be served.

408 Request Timeout

The client did not produce a request within the time that the server was prepared to wait.

409 Conflict

The request could not be completed due to a conflict with the current state of the resource. Typical in REST APIs when there is a version conflict.

410 Gone

The requested resource is no longer available and will not be available again. Typically used to indicate intentionally removed resources.

411 Length Required

The server refuses to accept the request without a defined Content-Length header.

412 Precondition Failed

One or more conditions given in the request header fields evaluated to false when tested on the server.

413 Content Too Large

The request entity is larger than limits defined by the server. (Previously called Payload Too Large).

414 URI Too Long

The URI provided was too long for the server to process. Often happens with overly large query strings.

415 Unsupported Media Type

The media format of the requested data is not supported by the server (e.g., sending XML where JSON is expected).

416 Range Not Satisfiable

The range specified by the Range header field in the request can't be fulfilled; the requested range is outside the size of the target resource.

417 Expectation Failed

The server cannot meet the requirements of the Expect request-header field.

418 I'm a teapot

Defined in RFC 2324, returned by teapots requested to brew coffee. Not actually used in production systems.

421 Misdirected Request

The request was directed at a server that is not able to produce a response (commonly seen in HTTP/2 multiplexed connections).

422 Unprocessable Content

The server understands the content type of the request and the syntax is correct but was unable to process the contained instructions. (Common in REST validation errors).

423 Locked

The resource that is being accessed is locked. (WebDAV).

424 Failed Dependency

The request failed due to failure of a previous request. (WebDAV).

425 Too Early

Indicates that the server is unwilling to risk processing a request that might be replayed. Used in early TLS handshake.

426 Upgrade Required

The server refuses to perform the request using the current protocol but might be willing if the client upgrades to a different protocol (e.g., switch to TLS/1.2).

428 Precondition Required

The server requires the request to be conditional. Intended to prevent the 'lost update' problem.

429 Too Many Requests

The user has sent too many requests in a given amount of time (rate limiting).

431 Request Header Fields Too Large

The server is unwilling to process the request because its header fields are too large.

444 No Response

The server closes the connection without sending any HTTP response to the client. Typically used to drop malicious or unwanted requests silently. Logged in access.log as 444.

451 Unavailable For Legal Reasons

The server is denying access to the resource as a consequence of a legal demand (for example, geo-blocking or copyright takedown).

494 Request Header Too Large

The client sent HTTP headers that exceed the server’s configured maximum (large_client_header_buffers). The server closes the connection.

495 SSL Certificate Error

The server failed to verify the client’s SSL certificate during the handshake (invalid or untrusted client cert).

496 SSL Certificate Required

The server expected a client SSL certificate (mutual TLS), but the client did not provide one.

497 HTTP Request Sent to HTTPS Port

The client sent a plain HTTP request to an HTTPS port (like port 443). The server detects this mismatch.

499 Client Closed Request

The client closed the connection before the server could send a response. This code appears in access.log; it is not sent back to the client.

5xx Server Error

These codes indicate that the server failed to fulfill a valid request. The problem is on the server side, not the client's.

Code
Meaning

500 Internal Server Error

A generic error message indicating an unexpected condition was encountered and the server cannot fulfill the request. No more specific message is suitable.

501 Not Implemented

The server does not support the functionality required to fulfill the request (e.g. an unsupported HTTP method).

502 Bad Gateway

The server, while acting as a gateway or proxy, received an invalid response from the upstream server.

503 Service Unavailable

The server is currently unable to handle the request due to temporary overload or scheduled maintenance. Usually a temporary condition.

504 Gateway Timeout

The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server it needed to access.

505 HTTP Version Not Supported

The server does not support the HTTP protocol version used in the request (like HTTP/1.0 vs HTTP/2).

506 Variant Also Negotiates

Transparent content negotiation for the request results in a circular reference. Very rare.

507 Insufficient Storage

The server is unable to store the representation needed to complete the request (typically in WebDAV scenarios).

508 Loop Detected

The server detected an infinite loop while processing a request (also seen in WebDAV collections).

510 Not Extended

Further extensions to the request are required for the server to fulfill it. Very uncommon.

511 Network Authentication Required

The client needs to authenticate to gain network access, often used by captive portals (Wi-Fi login pages).

References

  • RFC 7231: HTTP/1.1 Semantics and Content (core HTTP methods, standard status codes)

  • RFC 7235: HTTP/1.1 Authentication (401 Unauthorized, 407 Proxy Authentication Required and authentication mechanisms)

  • RFC 6585: Additional HTTP Status Codes (defines 429 Too Many Requests, 431 Request Header Fields Too Large, 511 Network Authentication Required)

  • RFC 4918: HTTP Extensions for WebDAV (defines WebDAV-specific codes like 207 Multi-Status, 422 Unprocessable Entity, 423 Locked, 424 Failed Dependency, 507 Insufficient Storage, 508 Loop Detected)

  • RFC 8470: HTTP 103 Early Hints (specifies 103 Early Hints for resource preloading)

Last updated

Was this helpful?