Network & web

HTTP Status Code Reference

Search HTTP status codes by number, phrase, class, and common usage locally in your browser.

Runs locally in your browser

Search status code, phrase, or usageStatus class

26 status codes matched. Runs locally in your browser.

1xx Informational

100Continue

The server received the request headers and the client can continue sending the body.

Common useLarge uploads with Expect: 100-continue.

NoteRarely handled directly in browser app code.

101Switching Protocols

The server agrees to switch protocols.

Common useWebSocket protocol upgrades.

NoteUsually produced by infrastructure or WebSocket servers.

2xx Success

200OK

The request succeeded.

Common useSuccessful GET, POST, or API response.

NoteThe response body meaning depends on the endpoint.

201Created

The request succeeded and created a resource.

Common useSuccessful POST that creates a user, order, file, or record.

NoteOften returned with a Location header.

202Accepted

The request was accepted but processing is not finished.

Common useQueued jobs, async imports, background processing.

NoteProvide a status endpoint when clients need progress.

204No Content

The request succeeded and there is no response body.

Common useDELETE success, save actions, analytics beacons.

NoteDo not send JSON body with a 204 response.

3xx Redirection

301Moved Permanently

The resource has a permanent new URL.

Common useCanonical domain and URL migrations.

NoteBrowsers and crawlers may cache this strongly.

302Found

The resource is temporarily available at another URL.

Common useTemporary redirects and legacy form flows.

NoteUse 303 or 307 when method behavior matters.

303See Other

Redirect the client to another URL using GET.

Common usePost/Redirect/Get after form submission.

NoteUseful to avoid duplicate form resubmits.

304Not Modified

Cached content is still valid.

Common useETag and Last-Modified browser caching.

NoteResponse should not include a normal body.

307Temporary Redirect

Temporary redirect while preserving method and body.

Common useTemporary API or upload redirects.

NoteSafer than 302 when POST must remain POST.

308Permanent Redirect

Permanent redirect while preserving method and body.

Common usePermanent API migrations and canonical HTTPS redirects.

NoteCan be cached like 301.

4xx Client error

400Bad Request

The request is malformed or invalid.

Common useInvalid JSON, missing required fields, bad query parameters.

NoteReturn useful validation details without exposing internals.

401Unauthorized

Authentication is required or failed.

Common useMissing, expired, or invalid login/session/token.

NoteDespite the name, it means unauthenticated rather than forbidden.

403Forbidden

The server understood the request but refuses to authorize it.

Common useLogged-in user lacks permission for a resource.

NoteDo not reveal sensitive authorization details.

404Not Found

The resource could not be found.

Common useMissing pages, deleted resources, unknown routes.

NoteCan also be used to avoid revealing private resource existence.

405Method Not Allowed

The URL exists but does not allow this HTTP method.

Common usePOST to a GET-only endpoint.

NoteInclude an Allow header when practical.

409Conflict

The request conflicts with current resource state.

Common useDuplicate usernames, edit conflicts, optimistic locking.

NoteTell the client how to resolve the conflict.

410Gone

The resource is intentionally no longer available.

Common useDeleted content that should not return.

NoteCan be clearer than 404 for permanent removals.

422Unprocessable Content

The request is syntactically valid but semantically invalid.

Common useField-level validation errors in APIs.

NoteOften used by JSON APIs and form backends.

429Too Many Requests

The client exceeded a rate limit.

Common useAPI throttling, login protection, abuse controls.

NoteInclude Retry-After when possible.

5xx Server error

500Internal Server Error

The server hit an unexpected error.

Common useUnhandled exceptions and backend failures.

NoteLog details server-side, but show a safe generic message to users.

501Not Implemented

The server does not support the requested functionality.

Common useUnsupported HTTP method or feature.

NoteLess common than 404 or 405 for app routes.

502Bad Gateway

A gateway or proxy received an invalid upstream response.

Common useReverse proxy, CDN, or load balancer upstream failure.

NoteCheck upstream health, DNS, network, and proxy logs.

503Service Unavailable

The server is temporarily unavailable.

Common useMaintenance, deploys, overload, dependency downtime.

NoteUse Retry-After for planned maintenance or overload.

504Gateway Timeout

A gateway or proxy timed out waiting for an upstream server.

Common useSlow backend, database timeout, external API delay.

NoteCheck upstream timeout limits and slow operations.

How to use this tool

Search by status code, phrase, class, or common usage such as `redirect`, `rate limit`, `gateway`, or `validation`.

Filter by class when you only want 2xx success, 3xx redirects, 4xx client errors, or 5xx server errors.

Copy the exact code and phrase when documenting API behavior, debugging logs, or writing support notes.

HTTP status code classes

1xx codes are informational and are usually handled by browsers, proxies, or protocol implementations.

2xx codes mean the request succeeded, but the exact semantics differ between `200 OK`, `201 Created`, `202 Accepted`, and `204 No Content`.

3xx codes describe redirects and caching decisions. Pick permanent versus temporary redirects carefully because browsers and search engines can cache them.

4xx codes usually mean the client request has a problem, while 5xx codes mean the server or upstream infrastructure failed.

Common debugging choices

Use 400 for malformed requests and 422 when JSON or form syntax is valid but the submitted fields fail validation.

Use 401 when authentication is missing or invalid, and 403 when the user is authenticated but lacks permission.

Use 429 for rate limits and include a `Retry-After` header when clients can safely retry later.

Use 502, 503, and 504 to distinguish upstream gateway failures, temporary unavailability, and gateway timeouts.

Examples

Permanent canonical redirect

Input

http://example.com/page

Output

301 Moved Permanently -> https://example.com/page

API validation error

Input

POST /users with a valid JSON body but missing email

Output

422 Unprocessable Content

Rate-limited API client

Output

429 Too Many Requests with Retry-After: 60

FAQ

What is the difference between 401 and 403?

401 means authentication is required or failed. 403 means the server understood the request, but the authenticated user is not allowed to access the resource.

Should I use 301 or 302 for redirects?

Use 301 for permanent URL moves and 302 for temporary redirects. Use 307 or 308 when the original HTTP method and body must be preserved.

What does 429 mean?

429 Too Many Requests means the client exceeded a rate limit. APIs should include retry guidance when possible.

Are 5xx errors always application bugs?

No. 5xx responses can come from app exceptions, overloaded servers, reverse proxies, CDNs, upstream dependency failures, or timeouts.