What Are Status Codes?
Every HTTP response includes a three-digit status code that tells the client the result of the request. The status code appears on the first line of the response:
The code (200) is machine-readable, while the reason phrase (OK) is human-readable. Clients use the numeric code to determine how to handle the response.
Status Code Categories
Status codes are grouped into five categories based on their first digit:
| Range | Category | Meaning |
|---|---|---|
| 1xx | Informational | Request received, continuing process |
| 2xx | Success | Request successfully received and processed |
| 3xx | Redirection | Further action needed to complete request |
| 4xx | Client Error | Request contains bad syntax or cannot be fulfilled |
| 5xx | Server Error | Server failed to fulfill a valid request |
1xx Informational
Informational responses indicate the request was received and the server is continuing to process it. These are rarely seen in typical web development.
100 Continue
The server has received the request headers and the client should proceed to send the request body. Used with large uploads when client sends Expect: 100-continue header.
101 Switching Protocols
The server is switching to a different protocol as requested by the client. Commonly seen when upgrading to WebSocket connections.
103 Early Hints
Allows the server to send some headers before the final response. Used with Link headers to hint at resources the browser should preload.
2xx Success
Success codes indicate the request was successfully received, understood, and accepted.
200 OK
The standard success response. The meaning depends on the method:
GET: Resource retrieved and in response bodyPOST: Action completed, result in response bodyPUT/PATCH: Resource updated successfully
201 Created
The request succeeded and a new resource was created. Typically returned after POST requests. The Location header should contain the URL of the new resource.
204 No Content
The request succeeded but there's no content to return. Common response to DELETE requests or PUT requests where no response body is needed.
206 Partial Content
The server is delivering only part of the resource due to a Range header sent by the client. Used for resuming downloads or streaming media.
3xx Redirection
Redirection codes indicate the client must take additional action to complete the request, usually by requesting a different URL.
301 Moved Permanently
The resource has been permanently moved to a new URL. Search engines will update their index. Browsers cache this redirect.
302 Found
The resource is temporarily at a different URL. The client should continue using the original URL for future requests.
303 See Other
The response to the request is at a different URL and should be retrieved using GET. Often used after POST to redirect to a confirmation page (Post/Redirect/Get pattern).
304 Not Modified
The resource hasn't changed since the version specified by the request headers (If-Modified-Since or If-None-Match). No body is returned—the client should use its cached copy.
307 Temporary Redirect
Like 302, but guarantees the method and body will not change. If you POST to a URL and get 307, you should POST to the new URL.
308 Permanent Redirect
Like 301, but guarantees the method and body will not change. The permanent equivalent of 307.
4xx Client Errors
Client error codes indicate the request was malformed or cannot be fulfilled. The error is on the client side.
400 Bad Request
The server cannot process the request due to invalid syntax. Examples: malformed JSON, invalid query parameters, missing required fields.
401 Unauthorized
Authentication is required and has failed or not been provided. The response should include a WWW-Authenticate header indicating how to authenticate.
403 Forbidden
The server understood the request but refuses to authorize it. Unlike 401, authenticating won't help—the client doesn't have permission.
404 Not Found
The requested resource doesn't exist. This is perhaps the most famous status code.
405 Method Not Allowed
The HTTP method is not allowed for this resource. For example, trying to DELETE a read-only resource. The Allow header should list valid methods.
409 Conflict
The request conflicts with the current state of the server. Examples: creating a duplicate resource, editing a resource that has changed since you retrieved it.
410 Gone
The resource existed but has been permanently removed. Unlike 404, this is intentional and permanent. Search engines should remove the URL.
422 Unprocessable Entity
The request was well-formed but contains semantic errors. The syntax is correct but the content doesn't make sense (e.g., invalid email format in JSON).
429 Too Many Requests
Rate limiting—the client has sent too many requests in a given time period. The Retry-After header may indicate when to try again.
5xx Server Errors
Server error codes indicate the server failed to fulfill a valid request. The problem is on the server side.
500 Internal Server Error
A generic error message when the server encounters an unexpected condition. Often indicates unhandled exceptions or bugs in server code.
501 Not Implemented
The server doesn't support the functionality required to fulfill the request. For example, an unsupported HTTP method.
502 Bad Gateway
The server, acting as a gateway or proxy, received an invalid response from an upstream server.
503 Service Unavailable
The server is temporarily unable to handle the request, usually due to maintenance or overload. The Retry-After header may indicate when to try again.
504 Gateway Timeout
The server, acting as a gateway or proxy, didn't receive a timely response from an upstream server.
Status Code Quick Reference
| Code | Name | Common Use |
|---|---|---|
| 200 | OK | Request succeeded |
| 201 | Created | Resource created (POST) |
| 204 | No Content | Success, no body (DELETE) |
| 301 | Moved Permanently | Permanent redirect |
| 302 | Found | Temporary redirect |
| 304 | Not Modified | Use cached version |
| 400 | Bad Request | Invalid request syntax |
| 401 | Unauthorized | Authentication required |
| 403 | Forbidden | Permission denied |
| 404 | Not Found | Resource doesn't exist |
| 405 | Method Not Allowed | Wrong HTTP method |
| 429 | Too Many Requests | Rate limited |
| 500 | Internal Server Error | Server bug |
| 502 | Bad Gateway | Proxy/upstream error |
| 503 | Service Unavailable | Server overloaded |
Interactive Examples
The following examples demonstrate common status code scenarios.
201 Created - New Resource
Server responds with the created resource and its location:
301 Moved Permanently - URL Change
Server redirects to the new permanent location:
304 Not Modified - Cache Valid
Server confirms the cached version is still current:
400 Bad Request - Invalid Input
Server rejects malformed request:
401 Unauthorized - Auth Required
Server requires authentication:
403 Forbidden - Access Denied
Server denies access to protected resource:
429 Too Many Requests - Rate Limited
Server throttles excessive requests:
500 Internal Server Error
Server encounters an unexpected error: