HTTP status codes are the three-digit numbers a server returns at the top of every response to summarize what happened. They're how browsers, clients, proxies, and CDNs decide whether to cache, redirect, retry, or surface an error to the user.
Every status code falls into one of five classes based on its first digit: 1xx informational, 2xx success, 3xx redirection, 4xx client error, 5xx server error. Once you know the class, you usually know the rough meaning even before looking up the specific code.
Most apps only use a small core (200, 201, 204, 301, 302, 304, 400, 401, 403, 404, 409, 422, 429, 500, 502, 503). Knowing what each one *means* - and the difference between 401 Unauthorized and 403 Forbidden, or 301 Moved Permanently and 302 Found - is what makes you a stronger backend or API developer.
What you'll learn while using this reference
The first digit always tells you the class: 1xx info, 2xx success, 3xx redirect, 4xx client error, 5xx server error.
Status codes are *part of the contract* an API offers - clients should branch on them, not parse error messages out of the body.
4xx means the client got something wrong (bad input, missing auth, missing resource). 5xx means the server failed regardless of what the client did.
How to use the status code reference step by step
1
Search by code or name
Type a number (404, 429) or a keyword (auth, redirect, rate limit) and the matching codes filter live.
2
Filter by class
Use the class chips (1xx, 2xx, 3xx, 4xx, 5xx) to narrow the list when you're exploring rather than searching.
3
Read the plain-English explanation
Each entry includes when the code is sent, the typical client behavior, and the most common cause.
4
Compare related codes
Use the see-also links between confusing pairs (401 vs 403, 301 vs 302) to pick the right one for your API.
Success, but no body. Common after DELETE or PUT calls that don't need to return data.
All three are success codes - the difference is what the response carries. 201 should include a Location header pointing at the new resource; 204 is empty by definition.
Temporary redirect. Browsers re-check the original URL on each request; bookmarks stay on the old URL.
Use 301 when you've actually moved a resource (rebrand, URL restructure). Use 302 for short-lived redirects like A/B tests, login redirects, or maintenance pages.
Gateway timeout - a proxy reached upstream but didn't get a response in time.
All four are server errors, but they tell debuggers very different stories. 500 is your app; 502 and 504 point at the network path; 503 points at capacity.
Common HTTP status code mistakes
Returning 200 OK with {"error": "..."} in the body. Status codes are part of the contract - use the right one (400, 404, 500) so clients can branch on it.
Using 401 for permission errors. 401 is for authentication; permission denials are 403.
Using 200 for newly created resources instead of 201 with a Location header.
HTTP Status Code FAQ
What does HTTP 404 mean?
404 Not Found means the server understood the request but the resource at that URL does not exist. Most often the path is wrong, the resource was deleted, or the URL was mistyped.
What is the difference between 401 and 403?
401 Unauthorized means you are not authenticated - the server doesn't know who you are. 403 Forbidden means you are authenticated but don't have permission for the resource. Sending different credentials might fix 401; it won't fix 403.
What is the difference between 301 and 302?
301 Moved Permanently is a permanent redirect - browsers and search engines update their records. 302 Found is a temporary redirect - clients keep visiting the original URL. Use 301 for permanent moves, 302 for temporary detours.
What does HTTP 500 mean?
500 Internal Server Error is a generic server-side error, usually thrown when an unhandled exception bubbles up. The client did nothing wrong - your server failed to process a valid request.
Should I always use a specific status code?
Yes. Generic 200 OK for failures or 500 for everything wrong makes APIs harder to use. Pick the most specific code that fits - clients, proxies, monitors, and retry logic all branch on the status code.
What does HTTP 429 mean?
429 Too Many Requests is sent when a client has hit a rate limit. The response should include a Retry-After header telling the client when it's safe to try again.
What does HTTP 403 Forbidden mean?
403 Forbidden means the server understood the request and knows who you are, but refuses to let you access the resource. Unlike 401, re-authenticating won't help - your account simply doesn't have permission. Common causes are missing roles or scopes, IP allowlists, or a resource that's private to another user.
What does HTTP 502 Bad Gateway mean?
502 Bad Gateway means a server acting as a proxy or gateway (a CDN, load balancer, or reverse proxy) received an invalid or empty response from the upstream server it forwarded your request to. It usually points at the backend being down, crashing, or misconfigured - not at your request.
How many HTTP status codes are there?
There are five classes (1xx-5xx) and roughly 60 standardized codes registered with IANA, though most are rarely used. In practice, day-to-day web and API development relies on about 15-20 core codes: 200, 201, 204, 301, 302, 304, 400, 401, 403, 404, 409, 422, 429, 500, 502, and 503. The searchable list above includes every standard code with a plain-English description.
