Menu
Coddy logo textTools
English

HTTP Status Codes

Searchable reference for every HTTP status code with plain-English explanations.

Last updated

  • 100Continue

    1xx

    The initial part of the request was received and the client should continue sending the body.

  • 101Switching Protocols

    1xx

    The server agreed to switch protocols (e.g. upgrading HTTP/1.1 to WebSocket).

  • 102Processing

    1xx

    WebDAV — the request was accepted but is not yet completed.

  • 103Early Hints

    1xx

    Used with the Link header to let the client preload resources before the final response.

  • 200OK

    2xx

    The request succeeded. The exact meaning depends on the method.

  • 201Created

    2xx

    The request succeeded and a new resource was created.

  • 202Accepted

    2xx

    The request was accepted for processing but is not yet complete (async work).

  • 203Non-Authoritative Information

    2xx

    Returned metadata is from a transforming proxy, not the origin server.

  • 204No Content

    2xx

    The request succeeded but there is no body to return.

  • 205Reset Content

    2xx

    Tells the client to reset the document view that sent the request (e.g. clear the form).

  • 206Partial Content

    2xx

    Used in response to a Range request — the body contains only the requested byte range.

  • 300Multiple Choices

    3xx

    The resource has multiple representations; the client must pick one.

  • 301Moved Permanently

    3xx

    The resource has a new permanent URL. Search engines update their index.

  • 302Found

    3xx

    The resource is temporarily at a different URL. Use 307 if you must keep the method.

  • 303See Other

    3xx

    After a POST, redirects the client to retrieve the result with GET (Post/Redirect/Get).

  • 304Not Modified

    3xx

    The cached copy is still fresh — sent in response to conditional GETs (ETag / If-Modified-Since).

  • 307Temporary Redirect

    3xx

    Like 302 but the request method must not be changed when following the redirect.

  • 308Permanent Redirect

    3xx

    Like 301 but the request method must not be changed when following the redirect.

  • 400Bad Request

    4xx

    The server cannot or will not process the request because of a client error (malformed syntax, invalid framing).

  • 401Unauthorized

    4xx

    Authentication is required and has failed or has not been provided. (Despite the name, it is about authentication, not authorization.)

  • 402Payment Required

    4xx

    Reserved for future use. Sometimes used by APIs to indicate the user has hit a paid quota.

  • 403Forbidden

    4xx

    The server understood the request but refuses to authorize it. Re-authenticating will not help.

  • 404Not Found

    4xx

    The server cannot find the requested resource.

  • 405Method Not Allowed

    4xx

    The request method is known by the server but is not supported by the target resource.

  • 406Not Acceptable

    4xx

    The server cannot produce a response matching the Accept headers sent by the client.

  • 407Proxy Authentication Required

    4xx

    Like 401 but authentication is needed for a proxy.

  • 408Request Timeout

    4xx

    The server timed out waiting for the request.

  • 409Conflict

    4xx

    The request conflicts with the current state of the target resource (e.g. version conflict).

  • 410Gone

    4xx

    The resource has been permanently deleted, with no forwarding address.

  • 411Length Required

    4xx

    The server requires a Content-Length header.

  • 412Precondition Failed

    4xx

    A precondition in the request headers (e.g. If-Match) was not met by the server.

  • 413Payload Too Large

    4xx

    The request body is larger than the server is willing to process.

  • 414URI Too Long

    4xx

    The URI is longer than the server is willing to interpret.

  • 415Unsupported Media Type

    4xx

    The request body uses a media type the server or resource does not support.

  • 416Range Not Satisfiable

    4xx

    The Range header asks for a portion of the file outside its bounds.

  • 418I'm a teapot

    4xx

    An April Fools joke from RFC 2324. Returned by servers that refuse to brew coffee.

  • 421Misdirected Request

    4xx

    The request was sent to a server unable to produce a response (e.g. wrong HTTP/2 connection).

  • 422Unprocessable Entity

    4xx

    The request is well-formed but contains semantic errors (commonly used by APIs for validation failures).

  • 423Locked

    4xx

    WebDAV — the resource being accessed is locked.

  • 425Too Early

    4xx

    The server is unwilling to process a request that might be replayed.

  • 426Upgrade Required

    4xx

    The client must upgrade to a different protocol (e.g. TLS) to complete the request.

  • 428Precondition Required

    4xx

    The server requires the request to be conditional (helps avoid the lost-update problem).

  • 429Too Many Requests

    4xx

    The client has sent too many requests in a given time (rate limiting).

  • 431Request Header Fields Too Large

    4xx

    The server refuses the request because a header field — or the headers in total — is too large.

  • 451Unavailable For Legal Reasons

    4xx

    The resource is unavailable for legal reasons (named after Fahrenheit 451).

  • 500Internal Server Error

    5xx

    The server hit an unexpected condition. The catch-all 5xx error.

  • 501Not Implemented

    5xx

    The server does not recognize the request method.

  • 502Bad Gateway

    5xx

    The server, acting as a gateway, received an invalid response from the upstream server.

  • 503Service Unavailable

    5xx

    The server is not ready to handle the request — usually overloaded or down for maintenance.

  • 504Gateway Timeout

    5xx

    The server, acting as a gateway, did not get a response in time from the upstream server.

  • 505HTTP Version Not Supported

    5xx

    The server does not support the HTTP version used in the request.

  • 507Insufficient Storage

    5xx

    WebDAV — the server cannot store the representation needed to complete the request.

  • 508Loop Detected

    5xx

    WebDAV — the server detected an infinite loop while processing.

  • 511Network Authentication Required

    5xx

    The client needs to authenticate to gain network access (captive portals).

What are HTTP status codes?

HTTP status codes are the three-digit numbers a server returns at the top of every response to summarize what happened. They're how browsers, clients, proxies, and CDNs decide whether to cache, redirect, retry, or surface an error to the user.

Every status code falls into one of five classes based on its first digit: 1xx informational, 2xx success, 3xx redirection, 4xx client error, 5xx server error. Once you know the class, you usually know the rough meaning even before looking up the specific code.

Most apps only use a small core (200, 201, 204, 301, 302, 304, 400, 401, 403, 404, 409, 422, 429, 500, 502, 503). Knowing what each one *means* — and the difference between 401 Unauthorized and 403 Forbidden, or 301 Moved Permanently and 302 Found — is what makes you a stronger backend or API developer.

What you'll learn while using this reference

  • The first digit always tells you the class: 1xx info, 2xx success, 3xx redirect, 4xx client error, 5xx server error.
  • Status codes are *part of the contract* an API offers — clients should branch on them, not parse error messages out of the body.
  • 4xx means the client got something wrong (bad input, missing auth, missing resource). 5xx means the server failed regardless of what the client did.

How to use the status code reference step by step

  1. Search by code or name

    Type a number (404, 429) or a keyword (auth, redirect, rate limit) and the matching codes filter live.

  2. Filter by class

    Use the class chips (1xx, 2xx, 3xx, 4xx, 5xx) to narrow the list when you're exploring rather than searching.

  3. Read the plain-English explanation

    Each entry includes when the code is sent, the typical client behavior, and the most common cause.

  4. Compare related codes

    Use the see-also links between confusing pairs (401 vs 403, 301 vs 302) to pick the right one for your API.

HTTP status code classes

The five classes of HTTP status codes and what they mean at a glance. Defined by RFC 9110 and registered in the IANA HTTP Status Code Registry.

ClassMeaningCommon codes
1xx InformationalRequest received, processing100, 101, 103
2xx SuccessThe request worked200, 201, 204, 206
3xx RedirectionLook somewhere else301, 302, 304, 307, 308
4xx Client errorSomething is wrong with the request400, 401, 403, 404, 409, 422, 429
5xx Server errorThe server failed to fulfill a valid request500, 502, 503, 504

Common HTTP status codes to know

200 OK vs 201 Created vs 204 No Content

200 OK

The standard "everything worked" response, with a body.

201 Created

A new resource was created as a result of the request — usually after a POST.

204 No Content

Success, but no body. Common after DELETE or PUT calls that don't need to return data.

All three are success codes — the difference is what the response carries. 201 should include a Location header pointing at the new resource; 204 is empty by definition.

301 Moved Permanently vs 302 Found

301

Permanent redirect. Browsers and search engines remember it; the old URL is effectively dead.

302

Temporary redirect. Browsers re-check the original URL on each request; bookmarks stay on the old URL.

Use 301 when you've actually moved a resource (rebrand, URL restructure). Use 302 for short-lived redirects like A/B tests, login redirects, or maintenance pages.

401 Unauthorized vs 403 Forbidden

401

You aren't authenticated. The server doesn't know who you are.

403

The server knows who you are, but you don't have permission for this resource.

If sending different credentials might fix it, return 401. If no credentials would help (the resource is just off-limits to this user), return 403.

500 vs 502 vs 503 vs 504

500

Generic server error — your code threw an unhandled exception.

502

Bad gateway — a proxy in front (CDN, load balancer) couldn't reach the upstream server.

503

Service unavailable — the server is up but overloaded or in maintenance mode.

504

Gateway timeout — a proxy reached upstream but didn't get a response in time.

All four are server errors, but they tell debuggers very different stories. 500 is your app; 502 and 504 point at the network path; 503 points at capacity.

Common HTTP status code mistakes

  • Returning 200 OK with {"error": "..."} in the body. Status codes are part of the contract — use the right one (400, 404, 500) so clients can branch on it.
  • Using 401 for permission errors. 401 is for authentication; permission denials are 403.
  • Using 200 for newly created resources instead of 201 with a Location header.

HTTP Status Code FAQ

What does HTTP 404 mean?
404 Not Found means the server understood the request but the resource at that URL does not exist. Most often the path is wrong, the resource was deleted, or the URL was mistyped.
What is the difference between 401 and 403?
401 Unauthorized means you are not authenticated — the server doesn't know who you are. 403 Forbidden means you are authenticated but don't have permission for the resource. Sending different credentials might fix 401; it won't fix 403.
What is the difference between 301 and 302?
301 Moved Permanently is a permanent redirect — browsers and search engines update their records. 302 Found is a temporary redirect — clients keep visiting the original URL. Use 301 for permanent moves, 302 for temporary detours.
What does HTTP 500 mean?
500 Internal Server Error is a generic server-side error, usually thrown when an unhandled exception bubbles up. The client did nothing wrong — your server failed to process a valid request.
Should I always use a specific status code?
Yes. Generic 200 OK for failures or 500 for everything wrong makes APIs harder to use. Pick the most specific code that fits — clients, proxies, monitors, and retry logic all branch on the status code.
What does HTTP 429 mean?
429 Too Many Requests is sent when a client has hit a rate limit. The response should include a Retry-After header telling the client when it's safe to try again.

Learn more

Other developer tools

Cron Expression Generator

Build, decode, and preview cron schedules with the next run times.

Learn to code with Coddy

GET STARTED