Developer Toolkit IconDeveloper Toolkit

HTTP Status Codes

Your data never leaves your browser

Complete reference for all HTTP status codes. Search, filter by category, and copy any code instantly.

62 status codes
  • 100
    Continue1xx

    The server has received the request headers. The client should proceed to send the request body.

  • 101
    Switching Protocols1xx

    The server is switching protocols as requested by the client, e.g. upgrading to WebSocket.

  • 102
    Processing1xx

    The server has received and is processing the request, but no response is available yet.

  • 103
    Early Hints1xx

    Used to return some response headers before the final HTTP message, allowing preloading of resources.

  • 200
    OK2xx

    The request succeeded. The response body contains the requested resource or result.

  • 201
    Created2xx

    The request succeeded and a new resource was created. Typically returned after POST.

  • 202
    Accepted2xx

    The request has been accepted for processing but has not been completed yet.

  • 203
    Non-Authoritative Information2xx

    The returned metadata was collected from a local or third-party copy, not from the origin server.

  • 204
    No Content2xx

    The request succeeded but there is no content to return. Common for DELETE and some PUT requests.

  • 205
    Reset Content2xx

    The request succeeded. The client should reset the document view, e.g. clear a form.

  • 206
    Partial Content2xx

    The server is delivering only part of the resource due to a Range header in the request.

  • 207
    Multi-Status2xx

    A WebDAV response that conveys information about multiple resources and operations.

  • 208
    Already Reported2xx

    Used in WebDAV to avoid enumerating the same bindings multiple times in a response.

  • 226
    IM Used2xx

    The server has fulfilled a GET request and the response is the result of one or more instance manipulations.

  • 300
    Multiple Choices3xx

    The request has more than one possible response. The user or user agent should choose one.

  • 301
    Moved Permanently3xx

    The URL has permanently changed. The new URL is given in the Location header. Search engines update their index.

  • 302
    Found3xx

    The URL has temporarily changed. The client should continue using the original URL for future requests.

  • 303
    See Other3xx

    The response to the request can be found at another URL using GET, often used after a POST.

  • 304
    Not Modified3xx

    The cached version of the resource is still valid. The client can use the cached copy.

  • 305
    Use Proxy3xx

    Deprecated. The requested resource must be accessed through a proxy.

  • 307
    Temporary Redirect3xx

    The URL has temporarily changed. The client must use the same HTTP method for the redirect request.

  • 308
    Permanent Redirect3xx

    The URL has permanently changed. The client must use the same HTTP method for all future requests.

  • 400
    Bad Request4xx

    The server cannot process the request due to malformed syntax, invalid request message, or deceptive routing.

  • 401
    Unauthorized4xx

    Authentication is required and has failed or has not been provided. The client must authenticate to get the resource.

  • 402
    Payment Required4xx

    Reserved for future use. Some APIs use it to indicate a payment or quota limit has been reached.

  • 403
    Forbidden4xx

    The server understood the request but refuses to authorize it. Unlike 401, re-authenticating will not help.

  • 404
    Not Found4xx

    The server cannot find the requested resource. The URL is not recognized or the resource does not exist.

  • 405
    Method Not Allowed4xx

    The HTTP method used is not supported for this resource. The Allow header lists supported methods.

  • 406
    Not Acceptable4xx

    The server cannot produce a response matching the list of acceptable values in the request's Accept headers.

  • 407
    Proxy Authentication Required4xx

    The client must first authenticate with the proxy server before this request can be served.

  • 408
    Request Timeout4xx

    The server timed out waiting for the request. The client should send the request again.

  • 409
    Conflict4xx

    The request conflicts with the current state of the server, e.g. a duplicate resource or edit conflict.

  • 410
    Gone4xx

    The resource has been permanently deleted and will not be available again. Clients should remove cached links.

  • 411
    Length Required4xx

    The request did not specify the Content-Length, which is required by the server.

  • 412
    Precondition Failed4xx

    The server does not meet one of the preconditions specified in the request headers (If-Match, If-None-Match, etc.).

  • 413
    Content Too Large4xx

    The request body is larger than the server is willing or able to process.

  • 414
    URI Too Long4xx

    The URI provided in the request is too long for the server to process.

  • 415
    Unsupported Media Type4xx

    The media format of the requested data is not supported by the server.

  • 416
    Range Not Satisfiable4xx

    The range specified by the Range header in the request cannot be fulfilled by the server.

  • 417
    Expectation Failed4xx

    The expectation indicated in the Expect request header cannot be met by the server.

  • 418
    I'm a Teapot4xx

    An April Fools joke in RFC 2324. Some APIs use it humorously for intentionally unsupported operations.

  • 421
    Misdirected Request4xx

    The request was directed at a server that is not able to produce a response.

  • 422
    Unprocessable Content4xx

    The request is well-formed but contains semantic errors, e.g. a validation error in a REST API body.

  • 423
    Locked4xx

    The resource that is being accessed is locked. Used in WebDAV.

  • 424
    Failed Dependency4xx

    The request failed because it depended on another request that also failed. Used in WebDAV.

  • 425
    Too Early4xx

    The server is unwilling to risk processing a request that might be replayed (related to TLS early data).

  • 426
    Upgrade Required4xx

    The client should switch to a different protocol, such as TLS/1.0.

  • 428
    Precondition Required4xx

    The origin server requires the request to be conditional to prevent the lost-update problem.

  • 429
    Too Many Requests4xx

    The client has sent too many requests in a given amount of time. Rate limiting is in effect.

  • 431
    Request Header Fields Too Large4xx

    The server refuses to process the request because the header fields are too large.

  • 451
    Unavailable For Legal Reasons4xx

    The resource is unavailable due to a legal demand, such as a government-issued takedown or geo-restriction.

  • 500
    Internal Server Error5xx

    The server encountered an unexpected condition that prevented it from fulfilling the request.

  • 501
    Not Implemented5xx

    The HTTP method is not supported by the server and cannot be handled.

  • 502
    Bad Gateway5xx

    The server, acting as a gateway or proxy, received an invalid response from the upstream server.

  • 503
    Service Unavailable5xx

    The server is not ready to handle the request, typically due to maintenance or overloading.

  • 504
    Gateway Timeout5xx

    The server, acting as a gateway or proxy, did not receive a timely response from the upstream server.

  • 505
    HTTP Version Not Supported5xx

    The HTTP version used in the request is not supported by the server.

  • 506
    Variant Also Negotiates5xx

    Transparent content negotiation for the request results in a circular reference.

  • 507
    Insufficient Storage5xx

    The server is unable to store the representation needed to complete the request. Used in WebDAV.

  • 508
    Loop Detected5xx

    The server detected an infinite loop while processing the request. Used in WebDAV.

  • 510
    Not Extended5xx

    Further extensions to the request are required for the server to fulfil it.

  • 511
    Network Authentication Required5xx

    The client needs to authenticate to gain network access, e.g. a captive portal on public Wi-Fi.

Share this tool

Found it useful? Help a fellow developer discover it.

https://developertoolkit.dev/tools/http-status-codes

HTTP status code categories explained

HTTP status codes are grouped into five classes. 1xx codes are informational: the server has received the request and processing is continuing. 2xx codes indicate success: the request was received, understood, and accepted. 3xx codes handle redirection: the client needs to take additional action to complete the request, typically following a new URL. 4xx codes are client errors: the request contains bad syntax or cannot be fulfilled. These are problems the client can fix, such as a missing resource, bad authentication, or malformed request body. 5xx codes are server errors: the server failed to fulfill a valid request. These indicate a problem on the server side that the client cannot resolve by changing the request. Knowing which class a code belongs to immediately tells you whether to look for a bug in your client code or investigate the server. This reference includes all codes defined in RFC 9110 and widely used extensions like 429 and 451.

Most referenced HTTP status codes

404 Not Found

The server could not find the requested resource. This is the most common HTTP error in web development. Common causes include a typo in the URL, a resource that has been moved or deleted without a redirect, or a missing API route. For REST APIs, 404 should be returned when a specific resource (e.g. a user by ID) does not exist. Do not return 404 for a collection that is empty — an empty array with 200 is the correct response there.

401 Unauthorized

The request did not include valid authentication credentials. Despite the name, 401 is an authentication failure, not an authorization failure. The client should authenticate and retry. Common scenarios: missing or expired JWT, invalid API key, or hitting a protected endpoint without logging in first. The response should include a WWW-Authenticate header describing how to authenticate.

403 Forbidden

The server understood the request and the client is authenticated, but the client does not have permission to perform the action. Unlike 401, re-authenticating will not help. The user simply does not have the required role or ownership. For example, a regular user trying to access an admin endpoint, or a user trying to delete another user's resource, should receive 403.

500 Internal Server Error

A generic catch-all for unexpected server failures. When the server encounters a condition it was not prepared to handle, it returns 500. This is the correct default error when no more specific 5xx code applies. From the client's perspective, the request was valid and the problem is on the server. Log the full error server-side and return a safe, generic message to the client to avoid leaking implementation details.

503 Service Unavailable

The server is temporarily unable to handle the request, usually due to being overloaded or down for maintenance. Unlike 500, 503 implies the condition is temporary and the client should retry later. Including a Retry-After header is strongly recommended so clients know when to retry. Load balancers and health checks use 503 responses to pull unhealthy instances from rotation automatically.

Frequently Asked Questions

What is the difference between 200 OK and 201 Created?

200 OK means the request succeeded and the response contains the result. 201 Created means the request succeeded and a new resource was created as a result, typically in response to a POST request. REST APIs use 201 when creating resources and 200 when reading or updating them.

What is the difference between 401 Unauthorized and 403 Forbidden?

401 means the request lacks valid authentication credentials. The client can try again after authenticating. 403 means the server understood the request and the client is authenticated, but does not have permission to access the resource. Re-authenticating will not help with a 403.

When should I use 301 vs 302 redirect?

301 Moved Permanently tells clients and search engines that the URL has changed forever. They should update their bookmarks and index the new URL. 302 Found is a temporary redirect: the original URL remains valid and should not be updated. Use 301 for permanent URL changes and 302 for maintenance redirects or A/B tests.

What does 429 Too Many Requests mean in APIs?

429 is the standard rate limiting response. When an API client sends too many requests in a given time window, the server returns 429. The response often includes a Retry-After header indicating when the client can make the next request. Well-designed clients back off and retry after that interval.

What is the difference between 503 Service Unavailable and 504 Gateway Timeout?

503 means the server itself is unable to handle the request, typically because it is down for maintenance or overloaded. 504 means the server was acting as a gateway or proxy and did not receive a timely response from an upstream server. 503 is a server problem. 504 is a problem between servers.

Related Tools

URL Encoder / Decoder

Encode or decode URL components and query strings.

JWT Decoder

Decode and inspect JWT tokens. View header, payload, and signature without a secret.

Regex Tester

Test and debug regular expressions with real-time match highlighting.

Cron Expression Builder

Build and validate cron expressions with a human-readable description.