§ 01 / TOOL

HTTP Status Codes.

STATUS READYCODES 69SOURCE RFC 9110 + IANA

> SEARCH

BY CODE OR NAME

STATUS CODES.

69 OF 69

100
Continue
Initial part of request received; client should continue with the body.
Informational
101
Switching Protocols
Server is switching to the protocol the client requested via Upgrade.
Informational
102
Processing
WebDAV — request is being processed; no response yet.// WebDAV
Informational
103
Early Hints
Preview of headers (e.g. <link rel=preload>) before the full response.
Informational
200
OK
Standard success.
Success
201
Created
Request succeeded and a new resource was created.
Success
202
Accepted
Request accepted but not yet acted on (async).
Success
203
Non-Authoritative Information
Returned info is from a transforming proxy, not the origin.
Success
204
No Content
Success with empty body. Common for DELETE.
Success
205
Reset Content
Tell client to reset the document view (rare).
Success
206
Partial Content
Range request succeeded; only part of the resource is in the body.
Success
207
Multi-Status
WebDAV — multiple status codes for multiple operations.// WebDAV
Success
208
Already Reported
WebDAV — members already enumerated; not repeated.// WebDAV
Success
226
IM Used
Delta encoding — response is the result of one or more instance-manipulations.// RFC 3229
Success
300
Multiple Choices
Multiple response options; client must choose.
Redirection
301
Moved Permanently
Resource moved permanently. Update bookmarks.
Redirection
302
Found
Temporary redirect; method may change to GET historically. Use 307/308 for clarity.
Redirection
303
See Other
Get the resource at a different URI, typically with GET.
Redirection
304
Not Modified
Cached version is still valid; no body returned.
Redirection
305
Use Proxy
Deprecated.// deprecated
Redirection
307
Temporary Redirect
Like 302 but the request method MUST be preserved.
Redirection
308
Permanent Redirect
Like 301 but the request method MUST be preserved.
Redirection
400
Bad Request
Server cannot process due to malformed syntax.
Client error
401
Unauthorized
Missing/invalid authentication. (Despite the name, it’s about auth, not permissions.)
Client error
402
Payment Required
Reserved for future use; rarely seen in practice.
Client error
403
Forbidden
Authenticated but not authorized for this resource.
Client error
404
Not Found
Resource doesn’t exist (or server doesn’t admit it does).
Client error
405
Method Not Allowed
HTTP method (GET/POST/etc.) not supported on this resource.
Client error
406
Not Acceptable
Server can’t produce a response matching the Accept-* headers.
Client error
407
Proxy Authentication Required
Client must authenticate with the proxy.
Client error
408
Request Timeout
Server gave up waiting for the request.
Client error
409
Conflict
Request conflicts with current state (e.g. edit conflict, duplicate entry).
Client error
410
Gone
Resource permanently removed; no forwarding address.
Client error
411
Length Required
Server requires Content-Length header.
Client error
412
Precondition Failed
A precondition (If-Match, If-None-Match, etc.) failed.
Client error
413
Content Too Large
Request body exceeded server’s limit.
Client error
414
URI Too Long
URL exceeded server’s length limit.
Client error
415
Unsupported Media Type
Request body in a format the server can’t process.
Client error
416
Range Not Satisfiable
Requested range outside the resource size.
Client error
417
Expectation Failed
Server can’t meet the Expect header requirements.
Client error
418
I’m a teapot
April Fools’ RFC 2324; some APIs use it for fun.// RFC 2324
Client error
421
Misdirected Request
Request sent to a server unable to produce a response (HTTP/2 connection coalescing).
Client error
422
Unprocessable Content
Syntactically valid but semantically wrong (validation error).
Client error
423
Locked
WebDAV — resource is locked.// WebDAV
Client error
424
Failed Dependency
WebDAV — depended on a request that failed.// WebDAV
Client error
425
Too Early
Server unwilling to risk processing a request that might be replayed.
Client error
426
Upgrade Required
Client must switch to a different protocol.
Client error
428
Precondition Required
Origin requires the request to be conditional.
Client error
429
Too Many Requests
Rate limited. Retry-After header tells you when to try again.
Client error
431
Request Header Fields Too Large
Headers exceeded server limit.
Client error
451
Unavailable For Legal Reasons
Censored / takedown. Named after Fahrenheit 451.
Client error
500
Internal Server Error
Catch-all server failure. Logs are your friend.
Server error
501
Not Implemented
Server doesn’t support the requested method.
Server error
502
Bad Gateway
Upstream server returned an invalid response.
Server error
503
Service Unavailable
Server temporarily unable to handle request (overloaded, down for maintenance).
Server error
504
Gateway Timeout
Upstream server didn’t respond in time.
Server error
505
HTTP Version Not Supported
Server doesn’t support the HTTP version in the request.
Server error
506
Variant Also Negotiates
Internal config error in transparent content negotiation.
Server error
507
Insufficient Storage
WebDAV — server out of space to store the representation.// WebDAV
Server error
508
Loop Detected
WebDAV — infinite loop detected while processing.// WebDAV
Server error
510
Not Extended
Further extensions required to fulfill the request.// deprecated
Server error
511
Network Authentication Required
Captive portal — must authenticate to gain network access.
Server error
520
Web Server Returned Unknown Error
Cloudflare — origin returned something Cloudflare couldn’t parse.// Cloudflare
Server error
521
Web Server Is Down
Cloudflare — couldn’t reach the origin.// Cloudflare
Server error
522
Connection Timed Out
Cloudflare — TCP handshake to origin timed out.// Cloudflare
Server error
523
Origin Is Unreachable
Cloudflare — DNS or routing failure to origin.// Cloudflare
Server error
524
A Timeout Occurred
Cloudflare — origin took too long to respond after TCP connection.// Cloudflare
Server error
525
SSL Handshake Failed
Cloudflare — TLS handshake to origin failed.// Cloudflare
Server error
526
Invalid SSL Certificate
Cloudflare — origin’s TLS cert failed validation.// Cloudflare
Server error

§ 02 / ABOUT

The five classes.

HTTP status codes are three-digit numbers grouped into five classes by the leading digit. The class tells you who’s responsible — informational, success, redirect, client mistake, or server mistake.

// THE CLASSES

1xx Informational — Provisional response. Continue, Switching Protocols, Early Hints.
2xx Success — Worked. 200 OK, 201 Created, 204 No Content.
3xx Redirection — Resource is elsewhere. 301 permanent, 302/307 temporary, 304 cached version OK.
4xx Client error — Your request is bad. 400 syntax, 401 auth, 403 forbidden, 404 missing, 429 rate limit.
5xx Server error — Our problem. 500 generic crash, 502 upstream broken, 503 overloaded, 504 upstream timeout.

// WHAT TO DO WITH EACH

2xx — Process the response. Done.
3xx — Follow the Location header. Most HTTP clients do this automatically.
4xx — Fix the request. Don’t retry without changes — it’ll fail again.
429 — Wait. Honor Retry-After header. Backoff exponentially if the server didn’t specify.
5xx — Retry with backoff. Server-side issue, often transient.

§ 03 / FAQ

Status code questions.

What’s the difference between 401 and 403?+

401 Unauthorized means "you didn’t authenticate" — no credentials, expired token, etc. 403 Forbidden means "you authenticated, but you’re not allowed." Confusingly, both are about access — but 401 is identity, 403 is permission.

301 vs 302 vs 307 vs 308 — which redirect should I use?+

301 = permanent, 302 = temporary, 307 = temporary (preserves method), 308 = permanent (preserves method). Modern best practice: use 307/308 instead of 302/301 because they explicitly preserve POST/PUT/DELETE — older 301/302 implementations would silently switch to GET on redirect.

What does 422 actually mean?+

The request was syntactically valid (parsed fine) but failed semantic validation — e.g. JSON body schema violations, missing required fields, value out of range. APIs use it for "your input is well-formed but wrong."

What’s a 5xx I should actually fix vs let alone?+

500/502/503/504 are infrastructure problems — fix or escalate. 501 means a method isn’t implemented (often expected, e.g. HEAD on certain endpoints). Cloudflare 520-526 are origin issues — debug your backend, not Cloudflare.

Is 418 I’m a teapot real?+

It’s an April Fools’ RFC from 1998 (RFC 2324, Hyper Text Coffee Pot Control Protocol). Not in the standard HTTP set, but enough APIs use it as a joke or rate-limit signal that it’s widely supported. Node’s http module recognizes it.

§ 04 / TOOLS

Related calculators.

§ 05 / READING