HTTP Status Code Reference

The server has received the initial part of the request and the client should continue with the request body. This is used with the Expect: 100-continue header to avoid sending a large body if the server would reject it.

HTTP/1.1 100 Continue

The server understands the Upgrade header field and agrees to switch to the protocol indicated. Commonly used when upgrading from HTTP to WebSocket.

HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade

A WebDAV status code indicating the server has received the request and is processing it, but no response is available yet. Prevents the client from timing out.

HTTP/1.1 102 Processing

Used to return some response headers before the final HTTP message. Allows the browser to start preloading resources while the server is still preparing the full response.

HTTP/1.1 103 Early Hints
Link: </style.css>; rel=preload; as=style

The standard success response. The meaning of the success depends on the HTTP method: GET returns the resource, POST returns the result of the action, etc.

HTTP/1.1 200 OK
Content-Type: application/json

{"status": "ok"}

Typically returned after a POST or PUT request. The response should include a Location header pointing to the newly created resource.

HTTP/1.1 201 Created
Location: /api/users/42

The request has been accepted but processing has not finished. Used for asynchronous operations where the server queues work for later execution.

HTTP/1.1 202 Accepted

{"jobId": "abc-123", "status": "queued"}

The returned metadata is not exactly the same as available from the origin server. Typically used when a proxy or intermediary has modified the response.

HTTP/1.1 203 Non-Authoritative Information

The server has successfully fulfilled the request and there is no additional content to return. Commonly used for DELETE operations or successful updates that do not need a response body.

HTTP/1.1 204 No Content

The server has fulfilled the request and the client should reset the document view (e.g., clear a form). No response body is sent.

HTTP/1.1 205 Reset Content

The server is returning part of the resource in response to a Range request. Used for resumable downloads and streaming. The Content-Range header indicates which part is being returned.

HTTP/1.1 206 Partial Content
Content-Range: bytes 0-1023/4096

A WebDAV status code that provides status for multiple independent operations in a single response body, encoded as XML.

HTTP/1.1 207 Multi-Status
Content-Type: application/xml

A WebDAV status code used inside a 207 Multi-Status response to avoid repeatedly enumerating the internal members of multiple bindings to the same collection.

HTTP/1.1 208 Already Reported

The server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance.

HTTP/1.1 226 IM Used
IM: feed

The requested resource has multiple representations, each with its own specific location. The client can select the most appropriate one.

HTTP/1.1 300 Multiple Choices

The requested resource has been permanently moved to the URL given by the Location header. Search engines will update their link to the new URL. Browsers cache this redirect.

HTTP/1.1 301 Moved Permanently
Location: https://example.com/new-path

The resource temporarily resides at a different URI. The client should continue to use the original URI for future requests. Historically ambiguous about method preservation; use 303 or 307 for clarity.

HTTP/1.1 302 Found
Location: https://example.com/temporary

The server is redirecting the client to a different resource using a GET request. Commonly used after a POST to redirect the client to a result page.

HTTP/1.1 303 See Other
Location: /confirmation

Returned when the client sends a conditional request (If-None-Match or If-Modified-Since) and the resource has not changed. The client should use its cached version. No body is sent.

HTTP/1.1 304 Not Modified
ETag: "abc123"

Similar to 302, but explicitly requires the client to use the same HTTP method and body when following the redirect. Introduced to resolve the ambiguity of 302.

HTTP/1.1 307 Temporary Redirect
Location: https://example.com/temp

Similar to 301, but explicitly requires the client to use the same HTTP method and body when following the redirect. Prevents method change from POST to GET.

HTTP/1.1 308 Permanent Redirect
Location: https://example.com/new

The server cannot process the request due to a client error such as malformed syntax, invalid request message framing, or deceptive request routing.

HTTP/1.1 400 Bad Request

{"error": "Invalid JSON in request body"}

The request requires authentication. The response must include a WWW-Authenticate header indicating the applicable authentication scheme. Despite the name, this is about authentication, not authorisation.

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer

Reserved for future use. Some APIs use this to indicate that payment is required to access the resource, but there is no standard convention.

HTTP/1.1 402 Payment Required

The client does not have permission to access the requested resource. Unlike 401, re-authenticating will not help — the server knows who you are but you lack access.

HTTP/1.1 403 Forbidden

{"error": "You do not have access to this resource"}

The server cannot find the requested resource. In the browser, this means the URL is not recognised. In an API, this can mean the endpoint is valid but the specific resource does not exist.

HTTP/1.1 404 Not Found

{"error": "User not found"}

The request method is known by the server but is not supported by the target resource. The response must include an Allow header listing the supported methods.

HTTP/1.1 405 Method Not Allowed
Allow: GET, HEAD

The server cannot produce a response matching the list of acceptable values defined in the request's Accept, Accept-Encoding, or Accept-Language headers.

HTTP/1.1 406 Not Acceptable

Similar to 401, but the client must first authenticate itself with the proxy. The proxy must return a Proxy-Authenticate header.

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic

The server did not receive a complete request within the time it was prepared to wait. The client may repeat the request without modifications.

HTTP/1.1 408 Request Timeout

The request could not be completed due to a conflict with the current state of the target resource. Often used in version control or when two clients try to modify the same resource simultaneously.

HTTP/1.1 409 Conflict

{"error": "Resource version mismatch"}

The target resource is no longer available at the server and no forwarding address is known. Unlike 404, this indicates the condition is permanent.

HTTP/1.1 410 Gone

The server refuses to accept the request without a defined Content-Length header. The client may repeat the request with the header added.

HTTP/1.1 411 Length Required

One or more conditions given in the request header fields (such as If-Match or If-Unmodified-Since) evaluated to false when tested on the server.

HTTP/1.1 412 Precondition Failed

The request entity is larger than the server is willing or able to process. The server may close the connection or return a Retry-After header.

HTTP/1.1 413 Content Too Large

The URI provided was too long for the server to process. This often happens when a client converts a POST request to a GET with long query parameters.

HTTP/1.1 414 URI Too Long

The origin server is refusing to service the request because the payload is in a format not supported by the target resource for the requested method.

HTTP/1.1 415 Unsupported Media Type

The client has asked for a portion of the file (byte serving), but the server cannot supply that range. For example, the requested range is beyond the end of the file.

HTTP/1.1 416 Range Not Satisfiable
Content-Range: bytes */4096

The expectation given in the request's Expect header could not be met by the server.

HTTP/1.1 417 Expectation Failed

Defined by RFC 2324 (Hyper Text Coffee Pot Control Protocol) as an April Fools' joke. The server refuses the attempt to brew coffee with a teapot. Some servers implement it as an Easter egg.

HTTP/1.1 418 I'm a Teapot

The request was directed at a server that is not able to produce a response. This can happen when a connection is reused for a request to a different host that the server is not configured to handle.

HTTP/1.1 421 Misdirected Request

The server understands the content type and the syntax is correct, but it was unable to process the contained instructions. Commonly used for validation errors in APIs.

HTTP/1.1 422 Unprocessable Content

{"errors": [{"field": "email", "message": "Invalid format"}]}

A WebDAV status code indicating the source or destination resource is locked and the request cannot be completed.

HTTP/1.1 423 Locked

A WebDAV status code indicating the method could not be performed on the resource because the requested action depended on another action which failed.

HTTP/1.1 424 Failed Dependency

The server is unwilling to risk processing a request that might be replayed. Designed to prevent replay attacks with TLS 1.3 early data (0-RTT).

HTTP/1.1 425 Too Early

The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol.

HTTP/1.1 426 Upgrade Required
Upgrade: TLS/1.3

The server requires the request to include conditional headers (like If-Match) to prevent the lost update problem where multiple clients modify a resource simultaneously.

HTTP/1.1 428 Precondition Required

The user has exceeded the rate limit. The response may include a Retry-After header indicating how long to wait before making a new request.

HTTP/1.1 429 Too Many Requests
Retry-After: 60

The server is unwilling to process the request because its header fields are too large. The request may be resubmitted after reducing the size of the request header fields.

HTTP/1.1 431 Request Header Fields Too Large

The server is denying access to the resource as a consequence of a legal demand. Named after Ray Bradbury's novel Fahrenheit 451.

HTTP/1.1 451 Unavailable For Legal Reasons

A generic error message indicating the server encountered an unexpected condition that prevented it from fulfilling the request. This is a catch-all for unhandled errors.

HTTP/1.1 500 Internal Server Error

{"error": "Something went wrong"}

The server does not support the functionality required to fulfil the request. This is the appropriate response when the server does not recognise the request method.

HTTP/1.1 501 Not Implemented

The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfil the request.

HTTP/1.1 502 Bad Gateway

The server is not ready to handle the request. Common causes include a server that is down for maintenance or is overloaded. The response should include a Retry-After header when possible.

HTTP/1.1 503 Service Unavailable
Retry-After: 300

The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server needed to complete the request.

HTTP/1.1 504 Gateway Timeout

The server does not support the major version of HTTP that was used in the request message.

HTTP/1.1 505 HTTP Version Not Supported

The server has an internal configuration error: the chosen variant resource is configured to engage in content negotiation itself, resulting in a circular reference.

HTTP/1.1 506 Variant Also Negotiates

A WebDAV status code indicating the server is unable to store the representation needed to successfully complete the request. This is a temporary condition.

HTTP/1.1 507 Insufficient Storage

A WebDAV status code indicating the server terminated an operation because it encountered an infinite loop while processing a request with Depth: infinity.

HTTP/1.1 508 Loop Detected

The policy for accessing the resource has not been met in the request. The server should send back all the information necessary for the client to issue an extended request.

HTTP/1.1 510 Not Extended

The client needs to authenticate to gain network access. Typically used by captive portals (e.g., hotel or airport Wi-Fi) to intercept traffic and redirect users to a login page.

HTTP/1.1 511 Network Authentication Required