Every HTTP status code explained in plain English -- from the everyday 200s and 404s to the obscure 418 teapot and 451 legal block. A quick-reference cheat sheet for devs.
There's this viral reel going around about Kiki and the 404 -- a developer's reaction to Kiki's 404!
HTTP response status codes are numbers that tell you what happened when the server tried to handle a client's request. (Based on RFC 7231)
The server received the request and processing is still ongoing.
| Code | Name | Description |
|---|---|---|
| 100 | Continue | Initial part of the request received, keep going |
| 101 | Switching Protocols | Protocol switch approved (e.g., HTTP to WebSocket) |
| 102 | Processing | Request is being processed but no response yet (WebDAV) |
| 103 | Early Hints | Some headers sent ahead of the final response |
The request was successfully received, understood, and processed.
| Code | Name | Description |
|---|---|---|
| 200 | OK | Request succeeded. The most basic success response |
| 201 | Created | Resource created. Typically used after a successful POST |
| 202 | Accepted | Request received but not yet processed (async job) |
| 203 | Non-Authoritative Information | Response transformed by a proxy |
| 204 | No Content | Success but no body to return. Used for DELETE, etc. |
| 205 | Reset Content | Asks the client to reset the view |
| 206 | Partial Content | Partial response for a Range request (resumable downloads, etc.) |
| 207 | Multi-Status | Compound status for multiple resources (WebDAV) |
| 208 | Already Reported | Already-enumerated resource (WebDAV) |
| 226 | IM Used | Response with instance manipulation applied |
Additional action is needed to complete the request.
| Code | Name | Description |
|---|---|---|
| 300 | Multiple Choices | Multiple options available |
| 301 | Moved Permanently | Resource permanently moved to a new URL |
| 302 | Found | Temporary redirect to a different URL |
| 303 | See Other | Go look at another URI with GET |
| 304 | Not Modified | Cached version is still good (conditional request) |
| 307 | Temporary Redirect | Temporary redirect (preserves HTTP method) |
| 308 | Permanent Redirect | Permanent redirect (preserves HTTP method) |
301 vs 308: With 301, the method can change to GET on redirect. 308 keeps the original method. Same relationship applies to 302 and 307.
Something's wrong with the request itself, so the server can't process it.
| Code | Name | Description |
|---|---|---|
| 400 | Bad Request | Malformed request syntax or parameters |
| 401 | Unauthorized | Authentication required. You're not logged in |
| 402 | Payment Required | Payment needed (reserved code, rarely used in practice) |
| 403 | Forbidden | Authenticated but not authorized |
| 404 | Not Found | Requested resource doesn't exist |
| 405 | Method Not Allowed | HTTP method not supported for this endpoint |
| 406 | Not Acceptable | No response matching the Accept header |
| 407 | Proxy Authentication Required | Proxy authentication needed |
| 408 | Request Timeout | Request timed out |
| 409 | Conflict | Resource state conflict (concurrent edits, duplicates, etc.) |
| 410 | Gone | Resource permanently deleted. Unlike 404, it means "it used to exist" |
| 411 | Length Required | Content-Length header required |
| 412 | Precondition Failed | Precondition header (If-Match, etc.) not met |
| 413 | Payload Too Large | Request body exceeds server's size limit |
| 414 | URI Too Long | URI too long to process |
| 415 | Unsupported Media Type | Unsupported Content-Type |
| 416 | Range Not Satisfiable | Requested Range is invalid |
| 417 | Expectation Failed | Expect header condition not met |
| 418 | I'm a Teapot ☕ | April Fools' joke from RFC 2324 -- "I'm a teapot" |
| 421 | Misdirected Request | Request sent to the wrong server |
| 422 | Unprocessable Entity | Syntax is fine but semantically invalid. Validation failures |
| 423 | Locked | Resource is locked (WebDAV) |
| 424 | Failed Dependency | Cascading failure from a previous request (WebDAV) |
| 425 | Too Early | Risk of TLS Early Data replay |
| 426 | Upgrade Required | Protocol upgrade needed |
| 428 | Precondition Required | Conditional request (If-Match, etc.) mandatory |
| ⭐ 429 | Too Many Requests | Rate limit exceeded. You've hit the API call limit |
| 431 | Request Header Fields Too Large | Request headers are too big |
| 451 | Unavailable For Legal Reasons | Blocked for legal reasons. Number comes from the novel Fahrenheit 451 |
401 vs 403: 401 is "who are you?" (not authenticated), 403 is "I know who you are, but no" (not authorized). They get mixed up a lot, but they mean different things.
The server failed while trying to process the request.
| Code | Name | Description |
|---|---|---|
| 500 | Internal Server Error | Internal server error. Catch-all for unhandled exceptions |
| 501 | Not Implemented | Server doesn't support this feature |
| 502 | Bad Gateway | Gateway/proxy got a bad response from upstream |
| 503 | Service Unavailable | Server overloaded or under maintenance |
| 504 | Gateway Timeout | Gateway/proxy didn't get an upstream response in time |
| 505 | HTTP Version Not Supported | Server doesn't support the requested HTTP version |
| 506 | Variant Also Negotiates | Content negotiation loop error |
| 507 | Insufficient Storage | Not enough storage space (WebDAV) |
| 508 | Loop Detected | Infinite loop detected (WebDAV) |
| 510 | Not Extended | Further extensions required |
| 511 | Network Authentication Required | Network authentication needed (captive portals, etc.) |
502 vs 504: Both involve the server behind a gateway (Nginx, load balancer, etc.). 502 means "a response came back but it was bad", 504 means "no response came back at all (timeout)".
Here are the ones you'll actually use day-to-day. That's it!
| Scenario | Codes |
|---|---|
| Success | 200, 201, 204 |
| Redirect | 301, 302, 304 |
| Client's fault | 400, 401, 403, 404 |
| Validation/Conflict | 409, 422 |
| Rate Limit | 429 |
| Server issue | 500, 502, 503, 504 |
Written by
PM & builder. Co-founder of Sapienta.