HTTP Status Codes

Continue

The server has received the request headers and the client should proceed to send the request body. This is used to optimize large request transfers by confirming the server is willing to accept the request.

Switching Protocols

The server is switching to the protocol requested by the client via the Upgrade header. Commonly used when upgrading an HTTP connection to WebSocket.

Processing

The server has received the request and is processing it, but no response is available yet. This prevents the client from timing out on long-running requests (WebDAV).

Early Hints

Used to return some response headers before the final HTTP message. Allows the browser to start preloading resources while the server prepares the full response.

OK

The request has succeeded. The meaning of the success depends on the HTTP method: GET returns the resource, POST returns the result of the action, PUT/PATCH confirms the update.

Created

The request has been fulfilled and a new resource has been created. Typically returned after a successful POST request. The response should include a Location header pointing to the new resource.

Accepted

The request has been accepted for processing, but processing has not been completed. This is useful for asynchronous operations where the result will be available later.

No Content

The server has successfully fulfilled the request but there is no content to return. Commonly used for DELETE requests or updates where no response body is needed.

Partial Content

The server is delivering only part of the resource due to a Range header sent by the client. Used for resumable downloads and streaming media content.

Multi-Status

Conveys information about multiple resources in situations where multiple status codes might be appropriate. The response body is an XML document with individual status codes (WebDAV).

Already Reported

Used inside a DAV:propstat response element to avoid enumerating the internal members of multiple bindings to the same collection repeatedly (WebDAV).

Multiple Choices

The request has more than one possible response. The user or user agent should choose one of them. There is no standardized way of choosing one of the responses.

Moved Permanently

The requested resource has been permanently moved to a new URL. Search engines will update their index to use the new URL. All future requests should use the new URI.

Found

The requested resource temporarily resides at a different URL. Unlike 301, the client should continue to use the original URL for future requests. Often used for temporary redirects.

See Other

The response to the request can be found at a different URL using a GET method. Typically used after a POST to redirect the client to a confirmation page.

Not Modified

The resource has not been modified since the version specified by the request headers (If-Modified-Since or If-None-Match). The client can use its cached copy.

Temporary Redirect

The requested resource is temporarily at a different URL. Unlike 302, the HTTP method and body must not change when following the redirect. The client should continue using the original URL.

Permanent Redirect

The resource has permanently moved to the URL specified in the Location header. Unlike 301, the HTTP method and body must not change when following the redirect.

Bad Request

The server cannot process the request due to a client error such as malformed syntax, invalid request framing, or deceptive request routing. The client should not repeat the request without modification.

Unauthorized

The request lacks valid authentication credentials. The client must authenticate itself to get the requested response. The server will include a WWW-Authenticate header describing the required scheme.

Payment Required

Reserved for future use. Originally intended for digital payment systems. Some APIs use this status code to indicate that a paid subscription or credit balance is required.

Forbidden

The server understands the request but refuses to authorize it. Unlike 401, re-authenticating will not help. The client does not have permission to access the requested resource.

Not Found

The server cannot find the requested resource. This is the most common error response on the web. It may indicate a broken link, a mistyped URL, or that the resource has been removed.

Method Not Allowed

The HTTP method used in the request is not allowed for the target resource. For example, a DELETE request on a read-only resource. The response must include an Allow header listing valid methods.

Not Acceptable

The server cannot produce a response matching the list of acceptable values defined in the request's Accept headers. The server is unable to fulfill content negotiation.

Proxy Authentication Required

Similar to 401, but authentication must be performed with a proxy server between the client and the target server. The proxy must return a Proxy-Authenticate header.

Request Timeout

The server timed out waiting for the request. The client did not produce a request within the time the server was prepared to wait. The client may repeat the request without modification.

Conflict

The request conflicts with the current state of the target resource. Commonly used when attempting to create a duplicate resource or when there is an edit conflict (e.g., optimistic concurrency).

Gone

The requested resource is no longer available at the server and no forwarding address is known. Unlike 404, this indicates the resource is permanently gone and will not return.

Length Required

The server refuses the request because it requires a Content-Length header field. The client should resend the request with the header indicating the size of the request body.

Precondition Failed

One or more conditions in the request header fields (like If-Match or If-Unmodified-Since) evaluated to false. The server cannot meet the preconditions set by the client.

Content Too Large

The request body is larger than the server is willing or able to process. The server may close the connection or return a Retry-After header to indicate when the client can retry.

URI Too Long

The URI requested by the client is longer than the server is willing to interpret. This can occur when a client has mistakenly converted a POST request to a GET with long query parameters.

Unsupported Media Type

The server refuses the request because the payload format is not supported. For example, sending XML when the API only accepts JSON, or using an unsupported Content-Encoding.

Range Not Satisfiable

The range specified in the Range header of the request cannot be fulfilled. The range may be outside the size of the target resource's data.

I'm a Teapot

An April Fools' joke from RFC 2324 (Hyper Text Coffee Pot Control Protocol). The server refuses to brew coffee because it is, permanently, a teapot. Not expected to be implemented by actual servers.

Unprocessable Content

The server understands the content type and syntax of the request, but it was unable to process the contained instructions. Common in REST APIs when validation fails on otherwise well-formed input.

Locked

The resource that is being accessed is locked. This is a WebDAV-specific status code indicating the source or destination resource is currently locked.

Too Early

The server is unwilling to risk processing a request that might be replayed. Used with TLS Early Data (0-RTT) to prevent replay attacks against the server.

Upgrade Required

The server refuses to perform the request using the current protocol. The client must switch to a different protocol specified in the Upgrade header (e.g., upgrading to TLS).

Precondition Required

The server requires the request to be conditional (include headers like If-Match). This prevents the lost update problem where a client GETs a resource, modifies it, and PUTs it back while another client has also modified it.

Too Many Requests

The user has sent too many requests in a given amount of time (rate limiting). The response should include a Retry-After header indicating how long to wait before making a new request.

Request Header Fields Too Large

The server is unwilling to process the request because its header fields are too large. This can occur with excessively large cookies or tokens. Reduce the size of request headers and retry.

Unavailable For Legal Reasons

The resource is unavailable due to legal demands such as government censorship or court-ordered takedowns. Named after the novel Fahrenheit 451. The response should include a reference to the legal authority.

Internal Server Error

The server encountered an unexpected condition that prevented it from fulfilling the request. This is a generic catch-all error when no more specific 5xx code is appropriate.

Not Implemented

The server does not support the functionality required to fulfill the request. This is the appropriate response when the server does not recognize the request method.

Bad Gateway

The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.

Service Unavailable

The server is not ready to handle the request. Common causes include a server that is down for maintenance or overloaded. A Retry-After header may indicate when to try again.

Gateway Timeout

The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server. This often indicates network issues between servers or a slow backend service.

HTTP Version Not Supported

The server does not support the HTTP protocol version used in the request. The server should indicate which protocols it supports in the response.

Insufficient Storage

The server is unable to store the representation needed to complete the request. This is a WebDAV-specific status code indicating the server has run out of disk space or quota.

Loop Detected

The server detected an infinite loop while processing the request. This occurs in WebDAV when a request causes a binding loop on the server.

Network Authentication Required

The client needs to authenticate to gain network access. This is typically sent by captive portals (e.g., Wi-Fi hotspot login pages) intercepting traffic before granting internet access.