45 status codes
Initial part of request received, client should continue
Server is switching protocols as requested
Server has received and is processing the request
Used to return some response headers before final response
Request succeeded
Request succeeded and a new resource was created
Request received but not yet acted upon
Returned meta-information is from a local or third-party copy
No content to send, but headers may be useful
Tells the client to reset the document view
Only part of the resource is being delivered
Multiple options for the resource
Resource has been permanently moved to a new URL
Resource temporarily resides under a different URL
Response can be found under a different URI
Resource has not been modified since last request
Temporary redirect preserving the HTTP method
Permanent redirect preserving the HTTP method
Server cannot process the request due to client error
Authentication is required and has failed or not been provided
Reserved for future use
Client does not have access rights to the content
Server cannot find the requested resource
Request method is not supported for the resource
No content matching the Accept headers
Authentication with proxy is required
Server timed out waiting for the request
Request conflicts with the current state of the server
Content has been permanently deleted
Content-Length header is required
Preconditions in headers were not met
Request entity is larger than server limits
URI is longer than the server can interpret
Media format is not supported
Range specified cannot be fulfilled
The server is a teapot (Easter egg from 1998)
Request was well-formed but semantically incorrect
User has sent too many requests (rate limiting)
Resource is unavailable due to legal demands
Server encountered an unexpected condition
Server does not support the functionality required
Server received an invalid response from upstream server
Server is not ready to handle the request
Server did not receive a timely response from upstream
HTTP version in the request is not supported
Showing 8 of 94 related tools
Get up and running in 30 seconds
Type any HTTP status code number (404, 500, 200) or error name ('Not Found', 'Internal Server Error') to instantly find the code, official name, and detailed description.
Click category buttons to view only 1xx (Informational), 2xx (Success), 3xx (Redirection), 4xx (Client Error), or 5xx (Server Error) codes. Organized by RFC standard categories.
Click the copy icon next to any code to copy the numeric value to clipboard. Perfect for adding status codes to API responses, error handlers, or documentation.
Scroll through the complete reference of standard HTTP codes with descriptions. Each entry includes the numeric code, official name, and practical explanation for developers.
Understanding HTTP status codes
HTTP status codes are three-digit numeric responses returned by web servers to indicate the result of a client's request. Every HTTP response includes a status code that tells the client whether the request succeeded, failed, was redirected, or requires additional action. Understanding HTTP status codes is essential for API development, debugging web applications, implementing proper error handling, and ensuring robust client-server communication.
HTTP status codes are defined by RFC 7231 and other HTTP specification documents. They are divided into five categories based on the first digit: 1xx Informational (request received, continuing process), 2xx Success (request was successfully received and processed), 3xx Redirection (further action needed to complete request), 4xx Client Error (request contains bad syntax or cannot be fulfilled), and 5xx Server Error (server failed to fulfill a valid request).
Proper HTTP status code usage is critical for API design and web development. APIs must return the correct status code to communicate outcomes to clients: 200 OK for successful requests, 201 Created for resource creation, 404 Not Found for missing resources, 400 Bad Request for invalid input, 401 Unauthorized for authentication failures, and 500 Internal Server Error for unexpected failures.
Search engines rely on status codes for crawling and indexing. 404 indicates removed content (drop from index), 301 Moved Permanently signals a permanent redirect (transfer SEO value to new URL), 302 Found is a temporary redirect (keep original URL in index), and 410 Gone means content is permanently deleted (stronger than 404 for SEO). Incorrect codes confuse crawlers and hurt rankings.
Front-end applications use status codes for error handling logic. A 401 response triggers user re-authentication, 429 Too Many Requests implements rate limiting backoff, 503 Service Unavailable triggers retry with exponential backoff, and 422 Unprocessable Entity displays validation errors to users. Without correct codes, clients cannot implement appropriate error recovery.
200 OK is the standard success response. Use for GET requests that return data, POST requests that process without creating resources, PUT/PATCH updates, or any successful operation where more specific 2xx codes don't apply. Most API responses are 200.
201 Created indicates successful resource creation. Use for POST requests that create new resources (users, posts, orders). Include a Location header with the new resource URL: 'Location: /api/users/123'. REST APIs should use 201 instead of 200 for creation endpoints.
204 No Content means success but no response body. Use for DELETE operations, PUT updates where returning updated data is unnecessary, or any successful operation where the client doesn't need response content. Reduces bandwidth for operations that don't require data back.
400 Bad Request indicates malformed or invalid client requests. Use for invalid JSON syntax, missing required fields, type errors (string instead of number), or any request the server cannot parse. Return error details in response body to help clients fix issues.
401 Unauthorized means authentication is required or failed. Use when the request lacks credentials, tokens are expired, or authentication fails. Include WWW-Authenticate header with authentication challenge. Despite the name, 401 is for authentication (who you are), not authorization.
403 Forbidden means authenticated but not authorized. Use when the user is logged in but lacks permissions for the requested resource or action. For example, a regular user trying to access admin endpoints. 403 is for authorization (what you can do), not authentication.
404 Not Found means the requested resource doesn't exist. Use for invalid URLs, deleted resources, or IDs that don't exist in the database. Don't use 404 for authorization failures - that leaks information about resource existence. Use 403 or 404 consistently for security.
500 Internal Server Error indicates unexpected server failures. Use for unhandled exceptions, database connection failures, or any error that isn't the client's fault. Never expose stack traces or sensitive error details in production. Log details server-side and return generic error messages.
Always return the most specific status code that matches the situation. Use 201 for creation, not generic 200. Use 422 for validation errors, not generic 400. Clients rely on specific codes for proper error handling and retry logic.
Include descriptive error messages in response bodies for 4xx and 5xx errors. Status codes tell clients what went wrong, error messages explain why and how to fix it. Example: 400 Bad Request with body: {"error": "Missing required field: email"}.
Never use 200 OK for error responses with error objects in the body. Some APIs return {"status": "error", "message": "failed"} with 200 status - this breaks HTTP semantics and confuses client error handling. Use appropriate 4xx or 5xx codes for errors.
REST APIs should follow HTTP semantics strictly:
Consistent status code usage makes APIs intuitive and predictable for developers.
How developers use HTTP status codes
Return appropriate HTTP status codes in REST API endpoints to communicate success, errors, and edge cases. Proper codes enable clients to implement correct error handling, retries, and user feedback without parsing response bodies.
Handle different HTTP status codes in front-end applications to provide appropriate user feedback, trigger authentication flows, implement retry logic, or display validation errors. Status codes drive conditional client behavior.
Write integration tests that verify API endpoints return correct HTTP status codes for various scenarios: success cases, validation failures, authentication errors, and edge cases. Status code testing ensures API contract compliance.
Use correct redirect status codes (301 vs 302 vs 307) to guide search engine crawlers. 301 Moved Permanently transfers SEO value to new URLs, 302 Found is temporary (keeps original in index), and 404/410 signals content removal.
Master HTTP status code reference
This HTTP status codes reference provides instant lookup of all standard HTTP response codes with descriptions, official names, and practical guidance for developers. The interface is optimized for quick searching during debugging, API development, or code review.
Use the search field to find codes by number, name, or description keyword. Type "404" to find Not Found, "auth" to find authentication-related codes (401, 407), "redirect" to find 3xx codes, or "server error" to find 5xx codes. Search is instant and case-insensitive, matching across all code attributes.
Click category buttons to view only codes in that category: 1xx Informational for provisional responses during request processing, 2xx Success for successful operations, 3xx Redirection for redirects and caching, 4xx Client Error for client-side mistakes or invalid requests, 5xx Server Error for server failures. Categories follow RFC standard organization.
Click the copy icon next to any code to copy its numeric value to clipboard. Use this when writing API response code, configuring web servers, adding status codes to test assertions, or documenting API behavior. The tool provides one-click access to standard codes without memorizing numbers.
1xx codes are rare in typical web development. 101 Switching Protocols is used for WebSocket upgrades. Most developers never directly implement 1xx codes - they are sent by underlying HTTP servers during connection setup.
2xx codes indicate success. Use 200 for general success, 201 for resource creation, 204 for successful operations with no response body, and 206 for partial content (video streaming, range requests). Always use the most specific 2xx code that matches your use case.
3xx codes handle redirects and caching. 301 is permanent redirect (SEO value transfers), 302 is temporary redirect (keep original URL), 304 Not Modified enables browser caching, and 307/308 are redirects that preserve HTTP method (POST stays POST). Choose carefully for SEO and caching behavior.
4xx codes indicate client errors. 400 is generic bad request, 401 means not authenticated, 403 means authenticated but forbidden, 404 means not found, 409 is resource conflict, 422 is validation failure, and 429 is rate limit exceeded. Return descriptive error messages in response body.
5xx codes indicate server errors. 500 is generic server error, 502 is bad gateway (upstream server error), 503 is service unavailable (temporary outage), and 504 is gateway timeout. Never expose stack traces in production 5xx responses.
Reference this tool when implementing new API endpoints to choose appropriate status codes for success and error cases. Use it during debugging to understand what status codes mean in server logs or browser DevTools. Consult it during code review to verify teammates are using HTTP semantics correctly. Keep it open while writing API documentation to include accurate status codes in endpoint specs.
Everything you need to know
Your data never leaves your browser
This HTTP status codes reference operates entirely client-side in your browser. No search queries, status code lookups, or usage information is transmitted to any servers. All filtering and searching happens locally using JavaScript.
Safe for looking up status codes in confidential projects, debugging production APIs, or researching codes for security-sensitive implementations. Use with confidence for enterprise development, compliance projects, or any work requiring privacy.
Performance metrics