In this post I will present the different HTTP status code groups, which are the groups 1xx (100-199), 2xx (200-299), 3xx (300-399), 4xx (400-499) and 5xx (500-599). All official HTTP status codes are within the range of 100-599 and the first digit describes which group they are part of. The groups are:
- Information (100–199)
- Success (200–299)
- Redirection (300–399)
- Client errors (400–499)
- Server errors (500–599)
All status codes belong to one group, some of the most commonly known are Status ok (200), not found (404) and internal server error (500).
I will go through the groups one by one and list which official status codes belong in each of them.
Informational responses (100-199)
If you have no idea what response codes are present in the 100-199 range you are probably not alone. These are seldom talked about, probably because they are just "informational". If you have worked with websockets you will likely know the code 101 (switching protocols) which upgrades the connection, that is at least the only one I could remember on top of my head writing this.
The 1xx codes are:
- 100 Continue
- 101 Switching Protocols
- 102 Processing (WebDAV)
- 103 Early Hints (RFC 8297)
The information status code means that the request was understood, but there is more to follow like continuation, switching of protocols, processing (but not done) and hints.
Successful responses (200-299)
Successful responses are what we are often looking for. A 200 is a clean code stating that the request was received, understood and handled - everything is OK. Most of the other 200 codes are variations of this, telling the client that the request was handled successfully.
The 2xx codes are:
- 200 OK
- 201 Created
- 202 Accepted
- 203 Non-Authoritative Information
- 204 No Content
- 205 Reset Content
- 206 Partial Content
- 207 Multi-Status (WebDAV)
- 208 Already Reported (WebDAV)
- 226 IM Used (RFC 3229)
Redirection responses (300-399)
Redirects are used in many situations, most common is that the resource you are looking for has been moved (301-303) and it tells the client to request another resource instead. The code "Not Modified" (304) does not seem much like a redirect, it asks the client to use its cache as the resource is unmodified, however it can be seen as an implicit redirect to use cache. Temporary redirects are different from 301-303 in that the client should continue to request the original URL when making a new request.
The 3xx codes are:
- 300 Multiple Choices
- 301 Moved Permanently
- 302 Found
- 303 See Other
- 304 Not Modified
- 305 Use Proxy
- 306 Switch Proxy (Unused)
- 307 Temporary Redirect
- 308 Permanent Redirect (experimental)
Always remember you cannot use codes 301-304 to redirect put, post or delete requests, as most browsers will turn the request into a get request instead, the client should interpret this as the original put/post/delete request was handled successfully and it should then get the redirected resource. You should use 307 or 308 for these redirects. You can see my post on this here.
Client error responses (400-499)
You may think that the wording "client errors" are a bit misleading as the client does not respond with errors to anyone. However the intention of the wording is to say that these errors are for the client to correct as the client is sending an invalid request. So if the client wants its request to be successful it is on the client to correct it - the client must correct its request and try again.
Some of these error codes are for malformed requests such as "bad request" (400), "method not allowed" (405) and "Not acceptable" (406). Others are that the client does not have access (403) or is not authorised (401). In any way, it is up to the client to correct these errors.
This is also the range of codes for the "I'm a teapot" (418) status introduced as an April fools joke.
The 4xx codes are:
- 400 Bad Request
- 401 Unauthorized
- 402 Payment Required
- 403 Forbidden
- 404 Not Found
- 405 Method Not Allowed
- 406 Not Acceptable
- 407 Proxy Authentication Required
- 408 Request Timeout
- 409 Conflict
- 410 Gone
- 411 Length Required
- 412 Precondition Failed
- 413 Request Entity Too Large
- 414 Request-URI Too Long
- 415 Unsupported Media Type
- 416 Requested Range Not Satisfiable
- 417 Expectation Failed
- 418 I'm a teapot (RFC 2324)
- 422 Unprocessable Entity (WebDAV)
- 423 Locked (WebDAV)
- 424 Failed Dependency (WebDAV)
- 425 Reserved for WebDAV
- 426 Upgrade Required
- 428 Precondition Required
- 429 Too Many Requests
- 431 Request Header Fields Too Large
- 451 Unavailable For Legal Reasons
Server error responses (500-599)
If the client errors are for the client to correct, the server errors are for the server to correct. Overall the server lets the client know it cannot service its request, due to server side issues. It is of course likely that something in the requests causes a server side error and the client can correct that, but if the client sends something that the server cannot handle the server should return a 4xx status code.
Most commonly known is the dreaded "internal server error" (500) status code, which is a generic status code letting the client know that an unexpected error has happened.
The 5xx codes are:
- 500 Internal Server Error
- 501 Not Implemented
- 502 Bad Gateway
- 503 Service Unavailable
- 504 Gateway Timeout
- 505 HTTP Version Not Supported
- 506 Variant Also Negotiates (Experimental)
- 507 Insufficient Storage (WebDAV)
- 508 Loop Detected (WebDAV)
- 509 Bandwidth Limit Exceeded (Apache)
- 510 Not Extended
- 511 Network Authentication Required
That's it!
This was my post on the groups of HTTP status codes, what they mean and some examples of usage. I hope you found this helpful, if so please let me know in the comments down below!
Sources: