HTTP status code group meanings with examples and list of status codes

Understanding HTTP Status Codes

When you interact with a website or application, your browser and the server communicate using HTTP (Hypertext Transfer Protocol). An important part of this communication involves HTTP status codes, which are three-digit numbers sent by the server to indicate the status of your request. These codes provide valuable information about whether a request was successful, if there was an error, or if further action is needed.

All official HTTP status codes fall within the 100-599 range, and the first digit categorizes them into five distinct groups:

1xx: Informational responses (100-199)
2xx: Successful responses (200-299)
3xx: Redirection messages (300-399)
4xx: Client error responses (400-499)
5xx: Server error responses (500-599)

Some of the most commonly recognized codes include 200 OK, 404 Not Found, and 500 Internal Server Error. Let's dive into each group to understand their purpose and the specific codes within them.

1xx: Informational Responses (100-199)

The 1xx status codes are often the least discussed, primarily because they're "informational"—they indicate that the request was received and understood, and that the process is continuing. Unless you've worked with technologies like WebSockets, you might not frequently encounter them. A prime example is 101 Switching Protocols, which is used to upgrade a connection, such as from HTTP to a WebSocket.

Here are the official 1xx codes:

100 Continue: The client should continue its request.
101 Switching Protocols: The server is switching protocols.
102 Processing (WebDAV): The server has received and is processing the request, but no response is available yet.
103 Early Hints (RFC 8297): Used to pre-load resources while the server prepares the full response.

2xx: Successful Responses (200-299)

These are the codes we aim for! A 2xx status code means the server successfully received, understood, and processed the request. The most well-known is 200 OK, signifying that everything went ok. Other 2xx codes are variations that indicate different types of successful handling.

Here are the official 2xx codes:

200 OK: The request succeeded.
201 Created: The request has been fulfilled, and a new resource has been created.
202 Accepted: The request has been accepted for processing, but the processing is not yet complete.
203 Non-Authoritative Information: The information in the entity body is from a local or third-party copy, not from the original server.
204 No Content: The server successfully processed the request, but is not returning any content.
205 Reset Content: The server successfully processed the request, but expects the client to reset the current view.
206 Partial Content: The server is delivering only part of the resource due to a range header from the client.
207 Multi-Status (WebDAV): Multiple status codes for a single response.
208 Already Reported (WebDAV): Members of a DAV binding have already been enumerated.
226 IM Used (RFC 3229): The server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance.

3xx: Redirection Messages (300-399)

Redirection codes tell the client to request a different resource or location. The most common use cases involve resources that have permanently moved (301 Moved Permanently) or temporarily moved (302 Found). While 304 Not Modified might not seem like a typical redirect, it instructs the client to use its cached version of a resource, which can be thought of as an implicit redirection to the cache.

It is important to know that for PUT, POST, or DELETE requests, using 301-303 can lead to issues, as most browsers will convert the subsequent request into a GET request. For these methods, you should use 307 Temporary Redirect or 308 Permanent Redirect. You can learn more about this inmy dedicated post on redirecting HTTP PUT or POST requests.

Here are the official 3xx codes:

300 Multiple Choices: The requested resource has multiple representations.
301 Moved Permanently: The resource has been permanently moved to a new URL.
302 Found: The resource has been temporarily moved to a new URL.
303 See Other: The response to the request can be found under another URI.
304 Not Modified: The resource has not been modified since the last request, so the client can use its cached version.
305 Use Proxy: The requested resource must be accessed through a proxy. (Deprecated)
306 Switch Proxy: No longer used.
307 Temporary Redirect: The resource has been temporarily moved to a new URL, and the client should continue to use the original URL for future requests.
308 Permanent Redirect (experimental): The resource has been permanently moved to a new URL, and the client should use the new URL for all future requests.

4xx: Client Error Responses (400-499)

The "client error" designation means that the error lies with the client's request. The server received the request but couldn't process it because something was wrong on the client's end. To succeed, the client needs to correct its request and try again.

These errors can range from malformed requests like 400 Bad Request or 405 Method Not Allowed, to issues with authorization such as 401 Unauthorized or 403 Forbidden. This range also includes the humorous 418 I'm a teapot status code, an April Fools' Day joke that has persisted!

Here are the official 4xx codes:

400 Bad Request: The server cannot process the request due to a client error.
401 Unauthorized: Authentication is required and has failed or has not yet been provided.
402 Payment Required: Reserved for future use.
403 Forbidden: The client does not have access rights to the content.
404 Not Found: The server cannot find the requested resource.
405 Method Not Allowed: The request method is not supported for the requested resource.
406 Not Acceptable: The server cannot produce a response matching the list of acceptable values defined in the request's proactive negotiation headers.
407 Proxy Authentication Required: The client must first authenticate itself with the proxy.
408 Request Timeout: The server timed out waiting for the request.
409 Conflict: The request could not be completed due to a conflict with the current state of the resource.
410 Gone: The resource is no longer available at the server and no forwarding address is known.
411 Length Required: The server refuses to accept the request without a defined Content-Length.
412 Precondition Failed: One or more conditions given in the request header fields evaluated to false when tested on the server.
413 Request Entity Too Large: The request is larger than the server is willing or able to process.
414 Request-URI Too Long: The URI provided was too long for the server to process.
415 Unsupported Media Type: The media format of the requested data is not supported by the server.
416 Requested Range Not Satisfiable: The client has asked for a portion of the file, but the server cannot supply that portion.
417 Expectation Failed: The expectation given in the request's Expect header field could not be met by the server.
418 I'm a teapot (RFC 2324): The server refuses to brew coffee because it is, permanently, a teapot.
422 Unprocessable Entity (WebDAV): The request was well-formed but could not be processed due to semantic errors.
423 Locked (WebDAV): The resource that is being accessed is locked.
424 Failed Dependency (WebDAV): The request failed due to failure of a previous request.
425 Too Early (RFC 8470): The server is unwilling to risk processing a request that might be replayed.
426 Upgrade Required: The client should switch to a different protocol.
428 Precondition Required: The origin server requires the request to be conditional.
429 Too Many Requests: The user has sent too many requests in a given amount of time.
431 Request Header Fields Too Large: The server is unwilling to process the request because its header fields are too large.
451 Unavailable For Legal Reasons: The server cannot serve the content due to legal restrictions.

5xx: Server Error Responses (500-599)

Unlike client errors, 5xx codes indicate that the server encountered an issue and couldn't fulfill a valid request. While a client's request might trigger a server-side error, the core problem lies within the server's functionality. If the server cannot handle a request due to client-side input, it should typically return a 4xx status code instead.

The most infamous is 500 Internal Server Error, a generic code that signals an unexpected problem on the server's end.

Here are the official 5xx codes:

500 Internal Server Error: A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.
501 Not Implemented: The server does not support the functionality required to fulfill the request.
502 Bad Gateway: The server, while acting as a gateway or proxy, received an invalid response from an upstream server.
503 Service Unavailable: The server is currently unable to handle the request due to a temporary overload or scheduled maintenance.
504 Gateway Timeout: The server, while acting as a gateway or proxy, did not receive a timely response from an upstream server.
505 HTTP Version Not Supported: The HTTP version used in the request is not supported by the server.
506 Variant Also Negotiates (Experimental): Transparent content negotiation for the request results in a circular reference.
507 Insufficient Storage (WebDAV): The server is unable to store the representation needed to complete the request.
508 Loop Detected (WebDAV): The server detected an infinite loop while processing the request.
510 Not Extended: Further extensions to the request are required for the server to fulfill it.
511 Network Authentication Required: The client needs to authenticate to gain network access.

I hope this breakdown helps you better understand the world of HTTP status codes! If you found this post helpful, feel free to share your thoughts in the comments below.

Sources: