HTTP Status Code Reference

The server has received the request headers and the client should proceed to send the request body.

The server agrees to switch protocols as requested via the Upgrade header, commonly used for WebSocket handshakes.

The server has received the request and is processing it, but no response is available yet (WebDAV).

Preliminary headers sent before the final response, mainly used with Link headers to start preloading resources.

The request succeeded. The response body depends on the method: GET returns the resource, POST returns the result of the action.

The request succeeded and a new resource was created, typically in response to a POST or PUT. The Location header often points to it.

The request was accepted for processing, but processing has not completed. Common for asynchronous jobs and queues.

The response was successful but the metadata was modified by a transforming proxy from the origin's response.

The request succeeded but there is no content to return. Common for DELETE operations and form submissions.

The request succeeded; the client should reset the document view, such as clearing a form.

The server is delivering only part of the resource due to a Range header. Used for resumable downloads and video streaming.

The response body contains multiple status codes for multiple independent operations (WebDAV).

The members of a DAV binding have already been enumerated in a preceding part of the multi-status response (WebDAV).

The server fulfilled a GET request and the response represents the result of one or more instance manipulations (delta encoding).

The request has more than one possible response. The user or user agent should choose one of them.

The resource has permanently moved to the URL in the Location header. Search engines update their links to the new URL.

The resource temporarily lives at a different URL. The client should continue using the original URL for future requests.

The client should fetch the resource at another URL using GET, typically after a POST (the POST-redirect-GET pattern).

The cached version is still valid; the resource has not changed since the client's If-Modified-Since or ETag. No body is sent.

Like 302, but the client must repeat the request with the same method and body — a POST stays a POST.

Like 301, but the client must repeat the request with the same method and body — a POST stays a POST.

The server cannot process the request due to a client error: malformed syntax, invalid parameters, or deceptive routing.

Authentication is required and has failed or has not been provided. Despite the name, it means 'unauthenticated'.

Reserved for future use; some APIs use it to signal exhausted quotas, expired subscriptions, or required payment.

The server understood the request but refuses to authorize it. Unlike 401, authenticating again will not help.

The server cannot find the requested resource. The most famous status code on the web.

The HTTP method is not supported for this resource — e.g. a POST to a read-only endpoint. The Allow header lists valid methods.

The server cannot produce a response matching the Accept headers sent by the client (content negotiation failed).

Like 401, but authentication is required with the proxy, indicated by the Proxy-Authenticate header.

The server timed out waiting for the request. The client may repeat the request without modification.

The request conflicts with the current state of the resource, such as an edit conflict or a duplicate unique key.

The resource was intentionally removed and will not return. Unlike 404, this state is expected to be permanent.

The server requires a Content-Length header and the request did not include one.

A condition in If-Match, If-Unmodified-Since, or similar headers was not met. Used for optimistic concurrency control.

The request body exceeds the limits the server is willing to process. Formerly named 'Payload Too Large'.

The URI is longer than the server is willing to interpret, often from over-long query strings.

The request body's media type is not supported — e.g. sending XML to an endpoint that only accepts JSON.

The Range header asks for a portion of the resource that cannot be supplied, such as beyond the end of the file.

The server cannot meet the requirements of the Expect request header.

An April Fools' joke from RFC 2324 (Hyper Text Coffee Pot Control Protocol). The server refuses to brew coffee because it is a teapot.

The request was directed at a server that is not able to produce a response, e.g. due to connection reuse across origins.

The request was well-formed but contains semantic errors — the classic response for failed validation in REST APIs.

The resource being accessed is locked (WebDAV).

The request failed because it depended on another request that failed (WebDAV).

The server is unwilling to process a request that might be replayed, used with TLS early data.

The server refuses to perform the request using the current protocol; the client should upgrade per the Upgrade header.

The server requires the request to be conditional (e.g. include If-Match) to prevent lost-update problems.

The client has sent too many requests in a given time window. Rate limiting — check the Retry-After header.

The server refuses to process the request because its header fields (individually or together) are too large.

The resource is unavailable for legal reasons, such as censorship or government demands. A reference to Fahrenheit 451.

A generic error: the server encountered an unexpected condition and no more specific message is suitable.

The server does not recognize the request method or lacks the ability to fulfil it.

The server, acting as a gateway or proxy, received an invalid response from the upstream server.

The server cannot handle the request — usually overloaded or down for maintenance. Retry-After may indicate when to try again.

The server, acting as a gateway or proxy, did not receive a timely response from the upstream server.

The server does not support the HTTP protocol version used in the request.

A configuration error in transparent content negotiation caused a circular reference.

The server is unable to store the representation needed to complete the request (WebDAV).

The server detected an infinite loop while processing the request (WebDAV).

Further extensions to the request are required for the server to fulfil it.

The client needs to authenticate to gain network access — the status behind captive portals on public Wi-Fi.