HTTP Status Codes Reference
A categorised reference of the HTTP status codes you'll meet during web development. Useful for API design, debugging, and error handling.
What are HTTP status codes?
HTTP status codes are 3-digit numbers returned by a server to indicate the result of a client request. The first digit determines the class — there are five classes from 1xx to 5xx. Returning the right status code is foundational to good RESTful API design.
1xx — Informational
The request was received and processing is continuing. Browsers usually handle these automatically.
| Code | Name | Description |
|---|---|---|
100 | Continue | Initial part of the request received; client may continue |
101 | Switching Protocols | Protocol switch accepted (used by WebSocket) |
103 | Early Hints | Hints to start preloading resources before the final response |
2xx — Success
The request was successfully received and processed. Most common category in API development.
| Code | Name | Description | Typical use |
|---|---|---|---|
200 | OK | Request succeeded | GET / PUT / PATCH success |
201 | Created | Request succeeded and a new resource was created | POST creating a resource |
202 | Accepted | Request accepted but processing not complete | Accepting an async job |
204 | No Content | Success, no body to return | DELETE success, PUT-only updates |
206 | Partial Content | Partial response to a range request | Resuming large downloads |
3xx — Redirection
Further action is needed to complete the request (such as following a redirect). Important for SEO and URL migration.
| Code | Name | Description | Typical use |
|---|---|---|---|
301 | Moved Permanently | Resource has moved permanently | URL change / domain migration; passes SEO equity |
302 | Found | Temporary redirect to another URL | Maintenance redirects |
303 | See Other | Refer to another URL via GET | Post-Redirect-Get pattern after POST |
304 | Not Modified | Resource has not changed | Browser cache reuse; saves bandwidth |
307 | Temporary Redirect | Temporary redirect (preserves method) | HTTP→HTTPS temporary forwarding |
308 | Permanent Redirect | Permanent redirect (preserves method) | API endpoint permanent move |
4xx — Client Error
Something is wrong with the client request — bad input, missing auth, etc.
| Code | Name | Description | Typical use |
|---|---|---|---|
400 | Bad Request | Malformed request | Validation errors, malformed JSON |
401 | Unauthorized | Authentication required | Not logged in, expired token |
403 | Forbidden | No permission to access | Authenticated but lacking access |
404 | Not Found | Resource not found | Non-existent URL, deleted resource |
405 | Method Not Allowed | HTTP method not allowed | POST against a GET-only endpoint |
408 | Request Timeout | Request timed out | Slow client data transfer |
409 | Conflict | Resource conflict | Duplicate registration, optimistic-lock collision |
413 | Payload Too Large | Request body too large | Upload limit exceeded |
415 | Unsupported Media Type | Unsupported media type | Wrong Content-Type |
422 | Unprocessable Entity | Syntax OK but semantically invalid | Validation errors (detailed) |
429 | Too Many Requests | Rate limit exceeded | API call rate limiting |
5xx — Server Error
The server failed to process a valid request. Caused by misconfiguration or application bugs.
| Code | Name | Description | Typical use |
|---|---|---|---|
500 | Internal Server Error | Internal server error | Unhandled exception, application bug |
501 | Not Implemented | Server doesn't support the feature | Unimplemented API endpoint |
502 | Bad Gateway | Bad response from upstream | Reverse proxy upstream failure |
503 | Service Unavailable | Service unavailable | Maintenance, overload |
504 | Gateway Timeout | Upstream timeout | Upstream server response timeout |
FAQ
What's the difference between 401 and 403?
401 Unauthorized means authentication is required — prompt the user to log in or provide a token. 403 Forbidden means the user is authenticated but lacks permission for this resource. A regular user accessing an admin-only page should get 403.
What's the difference between 301 and 308?
Both are permanent redirects, but 301 may convert the HTTP method to GET on redirect. 308 preserves the request method. Use 308 when you need POST requests to remain POST after redirection.
What should I do about a 413 error?
If you get 413 Payload Too Large on file upload, check your server (Nginx client_max_body_size, Apache LimitRequestBody) and PHP (upload_max_filesize, post_max_size) settings. DevLab's threshold test files can help verify the limit.