HTTP Status Codes: A Complete Guide

Request received, continuing process. Rarely seen in practice.

Request was received, understood, and accepted.

Further action needed to complete the request.

Request contains bad syntax or cannot be fulfilled.

Server failed to fulfill a valid request.

Standard success response. The request succeeded and the response body contains the result.

Request succeeded and a new resource was created. Typically returned after POST requests. Should include a Location header with the new resource's URL.

Request accepted but not yet processed. Used for asynchronous operations—processing will happen later.

Request succeeded but there's no content to return. Common for successful DELETE requests or updates where no body is needed.

Server is delivering only part of the resource due to a Range header. Used for resumable downloads and video streaming.

Resource has permanently moved to a new URL. Browsers and search engines should update their links. Important for SEO when changing URLs.

Resource temporarily at a different URL. The client should continue using the original URL for future requests.

Response to the request can be found at another URL using GET. Often used after POST to redirect to a confirmation page.

Resource hasn't changed since the last request. The client can use its cached version. Used with conditional GET requests.

Like 302, but guarantees the HTTP method won't change. POST stays POST (unlike 302 which may convert to GET).

Like 301, but guarantees the HTTP method won't change. Newer and stricter than 301.

Server cannot process the request due to client error. Could be malformed syntax, invalid request framing, or invalid request parameters.

Authentication is required and has failed or not been provided. Should include a WWW-Authenticate header indicating how to authenticate.

Server understood the request but refuses to authorize it. Unlike 401, authentication won't help—you don't have permission.

Requested resource doesn't exist. The most common error code encountered by users.

HTTP method (GET, POST, etc.) is not supported for this resource. For example, trying to POST to a read-only endpoint.

Server timed out waiting for the request. The client can retry the same request.

Request conflicts with current state of the resource. Often used for edit conflicts or duplicate entries.

Resource existed but has been permanently deleted. Unlike 404, this indicates the resource is intentionally gone.

Request was well-formed but contains semantic errors. Often used for validation failures in APIs.

Rate limit exceeded. Should include Retry-After header indicating when to retry.

Generic server error when no more specific message is available. Usually indicates a bug or unhandled exception in the server code.

Server doesn't recognize the request method or can't fulfill it. Unlike 405, implies server doesn't support this functionality at all.

Server acting as a gateway received an invalid response from the upstream server. Common with reverse proxies and load balancers.

Server is temporarily unable to handle the request. Usually due to maintenance or overload. Should include Retry-After header.

Server acting as a gateway didn't receive a timely response from the upstream server.

• "Who are you?"
• No credentials provided
• Invalid credentials
• Expired token
• Try logging in

• "I know who you are, but no"
• Valid credentials
• Insufficient permissions
• Re-authenticating won't help
• Contact admin for access