HTTP Status Code Reference

Initial request received; client should proceed with the request body.

Server is switching protocols as requested (e.g. WebSocket upgrade).

Server has accepted the request but hasn't finished processing it.

Preload hints sent before the final response — useful for `<link rel=preload>`.

Standard success response. The body contains the resource or operation result.

Resource was created. The Location header usually points to it.

Request accepted for processing but not yet completed.

Returned data was modified by a transforming proxy.

Success, but there is no body to return.

Tell the client to reset the document view (e.g. clear a form).

Partial response for a Range request (resumable downloads, video seek).

WebDAV — body contains XML with multiple status results.

WebDAV — bindings already enumerated in a previous response.

Server fulfilled the GET using one or more instance manipulations.

Multiple options for the resource — client must choose.

Resource has a new permanent URI (in Location). Use for SEO-safe redirects.

Temporary redirect. Some clients change POST to GET — prefer 307 if that's bad.

Redirect to a result resource, always with GET.

Cached copy is still valid — no body returned.

Redirect that preserves the original HTTP method and body.

Like 301 but preserves the method and body.

Malformed request — syntax, missing required fields, invalid framing.

Authentication is required or has failed. (Confusingly named — really 'unauthenticated'.)

Reserved for future use; some APIs use it for billing-related errors.

Server understood the request but refuses to authorize it.

Resource doesn't exist (or you don't have permission to know that it does).

The HTTP method isn't supported on this resource. Allow header lists valid ones.

Server can't produce a response matching the client's Accept headers.

Client must authenticate with the proxy.

Client took too long to send the request.

Request conflicts with current state (e.g. version mismatch on update).

Resource intentionally removed and won't return. Stronger than 404 for SEO.

Server requires Content-Length header.

A precondition header (If-Match, If-Unmodified-Since) wasn't met.

Request body exceeds the server's allowed size.

Request URI is longer than the server is willing to interpret.

Content-Type isn't accepted by the endpoint.

Requested Range can't be served.

Expect request-header field can't be met.

RFC 2324 joke status. Some APIs use it deliberately.

Request was well-formed but contains semantic errors (validation failures).

WebDAV — the resource is locked.

WebDAV — request failed because a previous one did.

Server is unwilling to risk processing a replay-able request.

Client must switch to a different protocol (e.g. TLS).

Server requires the request to be conditional.

Rate-limited. Retry-After tells you when to try again.

Headers (collectively or individually) are too big.

Resource blocked by legal demand. Named for Fahrenheit 451.

Generic 'something broke on the server' — check logs.

Server doesn't recognize the request method.

Upstream server returned an invalid response. Usually a proxy issue.

Server overloaded or down for maintenance. Retry-After may say when.

Upstream server didn't respond in time.

Server doesn't support the HTTP protocol version used.

Transparent content negotiation has a misconfigured loop.

WebDAV — server can't store the representation.

WebDAV — server detected an infinite loop processing the request.

Further extensions to the request are required.

Captive portal — sign in to gain network access.