HTTP Status Codes Cheat Sheet — All 70+ Codes Explained
Complete HTTP status code reference with all 1xx, 2xx, 3xx, 4xx, 5xx codes, when to use each, common causes, and practical examples. Bookmark for debugging.
Every HTTP status code you'll encounter, grouped by category, with practical notes on when to use each and what they usually mean in the wild. For quick lookup of a specific code, use the status code tool.
1xx — Informational
| Code | Name | When |
|---|---|---|
100 | Continue | Server got request headers; client may send the body |
101 | Switching Protocols | Upgrade from HTTP to WebSocket or HTTP/2 |
102 | Processing | Long-running request is in progress (WebDAV) |
103 | Early Hints | Preload hints before final response (saves perf time) |
2xx — Success
| Code | Name | When |
|---|---|---|
200 | OK | Standard success (GET, most PUTs) |
201 | Created | Resource created (POST); include Location header |
202 | Accepted | Request queued but not yet processed |
204 | No Content | Success with no body (DELETE, some PUTs) |
206 | Partial Content | Range request succeeded (video seeking, resumed downloads) |
3xx — Redirection
| Code | Name | When |
|---|---|---|
301 | Moved Permanently | Permanent redirect; passes link equity in SEO |
302 | Found | Temporary redirect; method may change (buggy by spec) |
303 | See Other | Post-Redirect-Get pattern; GET the new URL |
304 | Not Modified | Cache hit; resource unchanged since last fetch |
307 | Temporary Redirect | Like 302 but preserves HTTP method strictly |
308 | Permanent Redirect | Like 301 but preserves HTTP method strictly |
301 vs 302: 301 for permanent URL moves (rebranding, migration). 302 for A/B tests, maintenance, session-specific. Search engines cache 301s; don't use them if you might move back. For API redirects preserving method, prefer 307/308.
4xx — Client Errors
| Code | Name | When |
|---|---|---|
400 | Bad Request | Malformed syntax, invalid parameters |
401 | Unauthorized | Authentication required or failed (misnamed — should be "Unauthenticated") |
402 | Payment Required | Reserved; rarely used in practice (Stripe uses it) |
403 | Forbidden | Authenticated but not authorized for this resource |
404 | Not Found | Resource doesn't exist |
405 | Method Not Allowed | Endpoint exists but doesn't accept this HTTP verb |
406 | Not Acceptable | Accept header can't be satisfied |
408 | Request Timeout | Client took too long to send |
409 | Conflict | Concurrent edits, unique constraint violation |
410 | Gone | Resource existed but is permanently deleted (stronger than 404) |
411 | Length Required | Missing Content-Length header |
412 | Precondition Failed | If-Match or If-Unmodified-Since failed |
413 | Payload Too Large | Request body exceeds server limit |
414 | URI Too Long | Usually from too many query params |
415 | Unsupported Media Type | Bad Content-Type |
418 | I'm a teapot | April Fools; real APIs sometimes use it as an easter egg |
422 | Unprocessable Entity | Syntactically valid but semantically invalid (validation errors) |
425 | Too Early | Request sent in 0-RTT that could be replayed |
428 | Precondition Required | Server requires conditional request |
429 | Too Many Requests | Rate limited; check Retry-After |
451 | Unavailable For Legal Reasons | Blocked by court order or regulation |
5xx — Server Errors
| Code | Name | When |
|---|---|---|
500 | Internal Server Error | Generic server failure; check logs |
501 | Not Implemented | Server doesn't support the method |
502 | Bad Gateway | Upstream server returned invalid response (common behind load balancers) |
503 | Service Unavailable | Temporarily overloaded or in maintenance; include Retry-After |
504 | Gateway Timeout | Upstream took too long |
505 | HTTP Version Not Supported | Server doesn't support the HTTP version |
507 | Insufficient Storage | WebDAV; disk full |
508 | Loop Detected | WebDAV; infinite redirect loop |
511 | Network Authentication Required | Captive portal (hotel/airport Wi-Fi) |
Quick decision tree: which code to return?
- Created a resource? →
201withLocationheader - Deleted a resource? →
204(no body) or200(with result) - Validation failed? →
422(not 400) when input was well-formed but semantically wrong - User not logged in? →
401 - User logged in but not allowed? →
403 - Resource moved forever? →
301(or308for APIs) - Rate limited? →
429withRetry-After: N - Down for maintenance? →
503withRetry-After - Upstream timing out? →
504(not 500)
Common debugging scenarios
401 from an authenticated endpoint: JWT may be expired — decode it with JWT decoder to check exp.
400 from an API: Request body likely malformed — prettify and validate with JSON formatter.
URL-encoding issues in 400/404: Special characters may need encoding — check with URL encoder/decoder.
Featured Tools
Try these free tools directly in your browser — no sign-up required.
HTTP Status Codes
Complete HTTP status code reference with explanations, use cases, and examples. Look up any HTTP response code from 1xx informational to 5xx server errors.
JSON Formatter
Format, beautify, and validate JSON instantly. Paste raw JSON and get a clean, indented, human-readable output with syntax error detection.
JWT Decoder
Decode and inspect JSON Web Tokens (JWTs) instantly. View header, payload, and signature without a secret key. Debug authentication tokens safely.
URL Encoder / Decoder
Encode or decode URLs and query strings instantly. Convert special characters to percent-encoding and back for safe URL transmission and debugging.