A comprehensive guide to understanding the three-digit responses that power the web, from informational handshakes to catastrophic server meltdowns.

Every time you visit a website, your browser and the server have a conversation. Your browser sends a request, “Hey, give me this page,” and the server responds with a three-digit HTTP status code, followed by the actual content (or an error message). These codes are the web’s way of telling you exactly what happened with your request.

Understanding these codes is useful whether you’re a developer debugging an application, a content manager checking broken links, or just a curious person who’s wondered what that “404 Not Found” page really means.

The Five Categories of HTTP Status Codes

HTTP status codes are grouped into five families, each starting with a different digit:

• 1xx: Informational (the request was received and is being processed)
• 2xx: Success (the request was received, understood, and fulfilled)
• 3xx: Redirection (you need to go somewhere else to complete the request)
• 4xx: Client Error (you made a mistake in the request)
• 5xx: Server Error (the server made a mistake while handling the request)

List of HTTP Status Codes

1xx Informational Responses

End users rarely see these codes. They tell the client that the server has received the request and the process is continuing.

100

Continue

The server has received the request headers and is giving the client the green light to send the request body. Think of it as a server saying, “Go ahead, I’m listening.”

101

Switching Protocols

The client asked to switch to a different protocol (e.g., from HTTP to WebSockets), and the server agrees and is about to switch.

102

Processing

The server has received and is processing the request, but no response is available yet. Prevents the client from timing out.

103 Early Hints — Allows the server to send some response headers before the final response is ready. Useful for letting browsers start loading resources early.

2xx Success

These are the codes you want to see. They mean everything went according to plan.

200

OK 

The most common success code. The request succeeded, and the response body contains the requested data. When you load a webpage normally, you get a 200.

201

Created 

The request succeeded, and a new resource was created. You typically see this after a POST request, like when you submit a form to create a new account.

202

Accepted 

The request has been accepted for processing, but the processing hasn’t been completed yet. Useful for asynchronous tasks, like submitting a job that runs in the background.

203

Non-Authoritative Information

The request was successful, but a proxy or intermediary server has modified the response and may not match what the origin server would have sent.

204

No Content

The request succeeded, but there’s nothing to send back. Commonly, when you delete something, the deletion worked, but there’s nothing to return.

205

Reset Content

Similar to 204, but the server also tells the client to reset its document view (e.g., clearing a form after submission).

206

Partial Content

The server is delivering only part of the resource. This is used for resumable downloads or when a client requests a specific chunk of a file.

207

Multi-Status 

Used in WebDAV (a web file management protocol), this means multiple operations were performed, and each has its own status.

208

Already Reported 

Also used in WebDAV to prevent the same resource from being reported multiple times.

226

IM Used  

The server fulfilled the request, and the response results from applying one or more instance manipulations (delta encoding).

3xx Redirection

These codes indicate to the client that the resource has moved or that additional steps are required.

300

Multiple Choices

There are multiple possible responses, and the user or client must choose one. For example, a file is available in multiple formats.

301

Moved Permanently 

The resource has been permanently moved to a new URL. All future requests should use the new URL. Search engines use this to update their index.

302

Found

The resource is temporarily at a different URL. Unlike a 301 redirect, the client should keep using the original URL for future requests.

303

See Other 

The server redirects you to a different resource via a GET request, typically after a POST operation to prevent form resubmission.

304

Not Modified 

The requested resource hasn’t changed since your last request. The browser can use its cached version, saving bandwidth.

305

Use Proxy 

The requested resource must be accessed through a proxy. Largely deprecated today for security reasons.

307

Temporary Redirect 

Similar to 302, but the client must use the same HTTP method for the redirected request. If you POSTed, you must POST to the new URL too.

308

Permanent Redirect 

Like 301, but the client must maintain the same HTTP method. A permanent move where the method cannot change.

4xx Client Errors

These codes mean something was wrong with the request the client sent. The problem is on your end.

400

Bad Request 

The server couldn’t understand the request because of malformed syntax, invalid framing, or deceptive routing. It’s like sending a letter written in gibberish.

401

Unauthorized 

Despite the name, this really means “unauthenticated.” You need to log in or provide credentials to access this resource.

402

Payment Required 

Reserved for future use, though some services use it informally to indicate that a payment is needed to access content.

403

Forbidden 

The server understood the request but refused to authorize it. Unlike 401, logging in won’t help you because you don’t have permission.

404

Not Found 

The most famous status code. The server can’t find the requested resource. It might never have existed, or it may have been deleted or moved without a redirect.

405

Method Not Allowed 

You used an HTTP method (like DELETE or PUT) that the resource doesn’t support. Trying to DELETE a read-only resource, for example.

406

Not Acceptable 

The server can’t produce a response in the formats requested by the client in its request headers.

407

Proxy Authentication Required

You need to authenticate with a proxy server before the request can be completed.

408

Request Timeout 

The server timed out waiting for the request. You took too long to send the full request.

409

Conflict 

The request conflicts with the resource’s current state. For example, trying to create a username that already exists.

410

Gone 

The resource existed but has been permanently deleted and will not be available again. Stricter than 404, which is ambiguous about whether the resource ever existed.

411

Length Required 

The server requires the Content-Length header in the request, but it wasn’t included.

412

Precondition Failed 

One or more conditions in the request headers were evaluated as false on the server and used in conditional requests.

413

Content Too Large 

The request body is larger than the server is willing to process. Common when uploading very large files.

414

URI Too Long 

The URL you sent is longer than the server is willing to interpret. Usually caused by overly large query strings.

415

Unsupported Media Type 

The server doesn’t support the request’s media format. Sending XML to a server that only accepts JSON, for example.

416

Range Not Satisfiable 

The range of bytes the client asked for isn’t available. Like asking for pages 500–600 of a 100-page book.

417

Expectation Failed

The server can’t meet the requirements specified in the request’s Expect header.

418

I’m a Teapot 

Not a joke in the traditional sense, but an April Fools’ RFC from 1998. A server can return this when asked to brew coffee with a teapot. Surprisingly, it’s a real, registered status code.

421

Misdirected Request 

The request was directed at a server that can’t produce a response for the given host and scheme combination.

422

Unprocessable Content 

The request was well-formed but couldn’t be processed because of semantic errors. The server understood the format, but the content itself had issues, such as invalid form values.

423

Locked 

The resource being accessed is locked (used in WebDAV).

424

Failed Dependency 

The request failed because a previous request it depended on also failed (WebDAV).

425

Too Early 

The server is unwilling to risk processing a request that might be replayed to prevent replay attacks.

426

Upgrade Required 

The client should switch to a different protocol. The server sends information about the required protocol in the response.

428

Precondition Required 

The server requires the request to be conditional to prevent the “lost update” problem.

429

Too Many Requests 

You’ve sent too many requests in a given period. This is how servers implement rate limiting to prevent abuse.

431

Request Header Fields Too Large 

The request’s headers are too large for the server to process.

451

Unavailable For Legal Reasons

The resource has been blocked for legal reasons, such as government censorship or copyright enforcement. The code is a nod to Ray Bradbury’s novel Fahrenheit 451.

5xx Server Errors

These codes mean something went wrong on the server’s side. The request may have been valid, but the server failed to fulfill it.

500

Internal Server Error 

The most generic server error. Something went wrong on the server, but it can’t be more specific. Often caused by bugs, misconfigurations, or unhandled exceptions in code.

501

Not Implemented 

The server doesn’t support the functionality required to fulfill the request. The HTTP method used isn’t recognized or supported.

502

Bad Gateway 

The server, acting as a gateway or proxy, received an invalid response from an upstream server. A common issue is when a load balancer can’t communicate with an application server.

503

Service Unavailable 

The server is temporarily unable to handle the request, usually because it is overloaded or undergoing maintenance. Often temporary — try again later.

504

Gateway Timeout 

The server, acting as a gateway or proxy, didn’t receive a timely response from an upstream server. Similar to 502, but specifically about timing out.

505

HTTP Version Not Supported 

The server doesn’t support the HTTP protocol version used in the request.

506

Variant Also Negotiates 

An internal server configuration error occurred during content negotiation.

507

Insufficient Storage 

The server can’t store the representation needed to complete the request (WebDAV), such as when a hard drive is full.

508

Loop Detected 

The server detected an infinite loop while processing the request (WebDAV).

510

Not Extended 

Further extensions are required for the server to fulfill the request.

511

Network Authentication Required 

You need to authenticate to gain network access. Common on captive portals, like hotel Wi-Fi login pages.

How HTTP Status Codes Work

Status codes are part of the HTTP response sent by a server after it receives and processes a request. The server issues them to tell the client what happened to the request. Every HTTP response starts with a status line that looks like HTTP/1.1 200 OK, followed by the protocol version, the status code, and a brief reason phrase.

The codes are grouped into five classes by their first digit. This first digit is the most important: it tells you the response’s category at a glance. The remaining two digits define the specific response within that category. This is why, even if you encounter an unfamiliar code like 452, you immediately know it’s a client error.

It’s worth noting that status codes are defined by standards (primarily RFC 9110, which superseded RFC 7231), but servers can and do define custom codes within the existing class ranges. The key rule is: always respond with the most semantically accurate code available, and use 200 plus an error object in the body only as a last resort, a pattern sometimes called “false 200” that makes debugging a nightmare.

The HTTP Status Codes You’ll See Most Often

In everyday browsing and development, a small handful of codes account for the vast majority of responses. 200 OK is by far the most common. It means everything worked. 301 and 302 redirects appear frequently on websites. 404 errors appear when a page can’t be found. 401 and 403 are common on protected resources. And 500 is every developer’s least favorite, signaling something unexpected went wrong on the backend.

Understanding these codes transforms cryptic browser error pages into clear diagnostics. When your application breaks or a website throws an error, the status code is almost always your first and most important clue about what went wrong and where to look.