HTTP Status Codes

Reference guide for all HTTP status codes.

100

Continue

Server received request headers, client should proceed to send the body.

101

Switching Protocols

Server agrees to switch protocols per the client's Upgrade header.

200

OK

Request succeeded. The response body contains the result.

201

Created

Request succeeded and a new resource was created.

204

No Content

Request succeeded but no response body.

206

Partial Content

Partial resource returned (range requests).

301

Moved Permanently

Resource permanently moved to a new URL.

302

Found

Resource temporarily at a different URL.

304

Not Modified

Cached resource is still valid. Client should use cache.

307

Temporary Redirect

Redirect with same HTTP method.

308

Permanent Redirect

Permanent redirect preserving the HTTP method.

400

Bad Request

Server cannot process the request due to client error.

401

Unauthorized

Authentication required. Client must authenticate first.

403

Forbidden

Server understood request but refuses to authorize it.

404

Not Found

Resource not found at the given URL.

405

Method Not Allowed

HTTP method is not allowed for this resource.

408

Request Timeout

Server timed out waiting for request from client.

409

Conflict

Request conflicts with current state of the resource.

410

Gone

Resource permanently deleted and will not be available again.

413

Payload Too Large

Request body exceeds server's size limits.

414

URI Too Long

Request URI is too long for the server to process.

415

Unsupported Media Type

Request media type is not supported by the server.

422

Unprocessable Entity

Request is well-formed but contains semantic errors.

429

Too Many Requests

Client has sent too many requests (rate limiting).

500

Internal Server Error

Server encountered an unexpected condition.

501

Not Implemented

Server does not support the requested functionality.

502

Bad Gateway

Upstream server returned an invalid response.

503

Service Unavailable

Server temporarily unavailable (overloaded or down).

504

Gateway Timeout

Upstream server failed to respond in time.

How to use HTTP Status Codes

1

Enter or search a status code

Click the search bar at the top of the tool and type the HTTP status code number (e.g., 404, 500, 200). Alternatively, scroll through the categorized list organized by code ranges in the left sidebar.

2

Review the detailed status information

View the status code, official name, HTTP category, and plain-English meaning in the main results panel. Each entry displays the official RFC definition and common use cases.

3

Check related codes and solutions

Expand the 'Related Codes' section below to see similar status codes. Read the 'What It Means' and 'Common Causes' tabs to understand why this status code appears.

4

Copy or bookmark results

Click the 'Copy' button next to any code definition to copy to clipboard. Use the bookmark icon in the top-right corner to save frequently referenced codes to your browser.

Related Tools

HTTP status codes: complete reference for developers

HTTP status codes: complete reference for developers

Looking up an HTTP status code? ToolHQ's HTTP Status Codes Reference gives you a searchable, grouped reference for all HTTP status codes with plain-English descriptions, common causes, and when to use each. No account needed.

ToolHQ's HTTP Status Codes Reference is a free, searchable developer reference that covers all HTTP status codes from 1xx to 5xx, grouped by class, with descriptions, common causes, and practical guidance on when each code is appropriate.

HTTP status codes are the language servers use to communicate with clients about what happened to a request. Every developer encounters them daily. But remembering the difference between a 401 and a 403, or knowing exactly when to return a 422 vs. a 400, requires the kind of reference you want fast and in one place.

Key Takeaways

  • Covers all HTTP status codes: 1xx, 2xx, 3xx, 4xx, and 5xx classes
  • Searchable by code number or keyword
  • Grouped by class with explanations of what each class means
  • Each code includes a description, common causes, and correct usage guidance
  • Static reference tool, no data processing, no account needed

How HTTP status codes work

HTTP status codes are three-digit numbers included in every HTTP response from a server. They tell the client (a browser, API consumer, or service) whether the request succeeded, failed, or requires further action.

According to RFC 9110, the current HTTP Semantics specification, status codes are grouped into five classes based on their first digit:

1xx (Informational): The request was received and the server is continuing to process it. These are rare in everyday web traffic but used in specific protocols.

2xx (Successful): The request was successfully received, understood, and accepted. The most common codes in this class are 200 (OK), 201 (Created), 204 (No Content), and 206 (Partial Content).

3xx (Redirection): The client must take additional action to complete the request, typically by following a redirect to a different URL. The most important are 301 (Moved Permanently), 302 (Found/Temporary Redirect), 304 (Not Modified), and 307/308 (Temporary/Permanent Redirect with method preservation).

4xx (Client Error): The request contains an error or cannot be fulfilled because of something the client did. The server is saying the client needs to fix something. Common codes include 400 (Bad Request), 401 (Unauthorized), 403 (Forbidden), 404 (Not Found), 429 (Too Many Requests).

5xx (Server Error): The server failed to fulfill a valid request due to a problem on the server's side. Common codes include 500 (Internal Server Error), 502 (Bad Gateway), 503 (Service Unavailable), 504 (Gateway Timeout).

MDN's HTTP status code documentation provides the most detailed browser-developer-friendly reference for each code.


Most commonly used HTTP status codes

Most real-world API and web development involves 15-20 codes regularly. Here is a reference for the ones you'll encounter most often.

2xx, Success

Code Name Meaning
200 OK Standard success. Request completed.
201 Created Resource was created. Return the new resource in the body.
204 No Content Success but no response body (e.g., DELETE).
206 Partial Content Server returning part of a resource (range requests).

3xx, Redirection

Code Name Meaning
301 Moved Permanently Resource has permanently moved to a new URL.
302 Found Temporary redirect (may change method to GET).
304 Not Modified Resource hasn't changed since last request; use cache.
307 Temporary Redirect Temporary redirect, method must not change.
308 Permanent Redirect Permanent redirect, method must not change.

4xx, Client Error

Code Name Meaning
400 Bad Request Malformed request syntax or invalid parameters.
401 Unauthorized Authentication required but not provided or failed.
403 Forbidden Authenticated but not authorized for this resource.
404 Not Found Resource does not exist at this URL.
405 Method Not Allowed HTTP method not supported for this endpoint.
409 Conflict Request conflicts with current resource state.
422 Unprocessable Entity Request is syntactically correct but semantically invalid.
429 Too Many Requests Rate limit exceeded.

5xx, Server Error

Code Name Meaning
500 Internal Server Error Unexpected server-side failure.
502 Bad Gateway Upstream server returned invalid response.
503 Service Unavailable Server temporarily unavailable (overload or maintenance).
504 Gateway Timeout Upstream server didn't respond in time.

Common misconceptions and the codes developers confuse

401 vs. 403: A 401 means authentication is required and was not provided (or failed). A 403 means the server knows who you are but you're not allowed to access this resource. Use 401 for "please log in," 403 for "you're logged in but can't do this."

301 vs. 308: Both are permanent redirects. 301 allows the client to change the HTTP method to GET after redirecting (browsers typically do this). 308 requires the client to maintain the same method. Use 308 for non-GET permanent redirects in APIs.

400 vs. 422: A 400 indicates the request is malformed (bad syntax, missing required headers). A 422 indicates the request is syntactically valid but semantically invalid (correct JSON format but field value fails validation). Many APIs use 400 for both; using 422 more precisely is considered better practice.

502 vs. 503: A 502 is a bad response from an upstream service. A 503 means the server itself is currently unavailable. Both cause retries at the client but have different root causes.

Mini-story: In August 2025, Sophie, a junior developer in Paris, spent two hours debugging an API integration that kept returning 403 errors. She assumed it was an authentication issue and kept tweaking the Authorization header. A senior colleague pointed her to ToolHQ's HTTP Status Codes Reference, where she read that 403 specifically means the server knows your identity but has denied access, as distinct from 401 which means authentication is missing or wrong. Her credentials were fine; the issue was that her user account didn't have the right permissions in the API console. She fixed the permissions in two minutes once she understood what the code actually meant.

Look up any HTTP status code in ToolHQ's reference now


When to use each status code in your own API

Choosing the right response code in your own API is as important as understanding what codes mean when you receive them. A well-designed API returns codes that are specific enough for clients to handle programmatically without reading documentation for every response.

Design principles:

  • Return 2xx only when the request actually succeeded.
  • Distinguish between 400-series errors by cause: 400 for bad syntax, 401 for auth required, 403 for insufficient permissions, 404 for missing resources, 409 for state conflicts, 422 for validation failures.
  • Include a Retry-After header with 429 and 503 responses to tell clients when to retry.
  • Return 201 with a Location header pointing to the new resource when creating one.

Mini-story: Marcus, a backend API developer in Nairobi, was building a REST API for a logistics platform in January 2026. During code review, a teammate pointed out that every error was returning 400, regardless of cause. Marcus used ToolHQ's HTTP Status Codes Reference to audit the correct code for each scenario: authentication errors became 401, permission denials became 403, missing resources became 404, and validation failures became 422. The API's error responses became meaningful enough that the frontend team could handle different errors differently without asking the backend team every time.

For related developer tools, use the URL Encoder/Decoder when troubleshooting URL-related issues, and the DNS Lookup for network-layer debugging. All developer tools are in ToolHQ's developer category.


Frequently asked questions

What is the most common HTTP status code?

200 (OK) is the most common by volume. 404 (Not Found) is the most recognized by general users. 500 (Internal Server Error) is the most feared by developers.

What does 418 mean?

HTTP 418 "I'm a teapot" is a joke status code from RFC 2324, the "Hyper Text Coffee Pot Control Protocol," published as an April Fools' RFC. It was never intended for real use but some servers return it humorously.

Should I return 403 or 404 for a private resource?

Many APIs return 404 for private resources even when they exist, to avoid leaking information about what resources are accessible to the requester. This is a security choice, not a technical requirement.

What status code should a DELETE request return?

204 (No Content) is the most common choice when the deletion succeeds and there's nothing to return. 200 with a response body is acceptable if you want to return information about the deleted resource.

What is a "soft 404"?

A soft 404 is when a page returns a 200 status code but displays a "not found" message to the user. Search engines treat these as ranking problems. Always return a real 404 status code for missing content.

What is HTTP 451 and when should I use it?

HTTP 451 "Unavailable For Legal Reasons" indicates that access to the resource is being denied for legal reasons: a DMCA takedown, court order, government-mandated content removal, or geographic restrictions required by law. The name is a reference to Ray Bradbury's novel Fahrenheit 451. Use 451 instead of 403 when legal reasons are the specific cause of denial, as it gives clients and search engines more accurate information about why content is unavailable. Some implementations include a Link header pointing to the legal authority behind the restriction. SEO tools and search engines recognize 451 as a signal that the content was removed due to legal obligation rather than technical error or permission configuration.


Conclusion: the short version

HTTP status codes are a fundamental part of web communication and API design. ToolHQ's HTTP Status Codes Reference puts all of them in one searchable place: grouped by class, with plain-English descriptions, common causes, and guidance on correct usage. It's a static reference tool, no data processing involved, free, no account required.

Bookmark it. You'll use it more often than you expect.

Look up HTTP status codes now, free, searchable, no account needed

For related developer tools, use the URL Encoder/Decoder and the DNS Lookup for network debugging. Browse all developer resources in ToolHQ's developer section.