HTTP Status Codes Reference

The server has received the request headers and the client should proceed to send the request body. Useful for large POST requests - client sends "Expect: 100-continue" first.

The server is switching to the protocol specified in the Upgrade header. Most commonly used to upgrade an HTTP/1.1 connection to a WebSocket.

The server has received the request and is processing it, but no response is available yet. Prevents the client from timing out assuming the request was lost. (WebDAV)

Used with the Link header to let the browser start preloading resources while the server is still preparing the full response. Improves page speed.

Standard response for successful HTTP requests. The actual response depends on the method: GET returns the resource, POST returns the result of the action.

The request has been fulfilled and a new resource has been created. The URI of the new resource is returned in the Location header. Typically used after POST or PUT.

The request has been accepted for processing, but the processing has not been completed. The request might or might not be eventually acted upon (asynchronous processing).

The server is a transforming proxy that received a 200 OK from its origin but is returning a modified version of the response.

The server successfully processed the request and is not returning any content. Commonly used for DELETE requests or editor save operations.

The server successfully processed the request and asks that the requester reset its document view. Useful after form submissions.

The server is delivering only part of the resource due to a Range header sent by the client. Used for resumable downloads and video streaming.

The message body is an XML document containing a number of separate response codes for multiple sub-requests. (WebDAV)

Members of a DAV binding have already been enumerated in a preceding part of the multi-status response and are not included again. (WebDAV)

The server has fulfilled a GET request and the response is a representation of one or more instance-manipulations applied to the current instance.

Indicates multiple options for the resource from which the client may choose - for example, a list of different language versions of a page.

The requested resource has been permanently moved to a new URL. Future requests should use the new URL. Search engines update their links.

The requested resource is temporarily at a different URI. The client should continue using the original URI for future requests.

The response to the request can be found under another URL using GET. Used to redirect after a POST/PUT/DELETE to prevent duplicate form submissions.

Resource has not been modified since the version specified in the request headers (If-Modified-Since or If-None-Match). Client should use its cached version.

Previously defined to indicate that a request must be accessed via a proxy. Deprecated due to security concerns around in-band proxy configuration.

The request should be repeated with another URI, but the HTTP method must not change. Unlike 302, the method is guaranteed to be preserved in the redirect.

The request and all future requests should be repeated using another URI. Like 301, but the HTTP method must not change.

The server cannot or will not process the request due to an apparent client error - malformed syntax, invalid framing, or deceptive request routing.

Authentication is required and has failed or has not been provided. The response includes a WWW-Authenticate header.

Reserved for future use. Some services use it for quota enforcement or when payment is required to access a resource.

The client's identity is known but it does not have access rights to the content. Unlike 401, re-authentication will not help.

The server cannot find the requested resource. Could mean the URL is wrong, the resource was deleted, or it is temporarily unavailable.

The request method is known by the server but is not supported by the target resource (e.g., sending DELETE to a read-only endpoint).

The server cannot produce a response matching the Accept headers in the request and is unwilling to supply a default representation.

The client must first authenticate with the proxy server before the request can be served.

The server timed out waiting for the request. The client did not produce a request within the time the server was prepared to wait.

The request could not be completed due to a conflict with the current state of the target resource.

The resource was previously available but has been deliberately and permanently removed with no forwarding address.

The server refuses to accept the request without a defined Content-Length header.

The server does not meet one of the conditional preconditions in the request headers (e.g., If-Match, If-Unmodified-Since).

The request entity is larger than the server is willing to process. The server may close the connection or return a Retry-After header.

The URI provided by the client was longer than the server is willing to interpret.

The server does not support the media format of the requested data (e.g., client uploads SVG but server requires GIF).

The Range header in the request cannot be satisfied - the range extends beyond the end of the resource.

The server cannot meet the requirements of the Expect request-header field. Typically happens when the server cannot comply with "100-continue".

Any attempt to brew coffee with a teapot should result in the error code 418. Defined as an April Fools' joke in RFC 2324. Not expected to be implemented by actual HTTP servers.

Request directed at a server not able to produce a response - e.g., connection reuse with a wrong host or TLS SNI mismatch.

The request was well-formed but could not be followed due to semantic errors - such as validation errors in a JSON or XML payload.

The resource being accessed is locked. (WebDAV)

The request failed because it depended on another request and that request failed. (WebDAV)

The server is unwilling to risk processing a request that might be replayed. Used to reject TLS early data (0-RTT) that could be a replay attack.

The server refuses to perform the request using the current protocol but will do so after the client upgrades, indicated in the Upgrade header.

The origin server requires the request to be conditional. Intended to prevent the "lost update" problem.

The user has sent too many requests in a given amount of time - rate limiting. Server may include a Retry-After header.

The server is unwilling to process the request because its header fields are too large.

Nginx-specific - the server closed the connection without sending a response. Often used to silently reject malicious or invalid requests.

The server operator received a legal demand to deny access - e.g., government censorship, DMCA request, or a court order. Named as a reference to Fahrenheit 451.

Nginx-specific - the client disconnected before the server finished responding. Logged when clients abort long-running requests.

A generic error given when an unexpected condition was encountered and no more specific message is suitable. The most common server-side error.

The server either does not recognise the request method or lacks the ability to fulfil the request. Unlike 405, this implies future availability.

The server was acting as a gateway or proxy and received an invalid response from the upstream server.

The server cannot handle the request because it is overloaded or down for maintenance. Generally a temporary state.

The server was acting as a gateway or proxy and did not receive a timely response from an upstream server.

The server does not support the HTTP version used in the request.

Transparent content negotiation for the request results in a circular reference - an internal server configuration error.

The server is unable to store the representation needed to complete the request. (WebDAV)

The server detected an infinite loop while processing a request. (WebDAV)

Further extensions to the request are required for the server to fulfil it. The server sends back a list of required extensions.

The client needs to authenticate to gain network access. Intended for captive portals like hotel or café Wi-Fi login pages.

Informal code used by some proxies to signal a network connection timeout when trying to reach the origin server.