Home / HTTP Status Codes

HTTP Status Codes Cheat Sheet

Complete reference of HTTP response status codes. Organized by category with descriptions and common use cases.

1xx — Informational

The server has received the request and is continuing the process.

CodeNameDescription
100ContinueServer received request headers; client should send body. Used with Expect: 100-continue.
101Switching ProtocolsServer is switching protocols as requested (e.g., upgrading to WebSocket).
102ProcessingServer is processing the request but no response yet (WebDAV).
103Early HintsServer sends preliminary headers to let browser preload resources.

2xx — Success

The request was successfully received, understood, and accepted.

CodeNameDescription
200OKStandard success response. Body contains the result.
GET request returns data; POST action completed.
201CreatedResource successfully created.
POST /users creates a new user; response includes Location header.
202AcceptedRequest accepted for processing but not completed yet.
Background job queued; async processing.
203Non-Authoritative InfoResponse from a transforming proxy, not the origin server.
204No ContentSuccess but no body in response.
DELETE request; PUT that doesn't return updated resource.
205Reset ContentSuccess; client should reset the document view (e.g., clear form).
206Partial ContentServer delivering part of the resource due to Range header.
Video streaming; file download resume.
207Multi-StatusMultiple status codes for multiple operations (WebDAV).

3xx — Redirection

Further action is needed to complete the request.

CodeNameDescription
300Multiple ChoicesMultiple options for the resource (rare).
301Moved PermanentlyResource permanently moved to new URL. Browsers cache this.
Domain migration; HTTP to HTTPS redirect.
302FoundResource temporarily at a different URL.
Temporary maintenance redirect.
303See OtherRedirect to another resource using GET.
After POST form submission, redirect to success page.
304Not ModifiedCached version is still valid; no body sent.
Browser cache validation with If-Modified-Since / ETag.
307Temporary RedirectLike 302 but method and body must not change.
API version redirect preserving POST method.
308Permanent RedirectLike 301 but method and body must not change.
Tip: Use 301 for permanent URL changes (SEO-friendly). Use 307/308 when you need to preserve the HTTP method (important for POST/PUT redirects).

4xx — Client Error

The request contains bad syntax or cannot be fulfilled.

CodeNameDescription
400Bad RequestServer cannot process due to malformed request.
Invalid JSON body; missing required fields.
401UnauthorizedAuthentication required or failed.
Missing or invalid JWT token; expired session.
402Payment RequiredReserved for future use. Some APIs use for quota limits.
403ForbiddenServer understood but refuses to authorize.
User authenticated but lacks permissions.
404Not FoundResource does not exist at this URL.
Wrong URL; deleted resource.
405Method Not AllowedHTTP method not supported for this endpoint.
POST to a read-only endpoint.
406Not AcceptableServer can't produce a response matching Accept headers.
407Proxy Auth RequiredMust authenticate with the proxy first.
408Request TimeoutServer timed out waiting for the request.
409ConflictRequest conflicts with current state of the resource.
Duplicate entry; edit conflict; version mismatch.
410GoneResource permanently deleted (no forwarding).
Intentionally removed API endpoint.
411Length RequiredMissing Content-Length header.
412Precondition FailedPrecondition in headers evaluated to false.
If-Match / If-Unmodified-Since conditions.
413Payload Too LargeRequest body exceeds server limits.
File upload too big.
414URI Too LongURL exceeds server limits.
415Unsupported Media TypeContent-Type not supported.
Sending XML to a JSON-only endpoint.
416Range Not SatisfiableRange header specifies range outside file size.
418I'm a TeapotApril Fools' joke (RFC 2324). Not expected in production.
422Unprocessable EntityRequest is well-formed but semantically invalid.
Validation errors (valid JSON but invalid data).
429Too Many RequestsRate limit exceeded.
API throttling; includes Retry-After header.
451Unavailable for LegalBlocked for legal reasons (censorship, court order).
401 vs 403: 401 means "who are you?" (not authenticated). 403 means "I know who you are, but you can't do this" (not authorized).

5xx — Server Error

The server failed to fulfill a valid request.

CodeNameDescription
500Internal Server ErrorGeneric server error. Something unexpected went wrong.
Unhandled exception; bug in server code.
501Not ImplementedServer doesn't support the request method.
502Bad GatewayServer acting as gateway got invalid response from upstream.
Reverse proxy (Nginx) can't reach the app server.
503Service UnavailableServer is temporarily unable to handle requests.
Server overloaded; maintenance mode.
504Gateway TimeoutGateway didn't get a response from upstream in time.
Upstream server too slow or down.
505HTTP Version Not SupportedServer doesn't support the HTTP version used.
507Insufficient StorageServer cannot store the representation (WebDAV).
508Loop DetectedServer detected infinite loop processing the request.
511Network Auth RequiredClient must authenticate to access the network (captive portal).

Quick Lookup — Most Used

CodeWhen to Use
200GET success, general success
201POST created a new resource
204DELETE success, no body needed
301Permanent URL change
304Resource not modified (use cache)
400Bad request (malformed input)
401Not authenticated
403Authenticated but not authorized
404Resource not found
409Conflict (duplicate, version mismatch)
422Validation error (valid format, invalid data)
429Rate limit exceeded
500Unexpected server error
502Bad gateway (upstream down)
503Service unavailable (maintenance/overload)

More Cheat Sheets

JavaScript

Core JS syntax, DOM manipulation, array methods, async/await, and ES6+ features.

Python

Python syntax, data types, functions, classes, and standard library essentials.

Git Commands

Essential Git commands for setup, branching, merging, stashing, and more.