HTTP Status Codes — 40+ Codes Reference with Descriptions
40+ common HTTP status codes (100-511) with detailed descriptions, 1xx-5xx category coloring, real-time search by code/name/description. For API debugging, Postman/curl response analysis.
1xx — Informational (4)
100ContinueServer received headers, client may continue with the body.
101Switching ProtocolsServer agrees to switch protocol per Upgrade header (e.g. WebSocket).
102ProcessingWebDAV — request received, processing ongoing.
103Early HintsServer hints preload links before the final response.
2xx — Success (5)
200OKRequest succeeded. GET returns body; POST/PUT may include body.
201CreatedResource created (POST/PUT). Location header points to new resource.
202AcceptedRequest accepted, processing async — not yet complete.
204No ContentSuccess, no body. Typical for DELETE / idempotent PUT.
206Partial ContentRange request — partial resource (video streaming, resume download).
3xx — Redirection (6)
301Moved PermanentlyPermanent URL change. Browsers + Google update bookmarks/index.
302FoundTemporary redirect. SEO juice not transferred.
303See OtherAfter POST/PUT, redirect GET to a different URL (POST-Redirect-GET).
304Not ModifiedCache hit — resource unchanged since If-Modified-Since / ETag.
307Temporary RedirectLike 302 but preserves method (POST stays POST after redirect).
308Permanent RedirectLike 301 but preserves method. Preferred for modern API redirects.
4xx — Client Error (19)
400Bad RequestMalformed request — syntax error, invalid JSON, missing required field.
401UnauthorizedNot authenticated — missing/invalid token. Note: actually means 'Unauthenticated'.
402Payment RequiredPayment required (rare — Stripe uses it for quota).
403ForbiddenAuthenticated but not authorized. Unlike 401, don't retry with new token.
404Not FoundResource not found. Sometimes hides 403 for security reasons.
405Method Not AllowedURL exists but the HTTP method is not allowed.
406Not AcceptableServer cannot produce response matching client Accept header.
408Request TimeoutClient took too long to send — server closed connection.
409ConflictConflict with current state (e.g. duplicate username, version mismatch).
410GoneResource permanently gone. Unlike 404 — won't come back.
413Payload Too LargeRequest body too large (upload exceeds limit).
415Unsupported Media TypeUnsupported Content-Type (e.g. POSTed JSON when XML expected).
418I'm a TeapotRFC 2324 April Fools — server refuses to brew coffee. Used as easter egg.
422Unprocessable EntitySyntax OK but semantically invalid (validation failed). Common in Rails, Laravel.
425Too EarlyTLS 0-RTT replay risk — server refused early data.
426Upgrade RequiredClient must upgrade protocol (e.g. HTTPS instead of HTTP).
428Precondition RequiredServer requires If-Match / If-None-Match to avoid lost updates.
429Too Many RequestsRate limited. Check Retry-After header.
451Unavailable For Legal ReasonsLegal block (GDPR, censorship). Reference to Fahrenheit 451.
5xx — Server Error (9)
500Internal Server ErrorGeneric server error. Check logs to debug.
501Not ImplementedServer doesn't support this method (e.g. PATCH not implemented).
502Bad GatewayReverse proxy got bad response from upstream. Backend down or timed out.
503Service UnavailableServer overloaded / maintenance. Check Retry-After header.
504Gateway TimeoutProxy timed out waiting upstream. Backend slower than timeout.
505HTTP Version Not SupportedServer doesn't support requested HTTP version.
507Insufficient StorageWebDAV — server out of storage.
508Loop DetectedWebDAV — infinite loop detected processing request.
511Network Authentication RequiredCaptive portal — must authenticate to network first.
Why use this tool
Beyond machine translation — each code has a dev-context explanation. e.g. 401 vs 403, 301 vs 302 vs 307, when 422 applies.
1xx info (blue), 2xx success (emerald), 3xx redirect (amber), 4xx client error (orange), 5xx server error (rose). Quick to skim.
Type '40' → 400-451. Type 'redirect' → 301-308. Type 'rate' → 429.
How to use
- 1Type a status code, name, or keyword into the search box.
- 2Or pick a category filter (1xx-5xx).
- 3Read the description as reference when designing APIs.
HTTP Status — Pick the right code
Choosing the right status code is core REST API design. Clients dispatch logic on code: 2xx = parse body, 4xx = show user error, 5xx = retry with backoff. Wrong codes (e.g. returning 200 with { error: '...' }) make client logic awkward and monitoring hard.
This set covers the 40+ codes you'll actually use (the full RFC 9110 list has ~70). Each comes with context — 401 typically means 'not authenticated' (re-login), not 'add role'. 422 is the Rails/Laravel favorite for validation errors. 400 is generic syntax errors. 5xx should include Retry-After or be retried client-side with exponential backoff.
- ✓40+ status codes (RFC 9110)
- ✓VI + EN descriptions
- ✓Realtime search
- ✓Filter 1xx/2xx/3xx/4xx/5xx
- ✓Color-coded categories
- ✓100% client-side
FAQ
Is returning 200 with { success: false } OK?
Not recommended. Codes are for client routing: 200 = success, 4xx = client error. Returning 200 on failure breaks REST principles.
When do I pick 401 vs 403?
401 = unauthenticated (missing/invalid token) → client redirects to login. 403 = authenticated but lacks permission → show 'No access'.
301 vs 308?
Both are permanent redirects. 301 allows browsers to convert POST → GET (RFC ambiguous). 308 REQUIRES the method to be preserved. Modern APIs prefer 308 for strict redirects.