← Back to home

HTTP Status Codes — 40+ Codes Reference with Descriptions

40+ common HTTP status codes (100-511) with detailed descriptions, 1xx-5xx category coloring, real-time search by code/name/description. For API debugging, Postman/curl response analysis.

40+ codesSearchCategoriesColor-coded

1xx — Informational (4)

100Continue

Server received headers, client may continue with the body.

101Switching Protocols

Server agrees to switch protocol per Upgrade header (e.g. WebSocket).

102Processing

WebDAV — request received, processing ongoing.

103Early Hints

Server hints preload links before the final response.

2xx — Success (5)

200OK

Request succeeded. GET returns body; POST/PUT may include body.

201Created

Resource created (POST/PUT). Location header points to new resource.

202Accepted

Request accepted, processing async — not yet complete.

204No Content

Success, no body. Typical for DELETE / idempotent PUT.

206Partial Content

Range request — partial resource (video streaming, resume download).

3xx — Redirection (6)

301Moved Permanently

Permanent URL change. Browsers + Google update bookmarks/index.

302Found

Temporary redirect. SEO juice not transferred.

303See Other

After POST/PUT, redirect GET to a different URL (POST-Redirect-GET).

304Not Modified

Cache hit — resource unchanged since If-Modified-Since / ETag.

307Temporary Redirect

Like 302 but preserves method (POST stays POST after redirect).

308Permanent Redirect

Like 301 but preserves method. Preferred for modern API redirects.

4xx — Client Error (19)

400Bad Request

Malformed request — syntax error, invalid JSON, missing required field.

401Unauthorized

Not authenticated — missing/invalid token. Note: actually means 'Unauthenticated'.

402Payment Required

Payment required (rare — Stripe uses it for quota).

403Forbidden

Authenticated but not authorized. Unlike 401, don't retry with new token.

404Not Found

Resource not found. Sometimes hides 403 for security reasons.

405Method Not Allowed

URL exists but the HTTP method is not allowed.

406Not Acceptable

Server cannot produce response matching client Accept header.

408Request Timeout

Client took too long to send — server closed connection.

409Conflict

Conflict with current state (e.g. duplicate username, version mismatch).

410Gone

Resource permanently gone. Unlike 404 — won't come back.

413Payload Too Large

Request body too large (upload exceeds limit).

415Unsupported Media Type

Unsupported Content-Type (e.g. POSTed JSON when XML expected).

418I'm a Teapot

RFC 2324 April Fools — server refuses to brew coffee. Used as easter egg.

422Unprocessable Entity

Syntax OK but semantically invalid (validation failed). Common in Rails, Laravel.

425Too Early

TLS 0-RTT replay risk — server refused early data.

426Upgrade Required

Client must upgrade protocol (e.g. HTTPS instead of HTTP).

428Precondition Required

Server requires If-Match / If-None-Match to avoid lost updates.

429Too Many Requests

Rate limited. Check Retry-After header.

451Unavailable For Legal Reasons

Legal block (GDPR, censorship). Reference to Fahrenheit 451.

5xx — Server Error (9)

500Internal Server Error

Generic server error. Check logs to debug.

501Not Implemented

Server doesn't support this method (e.g. PATCH not implemented).

502Bad Gateway

Reverse proxy got bad response from upstream. Backend down or timed out.

503Service Unavailable

Server overloaded / maintenance. Check Retry-After header.

504Gateway Timeout

Proxy timed out waiting upstream. Backend slower than timeout.

505HTTP Version Not Supported

Server doesn't support requested HTTP version.

507Insufficient Storage

WebDAV — server out of storage.

508Loop Detected

WebDAV — infinite loop detected processing request.

511Network Authentication Required

Captive portal — must authenticate to network first.

Why use this tool

📚
Context-aware descriptions

Beyond machine translation — each code has a dev-context explanation. e.g. 401 vs 403, 301 vs 302 vs 307, when 422 applies.

🎨
Color-coded categories

1xx info (blue), 2xx success (emerald), 3xx redirect (amber), 4xx client error (orange), 5xx server error (rose). Quick to skim.

🔍
Real-time search

Type '40' → 400-451. Type 'redirect' → 301-308. Type 'rate' → 429.

How to use

  1. 1Type a status code, name, or keyword into the search box.
  2. 2Or pick a category filter (1xx-5xx).
  3. 3Read the description as reference when designing APIs.

HTTP Status — Pick the right code

Choosing the right status code is core REST API design. Clients dispatch logic on code: 2xx = parse body, 4xx = show user error, 5xx = retry with backoff. Wrong codes (e.g. returning 200 with { error: '...' }) make client logic awkward and monitoring hard.

This set covers the 40+ codes you'll actually use (the full RFC 9110 list has ~70). Each comes with context — 401 typically means 'not authenticated' (re-login), not 'add role'. 422 is the Rails/Laravel favorite for validation errors. 400 is generic syntax errors. 5xx should include Retry-After or be retried client-side with exponential backoff.

  • 40+ status codes (RFC 9110)
  • VI + EN descriptions
  • Realtime search
  • Filter 1xx/2xx/3xx/4xx/5xx
  • Color-coded categories
  • 100% client-side

FAQ

Is returning 200 with { success: false } OK?

Not recommended. Codes are for client routing: 200 = success, 4xx = client error. Returning 200 on failure breaks REST principles.

When do I pick 401 vs 403?

401 = unauthenticated (missing/invalid token) → client redirects to login. 403 = authenticated but lacks permission → show 'No access'.

301 vs 308?

Both are permanent redirects. 301 allows browsers to convert POST → GET (RFC ambiguous). 308 REQUIRES the method to be preserved. Modern APIs prefer 308 for strict redirects.