Each code provides specific feedback about the request’s status, helping developers and clients understand whether the request succeeded, failed, or requires additional action.
HTTP status codes are three-digit numbers returned by servers to indicate the outcome of a client’s request. They are grouped into five classes, each starting with a different digit (1xx to 5xx).
Most Common Http Status Codes
Below is a detailed overview of the most common HTTP status codes, organized by class, with explanations and typical use cases.
1xx – Informational
These codes indicate that the request has been received and the server is continuing to process it.
- 100 Continue: The server has received the request headers, and the client should proceed to send the request body.
- Use case: Large file uploads where the client confirms server readiness.
- 101 Switching Protocols: The server agrees to switch protocols as requested by the client (e.g., upgrading to WebSocket).
- Use case: Establishing a WebSocket connection.
- 102 Processing: The server is processing the request but has not completed it yet (WebDAV).
- Use case: Long-running operations in WebDAV-enabled servers.
2xx – Success
These codes indicate that the request was successfully received, understood, and accepted.
- 200 OK: The request was successful, and the server returned the requested resource.
- Use case: Retrieving a webpage or API data.
- 201 Created: The request resulted in the creation of a new resource.
- Use case: Successfully creating a new user account or database entry.
- 202 Accepted: The request has been accepted for processing, but processing is not complete.
- Use case: Asynchronous task queuing, like sending an email.
- 204 No Content: The request was successful, but there is no content to return.
- Use case: Updating a resource without needing to return data.
- 206 Partial Content: The server is delivering only part of the resource due to a range header sent by the client.
- Use case: Resuming a large file download.
3xx – Redirection
These codes indicate that further action is needed to complete the request, often involving redirection.
- 301 Moved Permanently: The resource has been permanently moved to a new URL.
- Use case: Redirecting from an old webpage URL to a new one for SEO.
- 302 Found: The resource is temporarily located at a different URL.
- Use case: Temporary redirects for maintenance or A/B testing.
- 303 See Other: The response to the request can be found at a different URL using a GET request.
- Use case: Redirecting after a POST request to prevent form resubmission.
- 304 Not Modified: The resource has not been modified since the last request (based on cache headers).
- Use case: Browser caching to reduce server load.
- 307 Temporary Redirect: Similar to 302, but the client must use the same method for the redirected request.
- Use case: Temporary redirection while preserving the HTTP method.
- 308 Permanent Redirect: Similar to 301, but the client must use the same method for the redirected request.
- Use case: Permanent redirection with method preservation.
4xx – Client Errors
These codes indicate that there was an error with the client’s request.
- 400 Bad Request: The server cannot process the request due to malformed syntax or invalid parameters.
- Use case: Invalid JSON in an API request.
- 401 Unauthorized: The request requires authentication, and the client has not provided valid credentials.
- Use case: Accessing a protected resource without logging in.
- 403 Forbidden: The client is authenticated but lacks permission to access the resource.
- Use case: A user trying to access admin-only content.
- 404 Not Found: The requested resource could not be found on the server.
- Use case: Accessing a deleted or non-existent webpage.
- 405 Method Not Allowed: The HTTP method used is not supported for the requested resource.
- Use case: Sending a POST request to a resource that only accepts GET.
- 408 Request Timeout: The server timed out waiting for the client’s request.
- Use case: Slow or dropped client connections.
- 429 Too Many Requests: The client has sent too many requests in a given time frame (rate limiting).
- Use case: API rate limiting to prevent abuse.
5xx – Server Errors
These codes indicate that the server failed to fulfill a valid request due to an internal error.
- 500 Internal Server Error: A generic error indicating an unexpected server issue.
- Use case: Unhandled exceptions in server-side code.
- 501 Not Implemented: The server does not support the functionality required to fulfill the request.
- Use case: Requesting an unsupported HTTP method.
- 502 Bad Gateway: The server, acting as a gateway or proxy, received an invalid response from an upstream server.
- Use case: A reverse proxy failing to connect to a backend server.
- 503 Service Unavailable: The server is temporarily unavailable, often due to maintenance or overloading.
- Use case: Server downtime for scheduled maintenance.
- 504 Gateway Timeout: The server, acting as a gateway or proxy, did not receive a timely response from an upstream server.
- Use case: Slow or unresponsive backend services.
HTTP Status Codes Cheat Sheet:
Below is a concise cheat sheet summarizing the most common HTTP status codes, their meanings, and typical use cases. This serves as a quick reference for developers, IT professionals, and anyone working with web technologies.
| Code | Name | Class | Description | Common Use Case |
| 100 | Continue | Informational | Server received headers; client should send request body. | Confirming large data uploads. |
| 101 | Switching Protocols | Informational | Server agrees to switch protocols (e.g., to WebSocket). | Establishing WebSocket connections. |
| 200 | OK | Success | Request successful; resource returned. | Retrieving webpages or API data. |
| 201 | Created | Success | New resource created successfully. | Creating a new user or resource. |
| 204 | No Content | Success | Request successful; no response body. | Updating or deleting resources. |
| 301 | Moved Permanently | Redirection | Resource permanently moved to a new URL. | Domain changes or HTTPS redirects. |
| 302 | Found | Redirection | Resource temporarily at a different URL. | Temporary redirects for maintenance. |
| 304 | Not Modified | Redirection | Resource unchanged; use cached version. | Optimizing performance with caching. |
| 400 | Bad Request | Client Error | Invalid request due to bad syntax or data. | Form submission with invalid data. |
| 401 | Unauthorized | Client Error | Authentication required or invalid credentials. | Accessing protected resources without login. |
| 403 | Forbidden | Client Error | Client authenticated but lacks permission. | Non-admin accessing restricted resources. |
| 404 | Not Found | Client Error | Requested resource not found. | Broken links or nonexistent pages. |
| 429 | Too Many Requests | Client Error | Client exceeded rate limits. | API rate limiting to prevent abuse. |
| 500 | Internal Server Error | Server Error | Generic server error; unexpected condition. | Server bugs or database failures. |
| 502 | Bad Gateway | Server Error | Invalid response from upstream server (gateway/proxy). | Issues with load balancers or backends. |
| 503 | Service Unavailable | Server Error | Server temporarily down due to maintenance or overload. | Scheduled maintenance or traffic spikes. |
| 504 | Gateway Timeout | Server Error | Gateway/proxy didn’t receive timely response from upstream. | Slow or unresponsive backend services. |
Quick Tips:
- 2xx: Success—everything worked as expected.
- 3xx: Redirection—client needs to take further action.
- 4xx: Client errors—issue with the request (e.g., bad data or permissions).
- 5xx: Server errors—something went wrong on the server’s end.
- Use 301 for SEO-friendly permanent redirects; 302 for temporary ones.
- Handle 429 gracefully in APIs to respect rate limits.
Notes
- Caching: Codes like 304 Not Modified are critical for optimizing web performance by leveraging browser caching.
- SEO Impact: Redirection codes (301, 302) significantly affect search engine optimization, with 301 passing link equity and 302 not.
- Rate Limiting: 429 Too Many Requests is increasingly common in APIs to enforce fair usage and prevent abuse.
- Error Handling: Client-side applications should gracefully handle 4xx and 5xx errors to improve user experience.
Practical Applications
HTTP status codes are used in various contexts:
- Web Development: Developers use 2xx codes to confirm successful page loads, 3xx for redirects, and 4xx/5xx to handle errors gracefully in user interfaces.
- API Design: RESTful APIs rely heavily on status codes to communicate outcomes. For example, a POST request to create a resource might return 201 Created, while an invalid request returns 400 Bad Request with a detailed error message in the response body.
- Debugging: Status codes help pinpoint issues in client-server communication, such as misconfigured servers (5xx) or incorrect client requests (4xx).
- Performance Optimization: Codes like 304 Not Modified and 206 Partial Content reduce bandwidth usage through caching and partial downloads.
- Security: Codes like 401, 403, and 429 enforce authentication, authorization, and rate-limiting policies.
Common Pitfalls and Best Practices
- Ambiguity in 4xx Codes: Use specific codes like 422 Unprocessable Entity (for semantic errors in valid syntax) instead of a generic 400 Bad Request to provide clearer feedback in APIs.
- SEO for Redirects: Always use 301 or 308 for permanent redirects to preserve search engine rankings, and avoid chains of multiple redirects.
- Handling 5xx Errors: Log 500 errors for debugging and consider fallback mechanisms (e.g., retry logic) for 503 or 504 errors in distributed systems.
- Rate Limiting: Implement 429 with a Retry-After header to guide clients on when to retry, improving user experience.
Extending the Cheat Sheet
The already covers the most common codes, but additional codes exist for niche use cases:
- 103 Early Hints: Allows servers to send preliminary headers (e.g., preload links) before the full response, improving page load times.
- 451 Unavailable For Legal Reasons: Indicates content is blocked due to legal restrictions, such as copyright or government mandates.
