正在加载,请稍候…

HTTP Status Codes: The Complete Developer Reference

A comprehensive guide to all HTTP status codes: 1xx informational, 2xx success, 3xx redirection, 4xx client errors, 5xx server errors — with real-world examples.

What Are HTTP Status Codes?

HTTP status codes are 3-digit numeric responses that a server returns to indicate the result of a client's request. When your browser loads a page, the server replies with a status code before sending any content. Understanding these codes is essential for web developers, API designers, and anyone debugging network issues.

Status codes are grouped into five classes based on their first digit:

Class Range Meaning
1xx 100-199 Informational - request received, continuing process
2xx 200-299 Success - request was received, understood, and accepted
3xx 300-399 Redirection - further action needed to complete request
4xx 400-499 Client Error - request contains bad syntax or cannot be fulfilled
5xx 500-599 Server Error - server failed to fulfill a valid request

The Most Important Status Codes

200 OK

The most common success response. The request succeeded and the response body contains the requested resource. A GET request for a webpage returns 200 with the HTML content.

201 Created

The request succeeded and a new resource was created. Returned after a successful POST that creates a database record. The response should include a Location header pointing to the new resource.

204 No Content

The request succeeded but there is no content to return. Common for DELETE operations or PUT updates where no response body is needed.

301 Moved Permanently

The resource has permanently moved to a new URL. Browsers and search engines update their cached URL. Used for domain migrations and URL restructuring.

302 Found (Temporary Redirect)

The resource temporarily lives at a different URL. The browser follows the redirect but remembers the original URL for future requests. Browsers typically change POST to GET after following a 302.

304 Not Modified

The client's cached version is still valid. Used with conditional requests (If-Modified-Since, If-None-Match). The server confirms the resource hasn't changed, saving bandwidth.

400 Bad Request

The server cannot process the request due to client error. The request contains malformed syntax, invalid parameters, or missing required fields.

401 Unauthorized

Authentication is required but was not provided or failed. The response includes a WWW-Authenticate header indicating the authentication scheme. Despite the name, it means "unauthenticated."

403 Forbidden

The server understood the request but refuses to authorize it. The client is authenticated but lacks permission. Unlike 401, re-authenticating won't help.

404 Not Found

The server cannot find the requested resource. The URL may be wrong, the resource may have been deleted, or access may be restricted to prevent information disclosure.

405 Method Not Allowed

The HTTP method (GET, POST, PUT, etc.) is not supported for this endpoint. The response includes an Allow header listing the supported methods.

408 Request Timeout

The server timed out waiting for the request. The client can repeat the request.

409 Conflict

The request conflicts with the current state of the server. Common when trying to create a duplicate resource or update a resource that has been modified concurrently.

410 Gone

The resource is permanently gone and no forwarding address is available. Unlike 404, the server explicitly indicates the resource existed but has been removed.

422 Unprocessable Entity

The request was well-formed but contained semantic errors. Common in REST APIs when JSON is valid but fails business rule validation.

429 Too Many Requests

Rate limiting is in effect. The response typically includes a Retry-After header. Used to prevent API abuse and DDoS attacks.

500 Internal Server Error

A generic error indicating the server encountered an unexpected condition. The catchall for unhandled server exceptions.

502 Bad Gateway

The server was acting as a gateway and received an invalid response from an upstream server. Common when a load balancer cannot reach the application server.

503 Service Unavailable

The server is temporarily unable to handle the request due to overload or maintenance. The response may include a Retry-After header.

504 Gateway Timeout

The server was acting as a gateway and did not receive a timely response from an upstream server.

Status Codes in REST API Design

Well-designed REST APIs use status codes meaningfully:

GET /users/123     -> 200 (found) or 404 (not found)
POST /users        -> 201 (created) or 400 (invalid input) or 409 (duplicate)
PUT /users/123     -> 200 (updated) or 404 (not found) or 422 (validation failed)
DELETE /users/123  -> 204 (deleted) or 404 (not found)
GET /protected     -> 401 (not authenticated) or 403 (not authorized)

Debugging Tips

When debugging HTTP issues, check:

  1. The status code class (4xx = your problem, 5xx = their problem)
  2. The response body for error details (APIs usually include error messages)
  3. Response headers (Location for redirects, WWW-Authenticate for auth, Retry-After for rate limits)
  4. Network timing (slow 200s may indicate performance issues)

-> Try the HTTP Status Codes Reference