HTTP Status Codes Reference
60+ HTTP status codes on a single page across **1xx Informational / 2xx Success / 3xx Redirection / 4xx Client Error / 5xx Server Error**. Filter by class, search by digit prefix or keyword, RFC refs + common-misuse notes (401 vs 403, 302 vs 307).
61 / 61 codes
ContinueRFC 9110 Β§15.2.1
Server received request headers; client should proceed with the body.
Switching ProtocolsRFC 9110 Β§15.2.2
Server is switching protocols as requested by Upgrade.
Processing (WebDAV)RFC 2518
Server has accepted and is processing β no response yet.
Early HintsRFC 8297
Lets the client start preloading resources before the final response.
OKRFC 9110 Β§15.3.1
Standard success. Body contains the requested representation.
CreatedRFC 9110 Β§15.3.2
Resource created; Location header should point to it.
AcceptedRFC 9110 Β§15.3.3
Request accepted for processing, not yet complete.
Non-Authoritative InformationRFC 9110 Β§15.3.4
Meta is from a transforming proxy, not origin.
No ContentRFC 9110 Β§15.3.5
Success with no body. Common for DELETE / PUT.
Reset ContentRFC 9110 Β§15.3.6
Success; client should reset its document view.
Partial ContentRFC 9110 Β§15.3.7
Range request succeeded β see Content-Range.
Multi-Status (WebDAV)RFC 4918
Body contains XML status per resource.
Already Reported (WebDAV)RFC 5842
Members previously enumerated; omitted here.
IM UsedRFC 3229
Delta encoding result.
Multiple ChoicesRFC 9110 Β§15.4.1
Multiple representations available; agent or user should pick.
Moved PermanentlyRFC 9110 Β§15.4.2
Permanent redirect; caches should update. Method may change to GET in practice.
FoundRFC 9110 Β§15.4.3
Temporary redirect. Browsers commonly change POST β GET β use 307 if you don't want that.
β For POST β GET preservation use 307.
See OtherRFC 9110 Β§15.4.4
After a POST, redirect to a GET that fetches the result.
Not ModifiedRFC 9110 Β§15.4.5
Conditional GET cache hit. No body.
Temporary RedirectRFC 9110 Β§15.4.8
Like 302 but **preserves the method** (POST stays POST).
Permanent RedirectRFC 9110 Β§15.4.9
Like 301 but **preserves the method**.
Bad RequestRFC 9110 Β§15.5.1
Malformed syntax or invalid request framing.
UnauthorizedRFC 9110 Β§15.5.2
Authentication required or invalid. Despite the name, this is about **authentication**, not authorization.
β Use 403 when the user is authenticated but not allowed.
Payment RequiredRFC 9110 Β§15.5.3
Reserved for future commercial use.
ForbiddenRFC 9110 Β§15.5.4
Authenticated but not authorized for this resource.
Not FoundRFC 9110 Β§15.5.5
Resource doesn't exist (or you want to hide its existence β see 401 / 403 nuance).
Method Not AllowedRFC 9110 Β§15.5.6
URL exists, but not for this HTTP method. Must include Allow header.
Not AcceptableRFC 9110 Β§15.5.7
Couldn't satisfy Accept-* negotiation.
Proxy Authentication RequiredRFC 9110 Β§15.5.8
Authenticate with proxy first.
Request TimeoutRFC 9110 Β§15.5.9
Client took too long to send the request.
ConflictRFC 9110 Β§15.5.10
Conflict with current state (e.g. duplicate primary key).
GoneRFC 9110 Β§15.5.11
Removed deliberately; tell crawlers to drop the URL.
Length RequiredRFC 9110 Β§15.5.12
Missing Content-Length.
Precondition FailedRFC 9110 Β§15.5.13
If-Match / If-Unmodified-Since failed β optimistic locking miss.
Content Too LargeRFC 9110 Β§15.5.14
Body exceeds server limit (renamed from 'Payload Too Large').
URI Too LongRFC 9110 Β§15.5.15
URL longer than server can process.
Unsupported Media TypeRFC 9110 Β§15.5.16
Content-Type not supported by the endpoint.
Range Not SatisfiableRFC 9110 Β§15.5.17
Asked for a byte range outside the resource.
Expectation FailedRFC 9110 Β§15.5.18
Expect header can't be met.
I'm a teapotRFC 2324
April fool from RFC 2324; never standardised, but used in the wild.
Misdirected RequestRFC 9110 Β§15.5.20
Request sent to a server that can't produce a response for it.
Unprocessable ContentRFC 9110 Β§15.5.21
Syntax OK, semantics wrong (validation failure). Popular in JSON APIs.
Locked (WebDAV)RFC 4918
Resource is locked.
Failed Dependency (WebDAV)RFC 4918
A previous request failed, so this one cannot succeed.
Too EarlyRFC 8470
Server unwilling to process a replayed request.
Upgrade RequiredRFC 9110 Β§15.5.22
Client must switch protocols (e.g. TLS) and retry.
Precondition RequiredRFC 6585
Server requires an If-Match etc. to avoid lost updates.
Too Many RequestsRFC 6585
Rate limited. Read Retry-After.
Request Header Fields Too LargeRFC 6585
Headers (or a single one) exceed server limit.
Unavailable For Legal ReasonsRFC 7725
Blocked due to legal demand (named after Fahrenheit 451).
Internal Server ErrorRFC 9110 Β§15.6.1
Generic server failure. The default catch-all.
Not ImplementedRFC 9110 Β§15.6.2
Server doesn't support the requested method.
Bad GatewayRFC 9110 Β§15.6.3
Upstream returned an invalid response to a gateway.
Service UnavailableRFC 9110 Β§15.6.4
Overloaded or maintenance. Should send Retry-After.
Gateway TimeoutRFC 9110 Β§15.6.5
Upstream didn't respond in time.
HTTP Version Not SupportedRFC 9110 Β§15.6.6
Major HTTP version not supported.
Variant Also NegotiatesRFC 2295
Transparent content negotiation cycle.
Insufficient Storage (WebDAV)RFC 4918
Server can't store the representation.
Loop Detected (WebDAV)RFC 5842
Infinite loop in resolution.
Not ExtendedRFC 2774
Further extensions required.
Network Authentication RequiredRFC 6585
Captive portal β sign in to the network.
βΊHow to use
- Type a digit prefix (
40β 400-409,5β all 5xx) or keyword (teapot,rate limited,redirect) to filter live. - Toggle the class chips on top to focus 1xx / 2xx / 3xx / 4xx / 5xx β works in combination with search.
- Click the big code badge to copy the number to clipboard (great for pasting into IDE, Postman, Slack replies).
- Look for β notes β they flag classic confusions (e.g. 401 vs 403, 302 vs 307's method-preservation behaviour).
Tips
- 401 vs 403: 401 means 'not authenticated', 403 means 'authenticated but not allowed'. Backends frequently swap these.
- 302 vs 307: 302 in practice rewrites POST β GET (historical baggage). Use 307 to preserve the method; 308 is the permanent version.
- 422 Unprocessable Content is the standard pick for JSON-API validation failures (syntax OK, semantics wrong) β more precise than 400.
- 429 Too Many Requests must include a Retry-After header so the client knows when to retry.
π‘ Fully offline data β no network requests. Sources: RFC 9110, RFC 7725, IANA registry.