Every time a browser or an app requests a web page, image, or API endpoint, the server sends back a three-digit status code along with the response. Most people never see these codes because everything works and the page just loads. You only notice them when something breaks, and by then you’re staring at a number like 502 or 429 with no idea what it means or whose problem it is to fix.
This is the full reference, organized by category, with plain explanations of what each code actually indicates and what usually causes it.
How the numbering system works
HTTP status codes are grouped into five classes based on the first digit. Once you know the class, you already know roughly what kind of response you’re dealing with, even before you look up the specific code.
- 1xx (Informational): The request was received, and the server is continuing to process it.
- 2xx (Success): The request was received, understood, and processed successfully.
- 3xx (Redirection): Further action is needed to complete the request, usually because the resource moved.
- 4xx (Client Error): Something about the request itself was wrong, whether that’s a bad URL, missing authentication, or invalid data.
- 5xx (Server Error): The request was valid, but the server failed to fulfill it.
That last distinction matters more than people realize. A 4xx code means you (or whatever client sent the request) need to change something. A 5xx code means the problem is on the server, and there’s nothing you can do from the client side except wait or contact the site owner.
1xx: Informational responses
These codes rarely show up in a browser because they’re intermediate responses, sent before the final one.
| Code | Name | What it means |
|---|---|---|
| 100 | Continue | The server received the initial part of the request, and the client should continue sending the rest. |
| 101 | Switching Protocols | The server is switching to a different protocol as requested by the client, commonly used when upgrading to WebSockets. |
| 102 | Processing | The server accepted the request, but processing will take a while, so it sends this to prevent the client from timing out. |
| 103 | Early Hints | The server sends preliminary headers, like resource hints, before the final response is ready. |
2xx: Success responses
Everything worked as expected. These are the codes you want to see, even though you rarely see them directly since they don’t produce error pages.
| Code | Name | What it means |
|---|---|---|
| 200 | OK | The request succeeded and the server returned the expected data. |
| 201 | Created | The request succeeded and a new resource was created as a result, common after a POST request. |
| 202 | Accepted | The request was accepted for processing, but that processing isn’t finished yet. |
| 203 | Non-Authoritative Information | The request succeeded, but the returned data came from a copy or transformation rather than the origin server. |
| 204 | No Content | The request succeeded but there’s no content to send back, often used after a delete or update action. |
| 205 | Reset Content | The request succeeded and the client should reset the view that submitted the request. |
| 206 | Partial Content | The server is delivering only part of the resource, typically in response to a range request used for streaming or resumable downloads. |
3xx: Redirection responses
These tell the client that the resource has moved and where to find it now.
| Code | Name | What it means |
|---|---|---|
| 300 | Multiple Choices | The request has more than one possible response, and the client needs to pick one. Rarely used in practice. |
| 301 | Moved Permanently | The resource has permanently moved to a new URL, and future requests should use the new address. |
| 302 | Found | The resource temporarily lives at a different URL, but the original address remains valid for future requests. |
| 303 | See Other | The response to the request can be found at a different URL using a GET request, common after form submissions. |
| 304 | Not Modified | The cached version of the resource is still valid, so the server tells the browser to use it instead of sending the full response again. |
| 307 | Temporary Redirect | Similar to 302, but guarantees the request method and body stay the same on the redirect. |
| 308 | Permanent Redirect | Similar to 301, but guarantees the request method and body stay the same on the redirect. |
301 and 302 cause the most confusion for site owners, mainly because search engines treat them differently. A 301 passes ranking signals to the new URL. A 302 tells search engines the move is temporary, so they keep indexing the original address.
4xx: Client error responses
Something about the request was invalid, unauthorized, or pointed at something that doesn’t exist. This is the largest and most frequently encountered category.
| Code | Name | What it means |
|---|---|---|
| 400 | Bad Request | The server couldn’t understand the request due to malformed syntax or invalid data. |
| 401 | Unauthorized | The request lacks valid authentication credentials for the resource. |
| 402 | Payment Required | Reserved for future use, occasionally used by APIs to indicate a billing issue. |
| 403 | Forbidden | The server understood the request but refuses to authorize it, even if the client is authenticated. |
| 404 | Not Found | The server can’t find the requested resource, usually because the URL is wrong or the page was removed. |
| 405 | Method Not Allowed | The request method isn’t supported for this particular resource. |
| 406 | Not Acceptable | The server can’t produce a response matching the content types the client will accept. |
| 407 | Proxy Authentication Required | The client needs to authenticate with a proxy before the request can proceed. |
| 408 | Request Timeout | The server timed out waiting for the client to finish sending the request. |
| 409 | Conflict | The request conflicts with the current state of the resource, common in concurrent editing scenarios. |
| 410 | Gone | The resource used to exist but has been permanently removed, with no forwarding address. |
| 411 | Length Required | The server requires a Content-Length header that the request didn’t include. |
| 412 | Precondition Failed | A condition specified in the request headers wasn’t met by the server. |
| 413 | Payload Too Large | The request body exceeds the size the server is willing to process. |
| 414 | URI Too Long | The requested URL is longer than the server can handle. |
| 415 | Unsupported Media Type | The request body is in a format the server doesn’t support. |
| 416 | Range Not Satisfiable | The requested range for a partial download can’t be fulfilled. |
| 417 | Expectation Failed | The server can’t meet the requirements of the Expect header in the request. |
| 418 | I’m a Teapot | An April Fools joke from an old IETF specification, occasionally implemented for humor or as an easter egg. |
| 422 | Unprocessable Entity | The request was well-formed but contains semantic errors, common in APIs validating form data. |
| 425 | Too Early | The server is unwilling to process a request that might be replayed. |
| 426 | Upgrade Required | The client should switch to a different protocol to complete the request. |
| 428 | Precondition Required | The server requires the request to include conditional headers to avoid conflicting updates. |
| 429 | Too Many Requests | The client has sent too many requests in a given period, triggering rate limiting. |
| 431 | Request Header Fields Too Large | The request’s headers are too large for the server to process. |
| 451 | Unavailable For Legal Reasons | The resource is unavailable due to a legal demand, such as a government takedown request. |
404 is the code most people run into. If you’re seeing one and you’re not sure whether it’s a typo on your end or a real broken link, our guide on how to check if a website is down right now covers how to tell the difference between a missing page and a site-wide outage.
5xx: Server error responses
The request was fine. The server is the one that failed.
| Code | Name | What it means |
|---|---|---|
| 500 | Internal Server Error | A generic failure on the server with no more specific code available. |
| 501 | Not Implemented | The server doesn’t support the functionality required to fulfill the request. |
| 502 | Bad Gateway | A server acting as a gateway or proxy received an invalid response from an upstream server. |
| 503 | Service Unavailable | The server is temporarily unable to handle the request, often due to overload or maintenance. |
| 504 | Gateway Timeout | A gateway or proxy server didn’t get a response from the upstream server in time. |
| 505 | HTTP Version Not Supported | The server doesn’t support the HTTP protocol version used in the request. |
| 506 | Variant Also Negotiates | An internal server configuration error related to content negotiation. |
| 507 | Insufficient Storage | The server can’t store the representation needed to complete the request. |
| 508 | Loop Detected | The server detected an infinite loop while processing the request. |
| 510 | Not Extended | Further extensions to the request are required for the server to fulfill it. |
| 511 | Network Authentication Required | The client needs to authenticate to gain network access, common on public Wi-Fi login pages. |
502 and 504 are two of the most common errors site owners deal with, and they get confused with each other constantly even though the cause is different. We cover the difference in detail in our guides on what a 502 Bad Gateway actually means and what causes a 504 Gateway Timeout.
Why status codes matter beyond error pages
Status codes aren’t just diagnostic information for developers. Search engines read them to decide how to treat a page. A 404 tells Google the page is gone, so it eventually drops out of the index. A 301 tells Google to transfer ranking value to the new URL. A string of 500 or 503 errors during a crawl can hurt indexing if it happens repeatedly, since it signals the site may be unreliable.
If you’re running a site and want to know how often your server is throwing errors before it starts affecting your traffic or your visitors’ experience, keeping an eye on website performance and response times is a good habit. Slow responses and error codes tend to show up together, so tracking one often catches the other early. It’s also worth understanding the basics of what website monitoring actually covers if you’re setting this up for the first time.
A 4xx error means the problem is with the request itself, like a wrong URL, missing permissions, or bad data. A 5xx error means the request was fine but the server failed to process it. If you’re the visitor, a 4xx is usually something you can fix (check the URL), while a 5xx is entirely on the site owner’s end.
Yes, it matters, mainly for SEO. A 301 tells browsers and search engines the move is permanent, so ranking signals transfer to the new URL. A 302 signals a temporary move, so the original URL stays indexed and keeps its ranking. Using the wrong one on a permanent page move can hurt search rankings.
A 403 means the server recognized your request but is specifically refusing to authorize it, which is different from not being logged in. It usually points to a permissions issue, a blocked IP address, a firewall rule, or a resource that’s restricted regardless of authentication status.
It’s a bit of both. A 429 means you (or an app acting on your behalf) sent too many requests in too short a window. It’s the server protecting itself from being overwhelmed, so waiting a bit before retrying usually resolves it.
You can check response headers using your browser’s developer tools under the Network tab, or use an online status checker that tests the URL from an external server and reports back the exact code along with response time.