Skip to main content

HTTP Status Code Reference

Searchable reference for all HTTP status codes with descriptions.

Reviewed by · Last reviewed

61 codes found

How to Use the HTTP Status Code Reference

  1. Type into the search box to filter the list. The filter matches against code numbers ("404"), status names ("Not Found"), or phrases in the description ("rate limit").
  2. Use the category pills (1xx, 2xx, 3xx, 4xx, 5xx) to scope the table to a single class of response.
  3. Click any row to expand it and see the RFC reference, common causes, and real-world scenarios where the code is returned.
  4. Copy a code or phrase with the inline copy button when you are pasting an example into an API spec, Postman, or a bug ticket.
  5. Bookmark this page for quick offline reference - it works without a network connection once loaded.

How the Reference Was Built

The code list is compiled from RFC 9110 (HTTP Semantics, the 2022 consolidation of HTTP/1.1 behavior), plus a handful of still-relevant predecessors: RFC 7231 for the classic status code registry, RFC 7232 for conditional requests (304), RFC 7538 (308 Permanent Redirect), RFC 6585 (428, 429, 431, 511), and the WebDAV extensions in RFC 4918 (102, 207, 422, 423, 424, 507, 508). The data lives as a static JSON array shipped with the page - every search and filter is pure in-browser JavaScript array work, so typing in the filter box returns in microseconds. No network round trip, no server component, no analytics event on each keystroke. The UI uses String.prototype.includes on normalized lower-cased query terms to stay consistent across locales.

When You Would Reach for This

  • Writing an API and deciding between 409 Conflict and 422 Unprocessable Content for a duplicate-resource error.
  • Debugging a production incident where your gateway returns 503 and you need to confirm whether clients should retry.
  • Documenting an OpenAPI specification and pasting the canonical status phrase into the response.description fields.
  • Explaining to a non-technical stakeholder why a 302 redirect loses SEO juice compared to a 301.
  • Configuring a retry policy in your HTTP client library - 5xx codes are safely retryable, 4xx codes usually are not.
  • Teaching a junior developer the distinction between 401 ("we do not know who you are") and 403 ("we know and the answer is no").

Common Pitfalls and Edge Cases

  • 418 I'm a Teapot. Defined in the 1998 April Fools RFC 2324 and excluded from the real HTTP standards. Charming but non-normative; production systems should not return it seriously.
  • Using 200 OK for errors. Some APIs return HTTP 200 with {"error": ...} in the body to simplify fetching. This breaks retry logic, caching, and monitoring dashboards that key off status codes. Return the correct status.
  • 301 vs 308. Both are permanent redirects, but 301 historically permitted clients to change POST to GET; 308 explicitly preserves the method. Use 308 if you need to keep the request body and verb on the redirect target.
  • 429 without Retry-After. RFC 6585 requires servers returning 429 Too Many Requests to include a Retry-After header so clients can implement sane backoff. Omitting it forces clients to guess, which usually means hammering your rate limiter.
  • 204 vs 200 with empty body. 204 No Content signals success with no body; it is semantically cleaner for DELETE responses and for PATCH that do not echo the modified resource. 200 with an empty body is legal but muddier.
  • 3xx codes are not failures. Monitoring dashboards that alert on "non-2xx" will fire on perfectly normal 304 Not Modified responses from your CDN. Exclude 3xx from error-rate SLO calculations.

HTTP Status Code Classes

The first digit of the three-digit code classifies the response. 1xx codes are informational (100 Continue, 101 Switching Protocols, 103 Early Hints for preload hints) and usually go unseen because the response is transient. 2xx codes mean the request succeeded: 200 for "here is your content", 201 for "created", 202 for "accepted asynchronously", 204 for "succeeded, nothing to return", 206 for "partial content, as you asked with Range". 3xx signals redirection: 301 and 308 permanent, 302 and 307 temporary, 304 Not Modified for conditional requests. 4xx indicates a client-side problem the client can fix: 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 409 Conflict, 410 Gone, 422 Unprocessable Content, 429 Too Many Requests. 5xx signals a server-side problem the client cannot fix: 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable, 504 Gateway Timeout. RFC 9110 treats unknown codes as unknown with the same class - so an exotic 499 from Nginx still parses as a client error.

Comparison to Alternatives

httpstatuses.com and httpstatus.com are well-known browseable references with cleaner long-form descriptions. Mozilla's MDN Web Docs has a status-code page per code with browser-compat data and cross-links to related headers - the best deep-dive resource when you need to understand subtle behavior. On the terminal, curl -I returns the code from a real request, and man 7 http_status_codes (on some distributions) gives a quick synopsis. Postman and Insomnia show status codes inline with colored badges. Use this page when you want filter-driven offline browsing, particularly when you remember a phrase ("unprocessable") but not the number.

Frequently Asked Questions

What is the authoritative source of HTTP status codes?

RFC 9110 (HTTP Semantics) is the current spec and replaces RFC 7230 through RFC 7235. The IANA HTTP Status Code Registry tracks all assignments. This tool's data is compiled from those sources.

What is the practical difference between 401 and 403?

401 Unauthorized means authentication is missing or failed - log in again. 403 Forbidden means authentication succeeded but you lack permission for this resource - re-authenticating will not help. A well-designed API uses 401 for bad tokens and 403 for insufficient scopes.

When should I use 404 vs 410?

404 Not Found means the resource does not exist at this URL - that could be because it never did or because the server is not tracking its former existence. 410 Gone means the resource used to exist at this URL and has been intentionally removed, with no forwarding address. Use 410 when you are permanently decommissioning an endpoint so search engines de-index it faster and clients stop retrying. Use 404 for everything else.

Does this tool make API calls to look up codes?

No. The entire status-code list is bundled with the page at build time as a JavaScript array. Filtering and searching runs as plain Array.filter and String.includes calls in your browser, so there is no network traffic. That also means the tool works offline after the first load, which is handy on planes, in subways, or behind strict corporate firewalls.

What is the 418 I am a teapot code about?

It was defined in RFC 2324, the Hyper Text Coffee Pot Control Protocol - an April Fools' Day joke from 1998 designed to be returned by coffee pots asked to brew tea. It has never been part of the real HTTP standard but is famously implemented by several servers and libraries as an Easter egg. IANA does not include it in the official registry. Do not return it from production APIs; clients and middleware may handle it unpredictably.

How should I handle 429 Too Many Requests?

Read the Retry-After header and wait at least that long. If missing, apply exponential backoff with jitter - 1 second baseline, doubling each attempt up to a cap, plus randomness to avoid synchronized retries. Libraries like axios-retry, node-fetch-retry, and Python's tenacity handle this. Fast retries without backoff make rate limits worse for everyone.

Why did 308 Permanent Redirect get added so late?

Because 301 had a quirk: it allowed clients to change POST to GET when following the redirect, and many old clients did. 308 was specified in RFC 7538 (2015) to mandate method preservation. Use 308 if your redirect target needs the original body and verb; 301 is safe for simple GETs.

What status codes signal a retry is safe?

All 5xx codes except 501 Not Implemented are safely retryable because they indicate transient server-side issues. 408 Request Timeout and 429 Too Many Requests are also retryable from the 4xx family. 425 Too Early signals the server will not process a 0-RTT request and suggests retrying with a stronger connection. Other 4xx codes (400, 401, 403, 404, 409, 410, 422) are not retryable without fixing the request first.

Is there a code for "I have not implemented this yet"?

Yes, 501 Not Implemented is specifically for that case - the server does not recognize the request method or lacks the ability to fulfill it. For an API endpoint that exists but is disabled, 403 Forbidden or 410 Gone is usually better. 501 is rarely seen on modern APIs because frameworks return 404 or 405 Method Not Allowed before the request reaches application code.

How does a 304 Not Modified work?

When a client sends a conditional request with If-Modified-Since or If-None-Match headers, the server checks whether the resource has changed since that timestamp or matches that ETag. If not, it returns 304 with no body, signaling that the client's cached copy is still valid. The response has headers (Cache-Control, Expires, ETag) but zero body bytes, which makes it extremely cheap to serve. Your CDN sitting in front of an origin relies heavily on 304 for efficiency.

Can a server return a status code not in any RFC?

Yes. Nginx's 499 Client Closed Request is not in any RFC but is common in access logs. Cloudflare returns 520-527 for edge-specific failures. RFC 9110 says unknown codes should be treated as the x00 of the same class. For public APIs stick to registered codes.

More Developer Tools

Base64 Encoder & Decoder

Encode UTF-8 text to Base64 online or decode Base64 back to UTF-8 and plain text. Runs in your browser with no upload.

Open tool

Bulk URL Encode / Decode

Encode or decode many URLs at once. Paste a newline-separated list and the tool processes each line in parallel, preserving order and blank lines.

Open tool

Code Screenshot

Create beautiful code snippet images with customizable themes.

Open tool

Color Converter

Convert colors between HEX, RGB, HSL and CMYK formats.

Open tool

Cron Expression Parser

Parse cron expressions into human-readable schedules with next run times.

Open tool

CSS Formatter / Minifier

Format, beautify and minify CSS code.

Open tool