100Continue▼
The server has received the request headers and the client should proceed to send the request body.
Use case: Used when the client wants to send a large body and checks if the server will accept it first via the Expect: 100-continue header.
101Switching Protocols▼
The requester has asked the server to switch protocols and the server has agreed.
Use case: Used during WebSocket connection upgrade from HTTP to WS.
102Processingunofficial▼
The server has received and is processing the request, but no response is available yet.
Use case: WebDAV — prevents client timeout for long-running operations.
103Early Hintsunofficial▼
Used to return some response headers before the final HTTP message.
Use case: Preload hints — server tells client to start fetching CSS/JS while the HTML is still being generated.
200OK▼
Standard response for successful HTTP requests.
Use case: GET returns the resource, POST returns the result of the action.
201Created▼
The request has been fulfilled and a new resource has been created.
Use case: POST to /users returns 201 with the new user's URL in the Location header.
202Accepted▼
The request has been accepted for processing, but the processing is not complete.
Use case: Async jobs — POST returns 202 with a job URL the client can poll.
203Non-Authoritative Information▼
The server successfully processed the request but is returning information from another source.
Use case: HTTP proxies that modify the response in some way.
204No Content▼
The server successfully processed the request and is not returning any content.
Use case: PUT/PATCH updates — saves the resource but doesn't return a body.
205Reset Content▼
The server successfully processed the request, but is not returning any content. The client should reset the document view.
Use case: Form submission — server tells client to clear the form.
206Partial Content▼
The server is delivering only part of the resource due to a range header.
Use case: Video streaming, resumable downloads — client requests bytes 0-1023 and gets 206 back.
207Multi-Statusunofficial▼
The message body is an XML message containing multiple separate response codes.
Use case: WebDAV — multiple operations in one request.
208Already Reportedunofficial▼
Members of a DAV binding have already been enumerated in a previous reply.
Use case: WebDAV — avoids enumerating the same resource twice.
226IM Usedunofficial▼
The server has fulfilled a GET request for the resource with instance manipulation applied.
Use case: Delta encoding — server returns only the diff from a previous version.
300Multiple Choices▼
Indicates multiple options for the resource from which the client may choose.
Use case: Content negotiation — server offers HTML, JSON, or PDF versions.
301Moved Permanentlynginx, Apache, Cloudflare▼
This and all future requests should be directed to the given URI.
Use case: Site migration — old URL permanently redirects to new URL. Search engines update their index.
302Found▼
Tells the client to look at another URL for the resource (temporary).
Use case: Post-redirect-GET pattern — form POST returns 302 to a success page. Note: 302 may change POST to GET — use 307 to preserve method.
303See Other▼
The response to the request can be found under another URI using the GET method.
Use case: POST → redirect to a GET URL (Post/Redirect/Get pattern).
304Not Modified▼
The resource has not been modified since the version specified by the request headers.
Use case: Conditional requests with If-Modified-Since / If-None-Match — saves bandwidth.
305Use Proxy▼
The requested resource is available only through a proxy.
Use case: Deprecated for security reasons. Don't use.
307Temporary Redirect▼
Same as 302 but preserves the HTTP method (POST stays POST).
Use case: Temporary redirect that keeps the original method. Safer than 302.
308Permanent Redirectunofficial▼
Same as 301 but preserves the HTTP method (POST stays POST).
Use case: Permanent redirect that keeps the original method. Safer than 301.
400Bad Request▼
The server cannot process the request due to a client error (malformed syntax).
Use case: Invalid JSON body, missing required parameters, bad query string.
401Unauthorized▼
Authentication is required and has failed or has not been provided.
Use case: Missing/invalid auth token. Response should include WWW-Authenticate header.
402Payment Required▼
Reserved for future use. Sometimes used for payment-required access.
Use case: Rarely used. Some APIs return this when quota is exceeded and payment is needed.
403Forbidden▼
The request was valid but the server is refusing action.
Use case: User is authenticated but doesn't have permission for this resource.
404Not Found▼
The requested resource could not be found.
Use case: URL doesn't match any route, or resource ID doesn't exist.
405Method Not Allowed▼
The request method is not supported for the requested resource.
Use case: POST to a GET-only endpoint. Response should include Allow header listing valid methods.
406Not Acceptable▼
The requested resource is capable of generating only content not acceptable according to the Accept headers.
Use case: Client requests only XML, server only produces JSON.
407Proxy Authentication Required▼
The client must first authenticate itself with the proxy.
Use case: Corporate proxies — response includes Proxy-Authenticate header.
408Request Timeout▼
The server timed out waiting for the request.
Use case: Client took too long to send the full request body.
409Conflict▼
The request could not be processed because of conflict in the current state of the resource.
Use case: Editing the same resource from two clients simultaneously (version mismatch).
410Gone▼
The resource is no longer available and will not be available again.
Use case: Deleted resource. Different from 404 — 410 tells clients to stop requesting it.
411Length Required▼
The request did not specify the length of its content, which is required by the requested resource.
Use case: Server requires Content-Length header for POST/PUT.
412Precondition Failed▼
The server does not meet one of the preconditions specified in the request headers.
Use case: If-Match / If-Unmodified-Since check failed during conditional update.
413Payload Too Largenginx, Apache, Cloudflare▼
The request is larger than the server is willing or able to process.
Use case: File upload exceeds size limit.
414URI Too Long▼
The URI provided was too long for the server to process.
Use case: Extremely long query string — should use POST body instead.
415Unsupported Media Type▼
The request entity has a media type which the server or resource does not support.
Use case: POSTing XML when server expects JSON. Check Content-Type header.
416Range Not Satisfiable▼
The client has asked for a portion of the file, but the server cannot supply that portion.
Use case: Range header requests bytes beyond the file size.
417Expectation Failed▼
The server cannot meet the requirements of the Expect request-header field.
Use case: Client sends Expect: 100-continue but server can't honor it.
418I'm a teapotunofficial▼
The server refuses to brew coffee because it is, permanently, a teapot.
Use case: April Fools' joke from RFC 2324 (HTCPCP). Sometimes used as an Easter egg.
421Misdirected Requestunofficial▼
The request was directed at a server that is not able to produce a response.
Use case: HTTP/2 connection coalescing — server doesn't have a cert for the requested host.
422Unprocessable Entityunofficial▼
The request was well-formed but was unable to be followed due to semantic errors.
Use case: Validation failure — JSON is valid but missing required fields. Better than 400 for API errors.
423Lockedunofficial▼
The resource that is being accessed is locked.
Use case: WebDAV — resource is locked by another client.
424Failed Dependencyunofficial▼
The request failed due to failure of a previous request.
Use case: WebDAV — dependent request in a batch failed.
425Too Earlyunofficial▼
The server is unwilling to risk processing a request that might be replayed.
Use case: TLS 1.3 0-RTT data — protects against replay attacks.
426Upgrade Requiredunofficial▼
The client should switch to a different protocol.
Use case: Server requires TLS 1.2+ — response includes Upgrade header.
428Precondition Requiredunofficial▼
The server requires the request to be conditional.
Use case: Server requires If-Match header on PUT to prevent lost updates (optimistic locking).
429Too Many Requestsunofficial▼
The user has sent too many requests in a given amount of time.
Use case: Rate limiting. Response should include Retry-After header.
431Request Header Fields Too Largeunofficial▼
The server is unwilling to process the request because either an individual header field, or all the header fields collectively, are too large.
Use case: Too many cookies — server rejects the request.
451Unavailable For Legal Reasonsunofficial▼
A server operator has received a legal demand to deny access to a resource.
Use case: Government censorship, DMCA takedowns. Response should include a Link to the legal demand.
500Internal Server Error▼
A generic error message, given when an unexpected condition was encountered.
Use case: Unhandled exception, database connection failure, bug in code.
501Not Implemented▼
The server does not recognise the request method, or lacks the ability to fulfil it.
Use case: Server doesn't support a custom HTTP method.
502Bad Gatewaynginx, Cloudflare, Apache, HAProxy▼
The server was acting as a gateway or proxy and received an invalid response from the upstream server.
Use case: Reverse proxy (nginx, Cloudflare) can't reach the backend app.
503Service Unavailablenginx, Apache, Cloudflare▼
The server is currently unavailable. Often because it is overloaded or down for maintenance.
Use case: Server is restarting, deploying, or temporarily overloaded. Response should include Retry-After.
504Gateway Timeoutnginx, Cloudflare, Apache, HAProxy▼
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
Use case: Backend took too long to respond — proxy timeout.
505HTTP Version Not Supported▼
The server does not support the HTTP protocol version used in the request.
Use case: Client sends HTTP/2.0 to a server that only supports 1.1.
506Variant Also Negotiates▼
Transparent content negotiation for the request results in a circular reference.
Use case: Misconfigured content negotiation — rarely seen.
507Insufficient Storageunofficial▼
The server is unable to store the representation needed to complete the request.
Use case: WebDAV — disk full.
508Loop Detectedunofficial▼
The server detected an infinite loop while processing the request.
Use case: WebDAV — binding loops.
510Not Extendedunofficial▼
Further extensions to the request are required for the server to fulfil it.
Use case: Server requires HTTP extension framework — rarely seen.
511Network Authentication Requiredunofficial▼
The client needs to authenticate to gain network access.
Use case: Captive portals — hotel/airport WiFi login page.
520Web Server Returned an Unknown Errorunofficial▼
Cloudflare — origin returned an empty, unknown, or unexpected response.
Use case: Cloudflare-specific. Origin server is misconfigured or crashed.
521Web Server Is Downunofficial▼
Cloudflare — origin server refused the connection.
Use case: Cloudflare-specific. Origin server is offline.
522Connection Timed Outunofficial▼
Cloudflare — TCP connection to the origin timed out.
Use case: Cloudflare-specific. Origin server is too slow or firewall blocking Cloudflare IPs.
523Origin Is Unreachableunofficial▼
Cloudflare — cannot reach the origin server.
Use case: Cloudflare-specific. DNS issue or origin IP changed.
524A Timeout Occurredunofficial▼
Cloudflare — TCP connection was established but origin didn't respond with HTTP headers within 100 seconds.
Use case: Cloudflare-specific. Long-running request — increase proxy_read_timeout or use async processing.
525SSL Handshake Failedunofficial▼
Cloudflare — SSL handshake with the origin failed.
Use case: Cloudflare-specific. Origin cert expired, missing, or wrong cipher.
526Invalid SSL Certificateunofficial▼
Cloudflare — origin's SSL certificate is invalid.
Use case: Cloudflare-specific. Origin cert is self-signed, expired, or hostname mismatch.
527Railgun Errorunofficial▼
Cloudflare Railgun — error establishing connection between Railgun Listener and origin.
Use case: Cloudflare-specific. Railgun misconfiguration.
530Origin DNS Errorunofficial▼
Cloudflare — cannot resolve origin DNS.
Use case: Cloudflare-specific. Origin DNS record is missing or wrong.
598Network Read Timeout Errorunofficial▼
Unofficial — proxy read timeout between proxy and origin.
Use case: Used by some proxies for upstream timeouts.
599Network Connect Timeout Errorunofficial▼
Unofficial — proxy connect timeout to origin.
Use case: Used by some proxies for upstream connect timeouts.