HTTP Status Codes — Lookup & Decision Helper
Search any HTTP status code from 100 to 599 and get its official name, meaning, and behaviour — straight from RFC 9110 and the IANA registry. A built-in decision helper settles the arguments developers actually have: 301 vs 308, 401 vs 403, 200 vs 201 vs 204. No signup, sources cited.
Type a number to match codes by prefix (e.g. 40 → 400–409), or a word to match names and meanings. Leave empty to browse all.
Showing 62 of 62 codes
The client should continue sending the request body. Sent in response to an Expect: 100-continue header before the client commits to uploading a large payload.
Common causes
- Client sent Expect: 100-continue and the server accepted the headers
Typical fixes
- No action — proceed to send the request body
The server agrees to switch protocols as requested in the Upgrade header — most commonly the HTTP→WebSocket handshake.
Common causes
- Client sent an Upgrade header (e.g. WebSocket handshake)
Typical fixes
- No action — the connection now speaks the new protocol
WebDAV interim response telling the client the server has accepted a long-running request and is still working on it. Deprecated in favour of more reliable mechanisms.
Common causes
- Long-running WebDAV operation in progress
Typical fixes
- Wait for the final response — this is interim only
An interim response that lets the server send Link headers early so the browser can preconnect or preload resources before the final response is ready.
Common causes
- Server sends preload/preconnect Link hints ahead of the final response
Typical fixes
- No action — used to speed up resource loading
The request succeeded. The meaning of the body depends on the method: the representation of the target resource for GET, the result of the action for POST, and so on.
Common causes
- A normal, successful request
Typical fixes
- No action — this is the success case
The request succeeded and one or more new resources were created. The Location header should point at the new resource; the body usually describes it.
Common causes
- A POST or PUT that created a new resource
Typical fixes
- Return a Location header pointing at the new resource
The request was accepted for processing, but the processing has not completed and may not succeed. Used for asynchronous / queued work.
Common causes
- Work was queued for background processing (e.g. a job, an email send)
Typical fixes
- Give the client a way to poll status (e.g. a status URL in the body)
The request succeeded but the enclosed body was modified by a transforming proxy from the origin's 200 response. Status of the original is 200.
Common causes
- A proxy altered the response (e.g. stripped or rewrote headers/content)
Typical fixes
- Verify which proxy transformed the response if accuracy matters
The request succeeded and there is no additional content to send in the body. Commonly returned by a successful PUT or DELETE.
Common causes
- A successful update or delete with nothing to return
Typical fixes
- No action — do not send a body with a 204
The request succeeded and the user agent should reset the document that sent the request (e.g. clear a form). A 205 must not include a body.
Common causes
- A form submission that should clear the form after success
Typical fixes
- No action — instruct the client to reset its view
The server is delivering only part of the resource in response to a Range request. Used for resumable downloads and media streaming.
Common causes
- Client sent a Range header (resume download, video seek)
Typical fixes
- No action — ensure Content-Range is set correctly
WebDAV: the body is an XML document carrying multiple independent status codes for a request that affected several resources.
Common causes
- A WebDAV request that operated on multiple resources at once
Typical fixes
- Parse the multistatus XML to read each resource's individual status
WebDAV: used inside a Multi-Status (207) body to avoid repeatedly enumerating the members of a binding already reported earlier.
Common causes
- A WebDAV collection member already listed in the same 207 response
Typical fixes
- No action — an optimisation inside multistatus bodies
The server fulfilled a GET and the response is one or more instance-manipulations (delta encoding) applied to the current instance.
Common causes
- Client requested delta encoding via the A-IM header
Typical fixes
- No action — rarely used in practice
The target has more than one representation and the server cannot pick one for the client. The body may list the alternatives.
Common causes
- Several content formats/languages exist and no preference was clear
Typical fixes
- Provide a Location for the preferred choice, or list the options
The resource has a new permanent URL given in Location. Clients and search engines should update their links. A client MAY change the method to GET on the redirect.
Common causes
- A page or endpoint was permanently moved or its URL canonicalised
Typical fixes
- Set Location to the new URL; use 308 instead if POST must be preserved
The resource is temporarily at a different URL given in Location. The original URL should keep being used for future requests. A client MAY change the method to GET.
Common causes
- A temporary redirect (A/B test, maintenance page, post-login bounce)
Typical fixes
- Use 307 to preserve the method, or 303 to force a GET after a POST
Tells the client to GET a different URL (in Location) to see the result of the request. The classic Post/Redirect/Get pattern that stops form resubmission.
Common causes
- After a successful POST you want to send the user to a result page
Typical fixes
- Set Location to the GET-able result URL (Post/Redirect/Get)
Used for conditional GETs: the cached copy is still fresh, so no body is sent. Triggered by If-None-Match / If-Modified-Since.
Common causes
- The client's cached ETag/Last-Modified still matches the server
Typical fixes
- No action — the client reuses its cached copy
Deprecated. Originally meant the resource must be accessed through a proxy. No longer used because of security concerns.
Common causes
- Legacy proxy configuration (should not appear in modern systems)
Typical fixes
- Do not use — deprecated by RFC 9110
The resource is temporarily at the Location URL, and the client MUST repeat the request with the same method and body. The method-preserving version of 302.
Common causes
- A temporary redirect where a POST/PUT must be re-sent unchanged
Typical fixes
- No action — method and body are preserved automatically
The resource has permanently moved to the Location URL, and the client MUST reuse the same method and body. The method-preserving version of 301.
Common causes
- A permanent move of an endpoint that must keep its POST/PUT method
Typical fixes
- No action — method and body are preserved; update links to Location
The server cannot or will not process the request because of a client error — malformed syntax, invalid framing, or deceptive routing.
Common causes
- Malformed JSON/body
- Invalid query parameters
- Bad request framing
Typical fixes
- Validate and fix the request payload before resending
The request lacks valid authentication. The response must include a WWW-Authenticate header; the client can retry with credentials. ('Unauthenticated' would be the accurate name.)
Common causes
- Missing/expired token
- Wrong credentials
- No Authorization header
Typical fixes
- Authenticate, then resend with a valid token; send WWW-Authenticate server-side
Reserved for future use. Used by some APIs to signal that payment or a higher plan is required before the request can proceed.
Common causes
- Quota exhausted on a paid API
- Billing required
Typical fixes
- Upgrade the plan or settle the outstanding balance
The server understood the request but refuses to authorise it. Unlike 401, authenticating will not help — the identity is known but not permitted.
Common causes
- Insufficient permissions/role
- IP or geo block
- Disabled account
Typical fixes
- Grant the right permission, or use 404 to hide a resource's existence
The origin server did not find a current representation for the target resource, or does not wish to disclose that one exists. Does not say whether the absence is temporary or permanent.
Common causes
- Wrong URL or route
- Deleted resource
- Missing route handler
Typical fixes
- Check the path and routing; use 410 if the resource is permanently gone
The method is known by the server but not supported by the target resource. The response must list supported methods in an Allow header.
Common causes
- POST to a read-only endpoint
- DELETE not implemented for the route
Typical fixes
- Use a method listed in the Allow header; add the handler if it should exist
The server cannot produce a response matching the Accept headers sent in the request (content type, language, or encoding).
Common causes
- Accept header asks for a format the server cannot produce
Typical fixes
- Relax or correct the Accept / Accept-Language header
Like 401, but authentication is needed by a proxy between the client and the server. The proxy sends a Proxy-Authenticate header.
Common causes
- A corporate or upstream proxy requires credentials
Typical fixes
- Send Proxy-Authorization credentials for the proxy
The server timed out waiting for the full request. The client may repeat the request; servers often close idle keep-alive connections this way.
Common causes
- Slow or stalled client upload
- Idle keep-alive connection reaped
Typical fixes
- Resend the request; check client network speed and timeouts
The request conflicts with the current state of the target resource — e.g. an edit against a stale version, or a duplicate that breaks a uniqueness rule.
Common causes
- Concurrent edit / version mismatch
- Duplicate unique key
Typical fixes
- Re-fetch the latest state, resolve the conflict, then resubmit
The resource is permanently gone and no forwarding address is known. Stronger than 404 — tells clients and search engines to stop requesting it.
Common causes
- A resource was intentionally and permanently removed
Typical fixes
- No action — remove inbound links; use 404 if removal might be temporary
The server refuses the request because it has no Content-Length header. The client must add one and resend.
Common causes
- Body sent without a Content-Length header
Typical fixes
- Add a Content-Length header (or use chunked transfer correctly)
A conditional header (If-Match, If-Unmodified-Since, etc.) evaluated to false, so the server did not perform the request. Guards against lost updates.
Common causes
- The resource changed since the client's If-Match ETag
Typical fixes
- Re-fetch the current ETag and retry the conditional request
The request body is larger than the server is willing or able to process. Formerly called 'Payload Too Large'.
Common causes
- Upload exceeds the server/proxy body-size limit
Typical fixes
- Shrink or chunk the payload, or raise the server's size limit
The request URI is longer than the server is willing to interpret — often a GET with too many query parameters that should be a POST.
Common causes
- Excessively long query string
- Redirect loop accumulating params
Typical fixes
- Move parameters into a POST body; shorten the URL
The request body is in a format the target resource does not support (wrong Content-Type or Content-Encoding).
Common causes
- Sending XML to a JSON-only endpoint
- Missing/incorrect Content-Type
Typical fixes
- Set the correct Content-Type and encode the body accordingly
None of the ranges in the request's Range header overlap the current extent of the resource — e.g. a byte range beyond the file size.
Common causes
- Requested byte range exceeds the resource length
Typical fixes
- Request a valid range, or omit Range to get the full resource
The expectation in the request's Expect header could not be met by the server.
Common causes
- Expect: 100-continue rejected by an intermediary
Typical fixes
- Remove the Expect header or resend without it
An April Fools' joke code (RFC 2324, Hyper Text Coffee Pot Control Protocol). RFC 9110 lists 418 as reserved/unused so it can never be reassigned. Not for real use.
Common causes
- A server playing the teapot joke; never a real protocol condition
Typical fixes
- Do not rely on 418 in production APIs
The request was directed at a server that is unable or unwilling to produce an authoritative response for the target URI's authority (common with HTTP/2 connection reuse).
Common causes
- HTTP/2 connection coalescing sent the request to the wrong origin
Typical fixes
- Retry on a fresh connection to the correct authority
The request was well-formed (correct syntax and content type) but the server could not process the contained instructions — typically semantic validation errors.
Common causes
- Valid JSON that fails business-rule validation
- Semantic field errors
Typical fixes
- Fix the field-level validation errors described in the response body
WebDAV: the target resource is locked and cannot be modified.
Common causes
- A WebDAV resource is locked by another client
Typical fixes
- Wait for or remove the lock, then retry
WebDAV: the request failed because it depended on another request that failed.
Common causes
- A dependent WebDAV operation in the same request failed
Typical fixes
- Fix the failed prerequisite operation and retry
The server is unwilling to risk processing a request that might be replayed — sent over TLS 1.3 early data (0-RTT).
Common causes
- Request sent in TLS 1.3 early data and the server refuses replay risk
Typical fixes
- Resend after the TLS handshake completes (not as early data)
The server refuses the request on the current protocol but will accept it after the client upgrades. The Upgrade header lists the required protocol(s).
Common causes
- Server requires a newer protocol (e.g. TLS, HTTP/2)
Typical fixes
- Upgrade to the protocol named in the Upgrade header and retry
The origin server requires the request to be conditional, to prevent the 'lost update' problem from blind overwrites. The client should add an If-Match.
Common causes
- Server requires an If-Match/If-Unmodified-Since for unsafe updates
Typical fixes
- Re-fetch the ETag and resend with an If-Match precondition
The client has sent too many requests in a given time (rate limiting). The response should include a Retry-After header telling the client when to try again.
Common causes
- Rate limit or quota exceeded
- Burst of requests from one client
Typical fixes
- Back off and retry after the Retry-After delay; add client-side throttling
The server refuses the request because its header fields are too large, either individually or in total. Often an oversized Cookie.
Common causes
- Oversized Cookie or Authorization header
- Too many custom headers
Typical fixes
- Reduce header size (clear large cookies) and resend
The resource is unavailable for legal reasons, such as a court order or government censorship. The number nods to Fahrenheit 451.
Common causes
- Legal takedown
- Geo-blocking required by law
Typical fixes
- No action by the client; the block is legally mandated
A generic catch-all: the server hit an unexpected condition that stopped it fulfilling the request. The most common server-side error.
Common causes
- Unhandled exception
- Misconfiguration
- Database/dependency failure
Typical fixes
- Check server logs for the stack trace; fix the underlying bug
The server does not support the functionality required to fulfil the request — e.g. an unrecognised method. The only 5xx that is cacheable by default.
Common causes
- Method or feature not implemented by the server
Typical fixes
- Use a supported method/feature, or implement the missing capability
The server, acting as a gateway or proxy, got an invalid response from the upstream server it relied on.
Common causes
- Upstream/origin server returned garbage or crashed
- Proxy misconfig
Typical fixes
- Check upstream health and the proxy configuration; retry
The server is temporarily unable to handle the request — overloaded or down for maintenance. A Retry-After header may say when to come back.
Common causes
- Overload / traffic spike
- Planned maintenance
- Failing health check
Typical fixes
- Retry after the Retry-After delay; scale capacity or finish maintenance
The server, acting as a gateway or proxy, did not get a timely response from the upstream server.
Common causes
- Upstream server too slow
- Network latency to the origin
- Deadlock
Typical fixes
- Raise upstream timeouts or speed up the origin; retry
The server does not support, or refuses to support, the major HTTP version used in the request.
Common causes
- Client used an HTTP version the server cannot speak
Typical fixes
- Use a supported HTTP version (e.g. HTTP/1.1 or HTTP/2)
A transparent content-negotiation configuration error: the chosen variant is itself configured to negotiate, causing a loop.
Common causes
- Misconfigured transparent content negotiation
Typical fixes
- Fix the server's variant negotiation configuration
WebDAV: the server cannot store the representation needed to complete the request — out of disk or quota.
Common causes
- Server disk or storage quota exhausted
Typical fixes
- Free up storage or raise the quota, then retry
WebDAV: the server detected an infinite loop while processing the request (e.g. cyclic bindings).
Common causes
- A cyclic WebDAV binding caused an infinite traversal
Typical fixes
- Break the cyclic resource structure on the server
An extension to the request is required for the server to fulfil it. Defined by the experimental (now obsolete) HTTP Extension Framework; rarely seen.
Common causes
- Server requires a mandatory protocol extension that was not present
Typical fixes
- Include the required extension declaration (legacy; rarely applicable)
The client needs to authenticate to gain network access — sent by captive portals (e.g. public Wi-Fi login pages).
Common causes
- Captive portal (hotel / airport / café Wi-Fi) requires sign-in
Typical fixes
- Complete the network login page, then retry the original request
How it works
This is a reference and decision tool, not a calculator — so the “method” is the data model and the rules behind it, every one sourced. The full table of 62 IANA-registered status codes lives in a single typed module, with one record per code holding its name, class, plain-English meaning, behaviour flags, common causes and fixes, and the exact RFC section that defines it.
- Class. The class is pure arithmetic:
class = Math.floor(code / 100)→ 1xx Informational, 2xx Success, 3xx Redirection, 4xx Client Error, 5xx Server Error (RFC 9110 §15). - Cacheable by default. True only for the codes RFC 9110 §15.1 lists as heuristically cacheable — 200, 203, 204, 206, 300, 301, 308, 404, 405, 410, 414, and 501. Everything else is not heuristically cacheable unless explicit cache-control headers say so.
- Preserves request method (3xx). Only 307 and 308 require the client to repeat the original method and body. 301, 302, and 303 historically allow — or, for 303, force — a switch to GET. This single distinction is the crux of the 301↔308 and 302↔307 decisions (RFC 9110 §15.4).
- Safe to retry. Flagged for transient conditions where repeating an idempotent request may succeed — 408, 425, 429, and the server-side 500, 502, 503, 504 — always honouring any Retry-After header. Most 4xx codes need the request itself fixed first.
- Has body. The 1xx interim responses plus 204 No Content, 205 Reset Content, and 304 Not Modified must not carry a message body; all others may.
The decision helper is a set of pure boolean tables over those same fields — no heuristics, no opinion. The redirect helper maps permanent? × preserveMethod? to a single code: (permanent, preserve) → 308, (permanent, GET-ok) → 301, (temporary, preserve) → 307, (temporary, GET-ok) → 302. Each cell cites its RFC section so you can verify the answer. A self-check function confirms every record's class equals floor(code/100) and every cacheable flag matches the §15.1 list — the lookup's version of a cross-formula check.
Worked examples
Lookup of 404
- Search: 404 → 404 Not Found
- Class: floor(404 / 100) = 4 → Client Error
- Cacheable by default: Yes (404 is in the RFC 9110 §15.1 list)
- Safe to retry: No (the resource is absent; retrying unchanged won't help)
- Has body: Yes · Source: RFC 9110 §15.5.5
301 vs 308 — I moved a POST endpoint permanently
- Decision helper → Redirect
- Permanent? Yes · Preserve method? Yes
- permanent × preserve-method → 308 Permanent Redirect
- Why not 301? 301 is permanent too, but a client MAY rewrite POST to GET
- Source: RFC 9110 §15.4.9 (308) vs §15.4.2 (301)
201 vs 204 — what to return after a write
- Decision helper → Success
- Created a new resource? Yes → 201 Created (add a Location header)
- If instead nothing was created and there's no body → 204 No Content
- If the work is queued for later → 202 Accepted
- Source: RFC 9110 §15.3.2 / §15.3.5 / §15.3.3
Frequently asked questions
Sources & references
- RFC 9110 — HTTP Semantics, §15 Status Codes (IETF, June 2022)
- IANA — HTTP Status Code Registry
- MDN Web Docs — HTTP response status codes (plain-English cross-check)
Every code on this page links to the exact RFC section that defines it. The table was last cross-checked against RFC 9110 §15 and the IANA registry on 2026-06-27. Names and behaviour flags follow the RFC verbatim; plain-English descriptions are paraphrased and cross-checked against MDN.
Related tools
Comments & feedback
Spotted a bug or want an improvement? Tell us — our team reviews every comment, and good ideas get built. Comments are public and anonymous.
Found a wrong flag, a missing code, or an edge case?
Email me at [email protected] — most fixes ship within 24 hours.