What Are HTTP Status Codes?
Introduction
If you’ve ever wondered how your browser knows when a request has succeeded, you’re in the right place! The HTTP specification, or section 6.xx
of the RFC document, lists a variety of three-digit numbers that denote a specific event in an HTTP response. Whether your request to a certain web server is successful or not — or even if you’re redirected elsewhere — there will always be a HTTP response code waiting for your browser inside of the respective response header.
The most common status codes you might have inadvertently heard of are the “404 Not Found” error and possibly “200 OK.” These status codes make up a large majority of web requests. Whenever a website server successfully generates a reply, it returns a group of successful status codes in the 2xx
range.
You've probably noticed the 4xx
series:
All of these denote client errors. Section 6 of RFC7231 has other HTTP specification information, including GET/POST requests from your browser and how clients should negotiate with HTTP servers. You can read about HTTP specifications in plain English in this section, or you can read RFC7231 here.
200 Level Status Codes (Successful)
As mentioned previously, 2xx status codes generally denote a successful request to a web server. These include:
- 200 OK
- When you send a successful request to, say, https://bunny.net, the server sends a “200 OK” response.
- 201 Created
- This is more commonly used in API requests. When you send a request to, for example, deploy a virtual machine, a REST API can respond with “201 Created” to tell a client that the “resource” has been created.
- 202 Accepted
- This denotes a request that has been received but requires more time to process (i.e., an asynchronous request). This code is used for requests that require a large set of data to be processed.
- 204 No Content
- The webserver has nothing to say in response to a request. When this status code is used, there is no "body" to return to a client.
- 205 Reset Content
- Used to tell a client to reset a page; an example would be a successful submission of a form and a server replying that the form should be cleared.
300 Level Status Codes (Redirection)
The most popular redirection status codes are 301/302. These indicate both permanent and temporary redirects, respectively. Less popular status codes will only be referred to by their names.
- 300 Multiple Options
- The 300 status code is used sparingly. It provides multiple options in a non-standard response so that individual clients can choose the best URL based on the user-agent.
- 301 Moved Permanently
- This status code tells a client that a page has been moved permanently. The client won't visit the old URL, but will keep a copy of the newer URL in the "Location" header. There should also be no content inside the body of the request.
- 302 Found
- Denotes a temporary redirect (within the “Location” header field) to another website or URL.
- 303 See Other
- 305 Use Proxy
- 307 Temporary Redirect
400 Level Status Codes (Client Errors)
The 400-series of status codes represent client-side errors, and range from 400-426 (the list below is non-exhaustive):
- 400 Bad Request
- This occurs with malformed HTTP requests: invalid headers, invalid request body, etc.
- 401 Unauthorized
- Client not authenticated.
- 402 Payment Required
- 403 Forbidden
- You do not have permission to access a particular document or resource on a server.
- 404 Not Found
- File or document requested by a client could not be found on the server
- 405 Method Not Allowed
- Example: If you send a GET request to an endpoint that only accepts POST requests, the endpoint can return the
405
status code
- 406 Not Acceptable
- 408 Request Timeout
- 409 Conflict
- 410 Gone
- The resource requested has been permanently removed.
500 Level Status Codes (Server Errors)
The final class of status codes is the 5xx series — a server returns these errors to denote a server-side error.
- 500 Internal Server Error
- Occurs when a server encounters an exception, or is in an unknown state; in response, the server notifies a client that it is unable to handle the error and thus cannot process the request.
- 501 Not Implemented
- As the name implies, “501” errors occur when a server does not have the capability to process the request.
- 502 Bad Gateway
- When using a (reverse) proxy, this indicates that the origin server responded with an invalid HTTP response (or is offline).
- 503 Service Unavailable
- The server is unable to process the request; generally, this occurs when a server is being attacked, or is under extreme loads.
- 504 Gateway Timeout
- The gateway server (i.e. a reverse proxy server) could not connect to the origin due to a time-out. This does not guarantee that the origin is down, however, it strongly indicates that there is an issue with the origin (which is causing the long delay, or time out).
- 505 HTTP Version Unsupported
- Sent to a client when the server does not support an HTTP protocol version that the client is using.
Conclusion
Whether you’re visiting Google or sending an API request, HTTP status codes provide valuable information. They provide a mechanism for web servers to indicate successful requests and a huge variety of errors.
In short: HTTP Status Codes play an important role on the Internet -- from acknowledgment responses to errors, they give valuable information regarding both client and server-side issues.