HTTP Status Codes

The server has received the request headers and the client should proceed to send the request body. This lets the …

The server understands the Upgrade header field request and indicates which protocol it is switching to.

The server has received and is processing the request, but no response is available yet. Prevents the client from timing …

Used to return some response headers before the final HTTP message. Allows the browser to start preloading resources while the …

The request succeeded. The meaning depends on the HTTP method: GET returns the resource, POST reports the action result, HEAD …

The request succeeded and a new resource was created. Typically returned after POST or PUT requests that create a new …

The request has been accepted for processing, but the processing has not been completed. The request might or might not …

The response payload has been modified by a transforming proxy from the origin server's 200 response.

The server successfully processed the request but is not returning any content. Common for DELETE operations and form submissions that …

The server fulfilled the request and the client should reset the document view (e.g., clear a form).

The server is delivering only part of the resource due to a Range header sent by the client. Used for …

The response body contains status information for multiple resources, in situations where multiple status codes might be appropriate (WebDAV).

Used inside a DAV: propstat response element to avoid enumerating internal members of multiple bindings to the same collection repeatedly.

The server has fulfilled a GET request for the resource, and the response is a representation of the result of …

The request has more than one possible response. The client should choose one of them.

The resource has been permanently moved to a new URL. All future requests should use the new URL. Search engines …

The resource temporarily resides at a different URL. The client should continue using the original URL for future requests.

The server is redirecting to a different resource using GET, typically after a POST operation (Post/Redirect/Get pattern).

The resource has not been modified since the last request. The client can use its cached copy.

The resource temporarily resides at a different URL. Unlike 302, this guarantees the HTTP method will NOT be changed.

The resource has been permanently moved. Like 301, but guarantees the HTTP method will NOT be changed.

The server cannot process the request due to malformed syntax, invalid request message framing, or deceptive request routing.

The request requires user authentication. The response includes a WWW-Authenticate header indicating the authentication scheme.

Reserved for future use. Originally intended for digital payment systems, some APIs use it to indicate a billing or subscription …

The server understood the request but refuses to authorize it. Unlike 401, authentication will not help — the user simply …

The server cannot find the requested resource. The URL may be wrong, the resource may have been deleted, or it …

The HTTP method is not allowed for the requested resource. The response includes an Allow header listing valid methods.

The server cannot produce a response matching the Accept headers sent by the client.

The client must first authenticate itself with the proxy.

The server timed out waiting for the request. The client did not produce a request within the time the server …

The request conflicts with the current state of the server. Often due to concurrent modification or business rule violations.

The resource is permanently gone and will not be available again. Unlike 404, this is intentional and permanent.

The server refuses to accept the request without a Content-Length header.

One or more conditions in the request headers (If-Match, If-Unmodified-Since) evaluated to false.

The request payload exceeds the server's size limit.

The URI provided was too long for the server to process.

The server refuses to accept the request because the Content-Type is not supported.

The server cannot serve the requested byte range. The Range header value is outside the resource's size.

The server cannot meet the requirements of the Expect header.

Any attempt to brew coffee with a teapot should result in this error. An April Fools' joke from 1998 that …

The request was directed at a server that is unable to produce a response for the combination of scheme and …

The server understands the content type and syntax, but was unable to process the contained instructions. Common in API validation …

The resource is locked and cannot be modified (WebDAV).

The request failed because it depended on another request that failed (WebDAV).

The server is unwilling to risk processing a request that might be replayed. Used with TLS 1.3 early data (0-RTT).

The server refuses to perform the request using the current protocol but might after the client upgrades to a different …

The server requires the request to be conditional (e.g., include If-Match header) to prevent lost updates.

The user has sent too many requests in a given time (rate limiting). The response should include a Retry-After header.

The server refuses to process the request because an individual header field or all headers collectively are too large.

The server is denying access to the resource as a consequence of a legal demand. Named after Ray Bradbury's Fahrenheit …

A non-standard status code used by Nginx when the client closes the connection before the server responds.

The server encountered an unexpected condition that prevented it from fulfilling the request. A generic catch-all for server-side errors.

The server does not support the functionality required to fulfill the request. The server either does not recognize the request …

The server, acting as a gateway or proxy, received an invalid response from the upstream server.

The server is temporarily unable to handle the request due to maintenance or overload. Should include a Retry-After header.

The server, acting as a gateway or proxy, did not receive a timely response from the upstream server.

The server does not support the HTTP version used in the request.

The server has an internal configuration error: the chosen variant resource is configured to engage in content negotiation itself.

The server is unable to store the representation needed to complete the request (WebDAV).

The server detected an infinite loop while processing the request (WebDAV).

Further extensions to the request are required for the server to fulfill it.

The client needs to authenticate to gain network access. Used by captive portals (hotel/airport WiFi).

Cloudflare-specific. The origin server returned an unexpected response that Cloudflare could not process.

Cloudflare-specific. The origin server refused the connection.

Cloudflare-specific. TCP connection to the origin server timed out.

Cloudflare-specific. Cloudflare could not reach the origin server (DNS resolution failed or no route).

Cloudflare-specific. A TCP connection was established but the origin didn't respond with an HTTP response in time.

Cloudflare-specific. SSL/TLS handshake with the origin server failed.

Cloudflare-specific. The origin's SSL certificate could not be validated.

Cloudflare-specific. Used by Pantheon hosting to indicate a frozen site.