HTTP Status Code Guides
Human-readable explanations of HTTP status codes β what each one means, why it happens, and how to resolve it. IANA HTTP status code definitions are grounded in the IANA registry and IETF RFC specifications. Platform and browser/network error guides cite vendor and client documentation (Cloudflare, Nginx, Chromium).
1xx Informational
Informational responses (100β199) indicate that the server has received the request and the client should continue. These are interim responses used primarily in protocol negotiation.
- HTTP 100 Continue β HTTP 100 Continue is an interim response telling the client its request headers were accepted and it should go ahead and send the request body.
- HTTP 101 Switching Protocols β HTTP 101 Switching Protocols confirms the server is switching to the protocol the client asked for in its Upgrade header β most often a WebSocket handshake.
- HTTP 102 Processing β HTTP 102 Processing is a WebDAV interim status telling the client the server is still working on a long request so the connection does not time out.
- HTTP 103 Early Hints β HTTP 103 Early Hints lets the server send preload and preconnect Link headers before the final response, so the browser can start fetching critical assets sooner.
- HTTP 104 Upload Resumption Supported β HTTP 104 Upload Resumption Supported is an experimental interim status signaling that the server supports resumable uploads for the request.
2xx Success
Success responses (200β299) indicate the request was received, understood, and accepted. The specific code tells the client how to interpret the response body and what action, if any, was taken.
- HTTP 200 OK β HTTP 200 OK is the standard success response. The request was received, understood, and fulfilled.
- HTTP 201 Created β HTTP 201 Created indicates the request succeeded and a new resource was created as a result.
- HTTP 202 Accepted β HTTP 202 Accepted means the request was received and is valid, but it will be processed asynchronously and is not finished yet.
- HTTP 203 Non-Authoritative Information β HTTP 203 Non-Authoritative Information means the returned metadata came from a transforming proxy or cache rather than directly from the origin server.
- HTTP 204 No Content β HTTP 204 No Content indicates the request succeeded but there is no content to return.
- HTTP 205 Reset Content β HTTP 205 Reset Content tells the client the request succeeded and it should reset the form or document view that triggered it.
- HTTP 206 Partial Content β HTTP 206 Partial Content answers a valid Range request by returning only the requested byte range β the basis for resumable downloads and media streaming.
- HTTP 207 Multi-Status β HTTP 207 Multi-Status returns several independent status codes in one XML body, used by WebDAV when a single request affects multiple resources.
- HTTP 208 Already Reported β HTTP 208 Already Reported avoids repeating a resourceβs status in a WebDAV multi-status response when it has already been enumerated.
- HTTP 226 IM Used β HTTP 226 IM Used means the server fulfilled a GET by applying one or more instance manipulations (delta encoding) to the current resource.
3xx Redirect Codes
Redirection responses (300β399) indicate the client must take additional action to complete the request. The choice between permanent and temporary, and between method-preserving and non-preserving redirects, has real implications for SEO, caching, and client behavior.
- HTTP 300 Multiple Choices β HTTP 300 Multiple Choices means the request has more than one possible response and a choice must be made β rarely used directly in practice.
- HTTP 301 Moved Permanently β HTTP 301 Moved Permanently tells clients and search engines that a resource has permanently moved to a new URL.
- HTTP 302 Found β HTTP 302 Found signals a temporary redirect. The original URL remains valid and should not be updated by clients.
- HTTP 303 See Other β HTTP 303 See Other redirects the client to retrieve the response from a different URL using GET, regardless of the original method.
- HTTP 304 Not Modified β HTTP 304 Not Modified tells the client its cached version is still current β no body is sent.
- HTTP 305 Use Proxy β HTTP 305 Use Proxy was meant to direct the client to retry through a specific proxy. It is deprecated and ignored by modern browsers for security reasons.
- HTTP 308 Permanent Redirect β HTTP 308 Permanent Redirect is a permanent redirect that preserves the HTTP method β the method-safe alternative to 301.
4xx Client Errors
Client error responses (400β499) indicate the server cannot process the request due to a problem on the client side β malformed syntax, missing authentication, insufficient permissions, or missing resources.
- HTTP 400 Bad Request β HTTP 400 Bad Request means the server cannot process the request due to malformed syntax or invalid input.
- HTTP 401 Unauthorized β HTTP 401 Unauthorized means authentication is required and has either not been provided or has failed.
- HTTP 402 Payment Required β HTTP 402 Payment Required is reserved for future use; some APIs repurpose it to flag a billing or quota problem, but it has no standardized behavior.
- HTTP 403 Forbidden β HTTP 403 Forbidden means the server understood the request but refuses to authorize it.
- HTTP 404 Not Found β HTTP 404 Not Found is the most recognized HTTP error β the requested resource does not exist at this URL.
- HTTP 405 Method Not Allowed β HTTP 405 Method Not Allowed means the request method is not supported for the target resource.
- HTTP 406 Not Acceptable β HTTP 406 Not Acceptable means the server cannot produce a response matching the clientβs Accept headers for content type, language, or encoding.
- HTTP 407 Proxy Authentication Required β HTTP 407 Proxy Authentication Required is like 401, but the credentials are required by an intermediate proxy, signaled with the Proxy-Authenticate header.
- HTTP 408 Request Timeout β HTTP 408 Request Timeout means the server timed out waiting for the client to send a complete request.
- HTTP 409 Conflict β HTTP 409 Conflict means the request conflicts with the current state of the resource.
- HTTP 410 Gone β HTTP 410 Gone permanently signals that a resource has been intentionally removed and will not return.
- HTTP 411 Length Required β HTTP 411 Length Required means the server refuses the request because it does not include a Content-Length header.
- HTTP 412 Precondition Failed β HTTP 412 Precondition Failed means a conditional header such as If-Match or If-Unmodified-Since evaluated to false, so the server did not perform the request.
- HTTP 413 Content Too Large β HTTP 413 Content Too Large means the request body is bigger than the server is willing or able to process.
- HTTP 414 URI Too Long β HTTP 414 URI Too Long means the request URL is longer than the server will accept β often from excessive query parameters or a GET that should be a POST.
- HTTP 415 Unsupported Media Type β HTTP 415 Unsupported Media Type means the request body is in a format the endpoint does not support, rejected based on its Content-Type.
- HTTP 416 Range Not Satisfiable β HTTP 416 Range Not Satisfiable means the requested byte range falls outside the size of the target resource.
- HTTP 417 Expectation Failed β HTTP 417 Expectation Failed means the server cannot meet the requirement given in the requestβs Expect header.
- HTTP 421 Misdirected Request β HTTP 421 Misdirected Request means the request reached a server that cannot produce a response for the requested authority β common with HTTP/2 connection reuse.
- HTTP 422 Unprocessable Content β HTTP 422 Unprocessable Entity means the request is syntactically valid but semantically invalid.
- HTTP 423 Locked β HTTP 423 Locked means the target resource is locked (WebDAV) and cannot be accessed or modified until the lock is released.
- HTTP 424 Failed Dependency β HTTP 424 Failed Dependency means the request failed because an earlier request it depended on also failed.
- HTTP 425 Too Early β HTTP 425 Too Early means the server refuses to process a request carried in TLS early data, to avoid the risk of replay attacks.
- HTTP 426 Upgrade Required β HTTP 426 Upgrade Required means the server refuses the request on the current protocol and asks the client to upgrade (for example to TLS or HTTP/2).
- HTTP 428 Precondition Required β HTTP 428 Precondition Required means the server requires the request to be conditional (such as If-Match) to prevent lost-update conflicts.
- HTTP 429 Too Many Requests β HTTP 429 Too Many Requests means the client has exceeded the rate limit for this endpoint.
- HTTP 431 Request Header Fields Too Large β HTTP 431 Request Header Fields Too Large means the server refuses the request because its headers β often an oversized Cookie β are too large.
- HTTP 451 Unavailable For Legal Reasons β HTTP 451 Unavailable For Legal Reasons indicates the resource is blocked due to a legal demand.
5xx Server Errors
Server error responses (500β599) indicate the server failed to fulfill a valid request. These are almost always actionable on the server side and should be monitored in production.
- HTTP 500 Internal Server Error β HTTP 500 Internal Server Error is the generic catch-all for server-side failures.
- HTTP 501 Not Implemented β HTTP 501 Not Implemented means the server does not support the functionality required to fulfill the request.
- HTTP 502 Bad Gateway β HTTP 502 Bad Gateway means a server acting as a gateway received an invalid response from an upstream server.
- HTTP 503 Service Unavailable β HTTP 503 Service Unavailable means the server is temporarily unable to handle the request, typically due to overload or maintenance.
- HTTP 504 Gateway Timeout β HTTP 504 Gateway Timeout means a proxy or gateway timed out waiting for a response from an upstream server.
- HTTP 505 HTTP Version Not Supported β HTTP 505 HTTP Version Not Supported means the server does not support the HTTP protocol version used in the request.
- HTTP 506 Variant Also Negotiates β HTTP 506 Variant Also Negotiates indicates a server content-negotiation misconfiguration where the chosen variant is itself a negotiation endpoint.
- HTTP 507 Insufficient Storage β HTTP 507 Insufficient Storage means the server cannot complete the request because it has nowhere to store the representation it needs (out of disk or quota).
- HTTP 508 Loop Detected β HTTP 508 Loop Detected means the server stopped the request because it ran into an infinite loop while processing it.
- HTTP 510 Not Extended β HTTP 510 Not Extended means the server requires a protocol extension that the request did not include.
- HTTP 511 Network Authentication Required β HTTP 511 Network Authentication Required means a captive portal (such as a Wi-Fi login page) requires the client to authenticate before granting network access.
Platform-specific & Network Errors
Non-IANA codes and browser/network failure signals used by Cloudflare, Nginx, and browsers. These appear in production logs and browser DevTools during outages, CDN misconfigurations, and TLS failures.
Cloudflare edge / proxy errors
- Cloudflare 520 β Unknown Error β origin returned an unexpected or unparseable response
- Cloudflare 521 β Web Server Is Down β origin actively refused the TCP connection
- Cloudflare 522 β Connection Timed Out β TCP handshake to origin timed out
- Cloudflare 523 β Origin Is Unreachable β origin IP or hostname not reachable from Cloudflare
- Cloudflare 524 β A Timeout Occurred β origin connected but took too long to respond
- Cloudflare 525 β SSL Handshake Failed β TLS negotiation between Cloudflare and origin failed
- Cloudflare 526 β Invalid SSL Certificate β origin certificate failed validation (Full Strict mode)
- Cloudflare 530 β Origin DNS Error β Cloudflare cannot resolve origin hostname
Nginx non-standard log codes
- Nginx 444 β No Response β Nginx closes connection with no HTTP response (intentional block)
- Nginx 499 β Client Closed Request β client disconnected before Nginx/upstream finished responding
Browser, DNS, and TLS errors
- ERR_CONNECTION_REFUSED β server port not listening or firewall rejected connection
- ERR_NAME_NOT_RESOLVED β DNS lookup for hostname failed
- ERR_CERT_COMMON_NAME_INVALID β TLS certificate hostname mismatch
- SSL Handshake Failed β TLS version or cipher negotiation failure