1xxs – Provide some kind of additional information
100 Continue – Everything is OK right now. Keep going.
101 Switching Protocols – There is a message, such as an upgrade request, that’s changing things to a different protocol.
102 Processing – Things are happening but are not done yet.
103 Early Hints – Lets you preload resources, which can help improve Largest Contentful Paint for Core Web Vitals.
2xxs – Show that a request is successful
200 OK – All good. Everything is successful.
201 Created – Similar to 200, but the measure of success is that a new resource has been created.
202 Accepted – A request has been accepted for processing, but it hasn’t been completed yet. It may not have even started yet.
203 Non-Authoritative Information – Something has changed after it was sent from the server to you.
204 No Content – The request has been sent, but there’s no content in the body.
205 Reset Content – Resets the document to the original state, e.g., clearing a form.
206 Partial Content – Only some of the content has been sent.
207 Multi-Status – There are more response codes that could be 2xx, 3xx, 4xx, or 5xx.
208 Already Reported – The client tells the server the same resource was mentioned earlier.
218 This is fine – Unofficial use by Apache.
226 IM Used – This allows the server to send changes (diffs) of resources to clients.
3xxs – Related to redirects mostly but with few exceptions
300 Multiple Choices – There’s more than one possible response, and you may have to choose one of them.
301 Moved Permanently – The old resource now redirects to the new resource.
302 Moved Temporarily – The old resource now redirects to the new resource temporarily.
303 See Other – This is another redirect that indicates the resource may be found somewhere else.
304 Not Modified – Says the page hasn’t been modified. Typically used for caching.
305 Use Proxy – The requested resource is only available if you use a proxy.
306 Switch Proxy – Your next requests should use the proxy specified. This code is no longer used.
307 Temporary Redirect – Has the same functionality as a 302 redirect, except you can’t switch between POST and GET.
307 HSTS Policy – Forces the client to use HTTPS when making requests instead of HTTP.
308 Permanent Redirect – Has the same functionality as a 301 redirect, except you can’t switch between POST and GET.
4xxs – Errors on the client’s side
400 Bad Request – Something with the client request is wrong. It’s possibly malformed, invalid, or too large. And now the server can’t understand the request.
401 Unauthorized – The client hasn’t identified or verified itself when needed.
402 Payment Required – This doesn’t have an official use, and it’s reserved for the future for some kind of digital payment system. Some merchants use this for their own reasons, e.g., Shopify uses this when a store hasn’t paid its fees, and Stripe uses this for potentially fraudulent payments.
403 Forbidden – The client is known but doesn’t have access rights.
404 Not Found – The requested resource isn’t found.
405 Method Not Allowed – The request method used isn’t supported, e.g., a form needs to use POST but uses GET instead.
406 Not Acceptable – The accept header requested by the client can’t be fulfilled by the server.
407 Proxy Authentication Required – The authentication needs to be done via proxy.
408 Request Timeout – The server has timed out or decided to close the connection.
409 Conflict – The request conflicts with the state of the server.
410 Gone – Similar to a 404 where the request isn’t found, but this also says it won’t be available again.
411 Length Required – The request doesn’t contain a content-length field when it is required.
412 Precondition Failed – The client puts a condition on the request that the server doesn’t meet.
413 Payload Too Large – The request is larger than what the server allows.
414 URI Too Long – The URI requested is longer than the server allows.
415 Unsupported Media Type – The format requested isn’t supported by the server.
416 Range Not Satisfiable – The client asks for a portion of the file that can’t be supplied by the server, e.g., it asks for a part of the file beyond where the file actually ends.
417 Expectation Failed – The expectation indicated in the “Expect” request header can’t be met by the server.
418 I’m a Teapot – Happens when you try to brew coffee in a teapot. This started as an April Fool’s joke in 1998 but is actually standardized. With everything being smart devices these days, this could potentially be used.
419 Page Expired – Unofficial use by Laravel Framework.
420 Method Failure – Unofficial use by Spring Framework.
420 Enhance Your Calm – Unofficial use by Twitter.
421 Misdirected Request – The server that a request was sent to can’t respond to it.
422 Unprocessable Entity – There are semantic errors in the request.
423 Locked – The requested resource is locked.
424 Failed Dependency – This failure happens because it needs another request that also failed.
425 Too Early – The server is unwilling to process the request at this time because the request is likely to come again later.
426 Upgrade Required – The server refuses the request until the client uses a newer protocol. What needs to be upgraded is indicated in the “Upgrade” header.
428 Precondition Required – The server requires the request to be conditional.
429 Too Many Requests – This is a form of rate-limiting to protect the server because the client sent too many requests to the server too fast.
430 Request Header Fields Too Large – Unofficial use by Shopify.
431 Request Header Fields Too Large – The server won’t process the request because the header fields are too large.
440 Login Time-out – Unofficial use by IIS.
444 No Response – Unofficial use by nginx.
449 Retry With – Unofficial use by IIS.
450 Blocked by Windows Parental Controls – Unofficial use by Microsoft.
451 Unavailable For Legal Reasons – This is blocked for some kind of legal reason. You’ll see it sometimes with country-level blocks, e.g., blocked news or videos, due to privacy or licensing. You may see it for DMCA takedowns. The code itself is a reference to the novel Fahrenheit 451.
451 Redirect – Unofficial use by IIS.
460 – Unofficial use by AWS Elastic Load Balancer.
463 – Unofficial use by AWS Elastic Load Balancer.
494 Request header too large – Unofficial use by nginx.
495 SSL Certificate Error – Unofficial use by nginx.
496 SSL Certificate Required – Unofficial use by nginx.
497 HTTP Request Sent to HTTPS Port – Unofficial use by nginx.
498 Invalid Token – Unofficial use by Esri.
499 Client Closed Request – Unofficial use by nginx.
499 Token Required – Unofficial use by Esri.
5xxs – Errors on the server’s side
500 Internal Server Error – The server encounters some kind of issue and doesn’t have a better or more specific error code.
501 Not Implemented – The request method isn’t supported by the server.
502 Bad Gateway – The server was in the middle of a request and used for routing. But it has received a bad response from the server it was routing to.
503 Service Unavailable – The server is overloaded or down for maintenance and can’t handle the request right now. It will probably be back up soon.
504 Gateway Timeout – The server was in the middle of a request and used for routing. But it has not received a timely response from the server it was routing to.
505 HTTP Version Not Supported – This is exactly what it says: The HTTP protocol version in the request isn’t supported by the server.
506 Variant Also Negotiates – Allows the client to get the best variant of a resource when the server has multiple variants.
507 Insufficient Storage – The server can’t store what it needs to store to complete the request.
508 Loop Detected – The server found an infinite loop when trying to process the request.
509 Bandwidth Limit Exceeded – Unofficial use by Apache and cPanel.
510 Not Extended – More extensions to the request are required before the server will fulfill it.
511 Network Authentication Required – The client needs authentication before the server allows network access.
520 Web Server Returned an Unknown Error – Unofficial use by Cloudflare.
521 Web Server is Down – Unofficial use by Cloudflare.
522 Connection Timed Out – Unofficial use by Cloudflare.
523 Origin is Unreachable – Unofficial use by Cloudflare.
524 A Timeout Occurred – Unofficial use by Cloudflare.
525 SSL Handshake Failed – Unofficial use by Cloudflare.
526 Invalid SSL Certificate – Unofficial use by Cloudflare.
527 Railgun Error – Unofficial use by Cloudflare.
529 Site is overloaded – Unofficial use by Qualys.
530 – Unofficial use by Cloudflare.
530 Site is frozen – Unofficial use by Pantheon.
561 Unauthorized – Unofficial use by AWS Elastic Load Balancer.
598 (Informal convention) Network read timeout error – Unofficial use by some HTTP proxies.
