HTTP status code categories

2xx Success codes

Request succeeded.

  • 200 OK — Standard successful response with content
  • 201 Created — Resource successfully created (POST request)
  • 202 Accepted — Request accepted but processing not complete
  • 204 No Content — Success but no content to return
  • 206 Partial Content — Range request (video seeking, resume download)

3xx Redirection codes

Client must take additional action.

  • 301 Moved Permanently — Resource moved to new URL (update bookmarks)
  • 302 Found — Temporary redirect (original URL still valid)
  • 303 See Other — Redirect to different resource (POST → GET)
  • 304 Not Modified — Cached version is still current (saves bandwidth)
  • 307 Temporary Redirect — Like 302 but preserves HTTP method
  • 308 Permanent Redirect — Like 301 but preserves HTTP method

4xx Client Error codes

Problem with the request.

  • 400 Bad Request — Malformed syntax, invalid parameters
  • 401 Unauthorized — Authentication required (should be "Unauthenticated")
  • 403 Forbidden — Authentication passed but access denied (detailed guide)
  • 404 Not Found — Resource doesn't exist at this URL (detailed guide)
  • 405 Method Not Allowed — Wrong HTTP method (GET vs POST)
  • 408 Request Timeout — Server gave up waiting for complete request
  • 409 Conflict — Request conflicts with current state (version mismatch)
  • 410 Gone — Resource permanently removed (stronger than 404)
  • 413 Payload Too Large — Request body exceeds server limits
  • 414 URI Too Long — URL exceeds maximum length
  • 415 Unsupported Media Type — Server doesn't handle this content type
  • 422 Unprocessable Entity — Syntax valid but semantically invalid
  • 429 Too Many Requests — Rate limit exceeded

5xx Server Error codes

Server failed to fulfill request.

  • 500 Internal Server Error — Generic server-side failure
  • 501 Not Implemented — Server doesn't support this feature
  • 502 Bad Gateway — Upstream server returned invalid response
  • 503 Service Unavailable — Temporary overload or maintenance
  • 504 Gateway Timeout — Upstream server took too long to respond
  • 505 HTTP Version Not Supported — HTTP version not recognized

Common error scenarios

Authentication and authorization

401 vs 403 confusion:

  • 401: "Who are you?" (need to authenticate)
  • 403: "I know who you are, but no." (insufficient permissions)

Many servers incorrectly return 403 when they mean 401.

Redirect chains

Multiple redirects slow down page load:

http://example.com → https://example.com → https://www.example.com

Better: Direct redirect from http to canonical https://www

Best: Configure DNS/CDN to avoid unnecessary hops.

Rate limiting

429 Too Many Requests:

  • Check Retry-After header (when to try again)
  • Implement exponential backoff in API clients
  • Respect rate limits documented in API docs

Gateway errors (502, 503, 504)

Troubleshooting order:

  1. 502: Check if upstream server is running
  2. 503: Check server capacity/load
  3. 504: Check upstream response time and timeout settings

These often indicate infrastructure problems rather than application bugs.

Best practices

Setting appropriate status codes

For site owners:

  • Use correct codes — don't return 200 for errors
  • Avoid soft 404s — return proper 404, not 200 with "not found" message
  • Set cache headers — especially for 404 (short cache) and 301 (long cache)
  • Include error details — helpful error pages with navigation

Handling errors gracefully

For developers:

  • Check status codes — don't assume 200
  • Handle redirects — most HTTP clients do this automatically
  • Retry on 5xx — with exponential backoff
  • Don't retry 4xx — fixing request won't help (except rate limits)

Monitoring error rates

Track error rate metrics:

  • 4xx rate — indicates client problems or API misuse
  • 5xx rate — indicates server problems (alert on spikes)
  • Specific codes — 404 trends may indicate broken links

Debugging with status codes

Using curl to check status

# Get status code only
curl -o /dev/null -s -w "%{http_code}\n" https://example.com

# See full headers
curl -I https://example.com

# Follow redirects
curl -L -I https://example.com

Browser developer tools

  1. Open DevTools (F12)
  2. Go to Network tab
  3. Reload page
  4. Check Status column for each request
  5. Click request for detailed headers

Common troubleshooting

404 on working page:

  • Check for typos in URL
  • Verify server configuration (rewrite rules)
  • Check file permissions
  • Look for case sensitivity issues (Linux)

Intermittent 502/503:

  • Check server logs for crashes
  • Monitor resource usage (CPU, memory)
  • Verify upstream connectivity
  • Check for traffic spikes

Unexpected 403:

  • Review WAF/firewall logs
  • Check IP restrictions
  • Verify authentication tokens
  • Test from different IP/location

Related pages