HTTP Status Codes

Complete reference for all HTTP status codes with descriptions and common use cases

Showing 63 of 63 status codesHTTP/1.1 RFC 7231, RFC 6585, RFC 4918, RFC 7538

What is HTTP Status Codes?

HTTP status codes are three-digit integers that a server returns in the first line of its response to indicate the outcome of a client's request. They are organized into five classes defined by the first digit: 1xx signals informational meta-data about the request processing, 2xx confirms that the request was received and understood successfully, 3xx indicates that further action is needed to complete the request (usually redirection), 4xx reports errors caused by the client's malformed or unauthorized request, and 5xx reveals that the server failed to fulfill an apparently valid request. Choosing the correct status code is critical for API usability, client error handling, and search engine optimization.

How to Use

  1. Scroll through the full list or filter by category (1xx through 5xx) to narrow down to a specific response class
  2. Type a code number, status name, or keyword into the search bar to jump directly to a relevant entry
  3. Click any status code card to expand its detail panel, which includes the official description and common use cases
  4. Reference the category badges and color coding to quickly distinguish informational, success, redirection, and error responses

Why Use This Tool?

Complete reference of every standard HTTP status code with official descriptions from the relevant RFCs
Category-based filtering lets you focus on one response class at a time, such as all client errors
Detailed use-case panels for the most common codes help you choose the right one when designing APIs
Search by code, name, or keyword so you can find the correct status even if you only remember part of it

Tips & Best Practices

  • Always return the most specific status code available — 404 for a missing resource rather than a generic 400
  • Distinguish 4xx (client error) from 5xx (server error) in your logging so that alerting systems can route issues correctly
  • Include a Retry-After header with 429 Too Many Requests and 503 Service Unavailable responses to guide client retry behavior
  • For REST APIs, prefer 201 Created over 200 OK for resource creation and 204 No Content for successful deletions

Frequently Asked Questions

What is the difference between 401 Unauthorized and 403 Forbidden?

401 means the request lacks valid authentication credentials — the client must authenticate before retrying. 403 means the server understood the request and the client is authenticated, but the server refuses to authorize the action. In practice: return 401 when the user is not logged in, and 403 when the user is logged in but lacks the required permission.

When should I use 301 vs 302 redirect?

Use 301 Moved Permanently when the resource has permanently relocated — search engines will transfer link equity to the new URL and update their index. Use 302 Found for temporary moves where the original URL should remain indexed. A 308 is the modern equivalent of 301 that preserves the request method (POST stays POST), while 307 is the method-preserving equivalent of 302.

What does 429 Too Many Requests mean?

429 indicates rate limiting: the client has exceeded the allowed number of requests in a given time window. The response should include a Retry-After header specifying how many seconds to wait before the next attempt. APIs use this code to enforce fair usage quotas and protect backend services from abuse.

When should I NOT use specific HTTP status codes?

Avoid returning 200 OK with an error payload (the 'everything is 200' anti-pattern) — it breaks standard HTTP clients and monitoring tools. Also avoid using 4xx codes for server-side errors or 5xx for client mistakes. Never use 418 I'm a Teapot in production APIs; it is an Easter egg from RFC 2324 and not intended for real use.

Is my browsing data private when using this tool?

Yes. This tool is a static reference that runs entirely in your browser. No HTTP requests you look up are transmitted anywhere. The tool does not make any network calls or log your activity.

What is the difference between 404 Not Found and 410 Gone?

404 means the server has no information about the requested resource — it may never have existed or may exist in the future. 410 Gone explicitly states that the resource existed previously but has been permanently removed and will not return. Search engines treat 410 as a stronger signal to de-index the URL compared to 404.

Real-world Examples

Designing a REST API response for resource creation

When a client POSTs a new resource, the server should return 201 Created with a Location header pointing to the new resource's URL.

Input
POST /api/users
{ "name": "Alice", "email": "[email protected]" }
Output
HTTP/1.1 201 Created
Location: /api/users/42
Content-Type: application/json

{ "id": 42, "name": "Alice", "email": "[email protected]" }

Handling rate limiting in an API gateway

When a client exceeds the rate limit, the server returns 429 with a Retry-After header so the client knows when to resume requests.

Input
GET /api/data (1001st request in 60-second window)
Output
HTTP/1.1 429 Too Many Requests
Retry-After: 45
Content-Type: application/json

{ "error": "Rate limit exceeded", "retryAfter": 45 }

Related Tools