42
HTTP status codes explained for beginners
- Strictly speaking, the status code of an HTTP response
- A three-digit numeric code that indicates the meaning of the response from the server
- Indicates whether a specific HTTP request has been successfully completed
Response messages can be divided into three main types of information
-Status lines
-HTTP response headers
-HTTP response body
The status code is in the first line of the header, in the status line.
HTTP/1.1 200 OK
Date: Sat, 22 Feb 2020 08:09:30 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Server: nginx
ETag: "e287c729017cc9785487098b6b103af6"
Cache-Control: max-age=0, private, must-revalidate
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.003487The status line contains a protocol and a text phrase as well as the status code discussed here.
HTTP/1.1 200 OK- Protocol: HTTP/1.1
- Status code: 200
- Text phrase: OK
The header is further subdivided, but not in this case.
Status codes are divided into five classes
100s = information response
200s = success response
300s = Redirect
400s = Client error
500s = Server error
Below is an extract of a summary of typical status codes.
- Indicates that processing is continuing.
- The client can either continue with the request or follow the server's instructions to update the protocol and resend
- The 100s are not often used as there is no definition of a 1xx number in the HTTP/1.0 convention
The server has not rejected the request. The client can continue the request.
The server is requesting a protocol switch.
- The most common status code returned on success
- The requested operation was successful and the specified data was successfully retrieved.
- GET: the body contains the resource
- PUT, POST: The body contains the result of the operation
- POST, PUT: The request was successful and the resource was created
- In the case of POST, the URI is included in the Location header of the response
- New user registration, image upload, DB table addition, etc.
- The body often contains the newly created resource, but it doesn't have to contain anything in particular.
- The request has been accepted, but has not yet been processed.
- Returned when there is asynchronous processing to be done on the server side, such as file format conversion, push notification requests, batch processing, etc.
- Returned when the response body is empty.
- Returned when data is deleted using DELETE
- Returned when the form content has been submitted using POST, but the screen has not been updated.
- If the data was updated correctly with PUT or PATCH
- Some people think it shouldn't be used for anything other than DELETE.
- Returned when the user agent screen is reset.
- As 204, no response body.
- Indicates that there are multiple responses to a request.
- The user agent or user is presented with HTML that links to the choices and the user chooses one of them.
- The URL of the requested resource has been permanently changed.
- such as a website move or a redirect from HTTP to HTTPS.
- The Location header indicates the URL to move to.
- The URL of the requested resource has been temporarily changed.
- The destination URL is shown in the Location header.
- In practice, this is more likely to be used for 303, which has been redefined as 307 and is now deprecated.
- Indicates that the requested resource can be retrieved at a different URI.
- The Location header indicates the URL to go to.
- Used to redirect to a result page in response to a POST from a browser form.
- Temporary Redirect
- This is a redefinition of the 302 due to rampant misuse.
- The Location header shows the URL to which the user is redirected.
- User agents should not change the HTTP method they use.
- Permanent Redirects
- Redefined due to rampant non-standard usage of 301.
- The Location header indicates the URL to go to.
- User agents must not change the HTTP method they use.
- Bad request
- A bad client request, e.g. using a method that is not defined, or with incorrect parameters.
- Also used when no other status code is available to indicate a proper client error.
- Authentication errors
- Wrong ID or password on a page that requires login.
- The request does not contain the required Authorization header.
- Token expired, corrupted or otherwise invalid.
- Authorization error
- The client is not authorised to access the site, for example, because it is not authorised, and the response from the server is rejected
- Used when the server can only be accessed from a specific IP address.
- Unlike the 401, the client is still identified.
- The requested resource does not exist.
- One of the most common error status codes found on the web.
- More information is needed to determine if the URI itself does not exist, or if the resource to be retrieved does not exist.
- Sometimes a 404 is returned instead of a 403 to hide the existence of the resource from unauthorized clients.
- HTTP method not allowed although endpoint exists.
- If you try to use POST with a search API that is accessible via GET
- If the API prohibits DELETE of a resource.
- The request did not complete within the specified time.
- Commonly used by Chrome, Firefox and other browsers that use the HTTP pre-connect feature to speed up browsing.
- Occurs when the connection speed of the line is slow.
- Occurs when there is a resource conflict
- When you try to register a user with an already existing email address or the same ID.
- If you try to delete a non-empty directory or rename a resource to one that is already in use.
- When the requested content has been permanently removed from the server and there is no forwarding address.
- Unlike 404, this means that the content once existed but no longer exists.
- Intended for use in limited-time promotions.
- APIs that handle user information and return 410 may be considered problematic from the perspective of protecting personal information (the information that the user has deleted is retained ≈ the user has not completely deleted).
- Indicates that the request header or body exceeds the limit set by the server.
- The server will either close the connection or send an error message to the server (e.g. if the file upload exceeds the allowed size).
- The server will close the connection or return a Retry-After header.
- The URI requested by the client is longer than the server can handle.
- The server will close the connection or return a Retry-After header.
- The server does not support the media type (Content-Type) of the requested data, and the server rejected the request.
- XML was sent to an API that only accepts JSON requests, or an attempt was made to upload an image that is not in a supported image format.
- Returned when the number of accesses exceeds the allowed limit.
- New status code defined in RFC 6585 in 2012.
- A large number of requests have been sent that exceed the rate limit within a certain time period (e.g. an API request limit of 60 requests per minute).
- Some kind of error occurred on the server side and the response is not normal. -The error message "Something went wrong" is often returned and cannot be resolved by the client. -It is also used when there is no other appropriate error code. -You may be able to find the cause by looking at the server's error log
-There is a problem with the gateway or proxy.
-The server acting as the gateway has received an invalid response.
-The server is not ready to process the request.
-The server is down due to temporary heavy traffic or maintenance.
-In the case of maintenance, the Retry-After header can include an estimated restart time (in seconds).
-The server acting as the gateway did not receive a response within the specified time.
-This can be a temporary DNS anomaly due to site migration etc.
-The server does not support the version of the HTTP protocol requested.
-The current protocol is HTTP/2.
-HTTP/2 Overview | Web Fundamentals | Google Developers