HTTP status codes explained for beginners

What is an HTTP status code?

  • Strictly speaking, the status code of an HTTP response
  • A three-digit numeric code that indicates the meaning of the response from the server
  • Indicates whether a specific HTTP request has been successfully completed

HTTP response

Response messages can be divided into three main types of information

-Status lines
-HTTP response headers
-HTTP response body

The status code is in the first line of the header

The status code is in the first line of the header, in the status line.

HTTP/1.1 200 OK
Date: Sat, 22 Feb 2020 08:09:30 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Server: nginx
ETag: "e287c729017cc9785487098b6b103af6"
Cache-Control: max-age=0, private, must-revalidate
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.003487

The status line contains a protocol and a text phrase as well as the status code discussed here.

HTTP/1.1 200 OK
  • Protocol: HTTP/1.1
  • Status code: 200
  • Text phrase: OK

The header is further subdivided, but not in this case.

Status codes are divided into five classes

100s = information response
200s = success response
300s = Redirect
400s = Client error
500s = Server error

Below is an extract of a summary of typical status codes.

Number 100 Information response

  • Indicates that processing is continuing.
  • The client can either continue with the request or follow the server's instructions to update the protocol and resend
  • The 100s are not often used as there is no definition of a 1xx number in the HTTP/1.0 convention

100 Continue

The server has not rejected the request. The client can continue the request.

101 Switching Protocols

The server is requesting a protocol switch.

200 units Successful response

  • The most common status code returned on success
  • The requested operation was successful and the specified data was successfully retrieved.
  • GET: the body contains the resource
  • PUT, POST: The body contains the result of the operation

201 Created

  • POST, PUT: The request was successful and the resource was created
  • In the case of POST, the URI is included in the Location header of the response
  • New user registration, image upload, DB table addition, etc.
  • The body often contains the newly created resource, but it doesn't have to contain anything in particular.

202 Accepted

  • The request has been accepted, but has not yet been processed.
  • Returned when there is asynchronous processing to be done on the server side, such as file format conversion, push notification requests, batch processing, etc.

204 No Content

  • Returned when the response body is empty.
  • Returned when data is deleted using DELETE
  • Returned when the form content has been submitted using POST, but the screen has not been updated.
  • If the data was updated correctly with PUT or PATCH
  • Some people think it shouldn't be used for anything other than DELETE.

205 Reset Content

  • Returned when the user agent screen is reset.
  • As 204, no response body.

300 Multiple Choices Redirect

300 Multiple Choices

  • Indicates that there are multiple responses to a request.
  • The user agent or user is presented with HTML that links to the choices and the user chooses one of them.

301 Moved Permanently

  • The URL of the requested resource has been permanently changed.
  • such as a website move or a redirect from HTTP to HTTPS.
  • The Location header indicates the URL to move to.

302 Found

  • The URL of the requested resource has been temporarily changed.
  • The destination URL is shown in the Location header.
  • In practice, this is more likely to be used for 303, which has been redefined as 307 and is now deprecated.

303 See Other

  • Indicates that the requested resource can be retrieved at a different URI.
  • The Location header indicates the URL to go to.
  • Used to redirect to a result page in response to a POST from a browser form.

307 Temporary Redirect

  • Temporary Redirect
  • This is a redefinition of the 302 due to rampant misuse.
  • The Location header shows the URL to which the user is redirected.
  • User agents should not change the HTTP method they use.

308 Permanent Redirect

  • Permanent Redirects
  • Redefined due to rampant non-standard usage of 301.
  • The Location header indicates the URL to go to.
  • User agents must not change the HTTP method they use.

400 Client Error

400 Bad Request

  • Bad request
  • A bad client request, e.g. using a method that is not defined, or with incorrect parameters.
  • Also used when no other status code is available to indicate a proper client error.

401 Unauthorized

  • Authentication errors
  • Wrong ID or password on a page that requires login.
  • The request does not contain the required Authorization header.
  • Token expired, corrupted or otherwise invalid.

403 Forbidden

  • Authorization error
  • The client is not authorised to access the site, for example, because it is not authorised, and the response from the server is rejected
  • Used when the server can only be accessed from a specific IP address.
  • Unlike the 401, the client is still identified.

404 Not Found

  • The requested resource does not exist.
  • One of the most common error status codes found on the web.
  • More information is needed to determine if the URI itself does not exist, or if the resource to be retrieved does not exist.
  • Sometimes a 404 is returned instead of a 403 to hide the existence of the resource from unauthorized clients.

405 Method Not Allowed

  • HTTP method not allowed although endpoint exists.
  • If you try to use POST with a search API that is accessible via GET
  • If the API prohibits DELETE of a resource.

408 Request Timeout

  • The request did not complete within the specified time.
  • Commonly used by Chrome, Firefox and other browsers that use the HTTP pre-connect feature to speed up browsing.
  • Occurs when the connection speed of the line is slow.

409 Conflict

  • Occurs when there is a resource conflict
  • When you try to register a user with an already existing email address or the same ID.
  • If you try to delete a non-empty directory or rename a resource to one that is already in use.

410 Gone

  • When the requested content has been permanently removed from the server and there is no forwarding address.
  • Unlike 404, this means that the content once existed but no longer exists.
  • Intended for use in limited-time promotions.
  • APIs that handle user information and return 410 may be considered problematic from the perspective of protecting personal information (the information that the user has deleted is retained ≈ the user has not completely deleted).

413 Payload Too Large

  • Indicates that the request header or body exceeds the limit set by the server.
  • The server will either close the connection or send an error message to the server (e.g. if the file upload exceeds the allowed size).
  • The server will close the connection or return a Retry-After header.

414 URI Too Long

  • The URI requested by the client is longer than the server can handle.
  • The server will close the connection or return a Retry-After header.

415 Unsupported Media Type

  • The server does not support the media type (Content-Type) of the requested data, and the server rejected the request.
  • XML was sent to an API that only accepts JSON requests, or an attempt was made to upload an image that is not in a supported image format.

429 Too Many Requests

  • Returned when the number of accesses exceeds the allowed limit.
  • New status code defined in RFC 6585 in 2012.
  • A large number of requests have been sent that exceed the rate limit within a certain time period (e.g. an API request limit of 60 requests per minute).

500 Server Error

500 Internal Server Error

  • Some kind of error occurred on the server side and the response is not normal. -The error message "Something went wrong" is often returned and cannot be resolved by the client. -It is also used when there is no other appropriate error code. -You may be able to find the cause by looking at the server's error log

502 Bad Gateway

-There is a problem with the gateway or proxy.
-The server acting as the gateway has received an invalid response.

503 Service Unavailable

-The server is not ready to process the request.
-The server is down due to temporary heavy traffic or maintenance.
-In the case of maintenance, the Retry-After header can include an estimated restart time (in seconds).

504 Gateway Timeout

-The server acting as the gateway did not receive a response within the specified time.
-This can be a temporary DNS anomaly due to site migration etc.

505 HTTP Version Not Supported

-The server does not support the version of the HTTP protocol requested.
-The current protocol is HTTP/2.
-HTTP/2 Overview | Web Fundamentals | Google Developers