1xx — Informational
| Code | Name | Meaning |
|---|---|---|
| 100 | Continue | The server received the request headers and the client should send the body. |
| 101 | Switching Protocols | The server is switching protocols at the client’s request (e.g. HTTP → WebSocket). |
| 102 | Processing | WebDAV — the server has received the request and is processing it. |
| 103 | Early Hints | Used to send Link headers before the final response (preload hints). |
2xx — Success
| Code | Name | Meaning |
|---|---|---|
| 200 | OK | Standard successful response. |
| 201 | Created | Resource created successfully (typical POST response). |
| 202 | Accepted | Request accepted but not yet processed (async). |
| 204 | No Content | Successful but no body to return (typical DELETE response). |
| 206 | Partial Content | Range request successful (used for resumable downloads). |
3xx — Redirection
| Code | Name | Meaning |
|---|---|---|
| 301 | Moved Permanently | Resource has a new permanent URI; clients should update bookmarks. |
| 302 | Found | Temporary redirect (most legacy redirects use this). |
| 303 | See Other | After POST, redirect to a GET endpoint (PRG pattern). |
| 304 | Not Modified | Cached version is still fresh; client should use it. |
| 307 | Temporary Redirect | Same as 302 but the request method is preserved. |
| 308 | Permanent Redirect | Same as 301 but the request method is preserved. |
4xx — Client errors
| Code | Name | Meaning |
|---|---|---|
| 400 | Bad Request | The request itself is malformed. |
| 401 | Unauthorized | Authentication required (client must log in). |
| 402 | Payment Required | Reserved for future use; sometimes used by SaaS APIs. |
| 403 | Forbidden | Authenticated but not allowed to perform the action. |
| 404 | Not Found | The resource doesn’t exist. |
| 405 | Method Not Allowed | The endpoint exists but doesn’t accept this HTTP method. |
| 406 | Not Acceptable | The server can’t return the content in any format the client accepts. |
| 408 | Request Timeout | The client took too long to send the request. |
| 409 | Conflict | The request conflicts with the current state (e.g. version mismatch). |
| 410 | Gone | The resource is permanently gone (stronger than 404). |
| 413 | Payload Too Large | The request body is too big. |
| 414 | URI Too Long | The URL is too long for the server to process. |
| 415 | Unsupported Media Type | The content-type is not accepted. |
| 418 | I’m a Teapot | RFC 2324 — joke status code; some APIs use it for “this is the wrong service.” |
| 422 | Unprocessable Entity | Request is well-formed but semantically invalid (validation errors). |
| 423 | Locked | The resource is locked (WebDAV). |
| 425 | Too Early | The server is unwilling to risk processing a replayed request. |
| 426 | Upgrade Required | The client must upgrade to a different protocol. |
| 428 | Precondition Required | The server requires the request to be conditional. |
| 429 | Too Many Requests | Rate limit hit. |
| 431 | Request Header Fields Too Large | Headers are too big. |
| 451 | Unavailable For Legal Reasons | Censorship / takedown response. |
5xx — Server errors
| Code | Name | Meaning |
|---|---|---|
| 500 | Internal Server Error | Generic server failure — check your logs. |
| 501 | Not Implemented | The server doesn’t recognize the request method. |
| 502 | Bad Gateway | An upstream server returned an invalid response. |
| 503 | Service Unavailable | The server is overloaded or down for maintenance. |
| 504 | Gateway Timeout | An upstream server didn’t respond in time. |
| 505 | HTTP Version Not Supported | The HTTP version is not supported. |
| 507 | Insufficient Storage | The server is out of storage. |
| 508 | Loop Detected | An infinite loop was detected (WebDAV). |
| 511 | Network Authentication Required | Captive portal — you need to authenticate to the network. |