HTTP Status Codes: Complete Reference with Examples

HTTP status codes are three-digit numbers that a server returns in response to a client request. They indicate what happened with the request: success, redirect, client error, or server error. Understanding status codes helps you debug issues, set up monitoring, and improve SEO.

Code Classification

1xx — Informational

100 Continue

The server has received the request headers and the client may proceed to send the body. Used when sending large payloads: the client first sends the Expect: 100-continue header, and only sends the body after receiving 100.

101 Switching Protocols

The server is switching protocols as requested by the client. A typical case is upgrading from HTTP to WebSocket:

HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade

103 Early Hints

A newer code that allows the server to send preliminary headers (such as Link for preloading) before the final response is ready. This speeds up page loading.

2xx — Success

200 OK

The standard successful response. The response body depends on the method: for GET — the requested resource, for POST — the result of the operation.

201 Created

The resource was successfully created. Typically returned after a POST request. The Location header points to the URL of the new resource:

HTTP/1.1 201 Created
Location: /api/users/42
Content-Type: application/json

{"id": 42, "name": "John"}

204 No Content

Success, but the response body is empty. A typical response for DELETE and PUT when there is no data to return.

206 Partial Content

The server returned part of the resource based on the Range header. Used for resumable downloads and video streaming:

HTTP/1.1 206 Partial Content
Content-Range: bytes 0-999/5000
Content-Length: 1000

3xx — Redirection

301 Moved Permanently

A permanent redirect. Search engines transfer all link equity to the new URL. Use when changing domains, migrating to SSL/TLS проверку, or restructuring URLs.

For SEO: 301 is the right choice for permanent moves. Search engines will remove the old URL from the index.

302 Found

A temporary redirect. Search engines keep the original URL in the index. Use for temporary maintenance or A/B testing.

Note: some clients may change the method to GET. If preserving the method is important, use 307 instead.

304 Not Modified

The resource has not changed since the last request. The browser uses the cached version. Works together with ETag and If-None-Match:

GET /style.css HTTP/1.1
If-None-Match: "abc123"

HTTP/1.1 304 Not Modified
ETag: "abc123"

307 Temporary Redirect

A temporary redirect that guarantees the method and body of the request are preserved. Safer than 302 for POST requests.

308 Permanent Redirect

A permanent redirect that preserves the method. Like 301, but guarantees that the method will not change to GET.

4xx — Client Errors

400 Bad Request

An invalid request — malformed syntax, invalid parameters, or format violation. In API документацию, it is helpful to return an error description in the response body.

401 Unauthorized

Authentication is required. The server must return a WWW-Authenticate header specifying the authentication scheme (Bearer, Basic, etc.).

Difference from 403: 401 means "you have not identified yourself," 403 means "you have identified yourself, but access is denied."

403 Forbidden

The server understood the request but refuses to grant access. Re-authenticating will not help — the user does not have the required permissions.

404 Not Found

The resource was not found. The most well-known error code. Common causes: deleted page, typo in the URL, broken link.

For SEO: a large number of 404 errors signals to search engines that there are problems with the site. Set up redirects for deleted pages.

405 Method Not Allowed

The HTTP method is not supported for this URL. The Allow header should list the permitted methods.

409 Conflict

A conflict with the current state of the resource. Typical for optimistic locking — the client attempts to update a resource that has already been modified by another client.

410 Gone

The resource has been permanently removed. Unlike 404, this is final. For SEO: search engines will remove the URL from the index faster.

422 Unprocessable Entity

The request syntax is correct, but the data contains semantic errors. Often used in APIs for validation errors:

HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json

{"errors": {"email": "Invalid email format", "age": "Must be positive"}}

429 Too Many Requests

The request rate limit has been exceeded (rate limiting). The Retry-After header indicates how many seconds to wait before retrying:

HTTP/1.1 429 Too Many Requests
Retry-After: 60

5xx — Server Errors

500 Internal Server Error

An unhandled error on the server. The catch-all code for all unexpected failures. Check the server logs.

502 Bad Gateway

An intermediary server (nginx, load balancer) received an invalid response from the upstream server. Common causes: backend server crash, PHP-FPM timeout, application restart.

503 Service Unavailable

The server is temporarily unavailable (overloaded, under maintenance). Use Retry-After to indicate the expected recovery time. Search engines do not remove the page from the index on 503.

504 Gateway Timeout

The intermediary server did not receive a response from the upstream in time. Causes: slow SQL query, hung backend, nginx timeout set too low.

Status Codes and SEO