UseToolSuite UseToolSuite

HTTP Status Codes Reference

A complete HTTP status code reference with search and filtering. All 1xx–5xx codes with RFC specs, examples, and developer-focused explanations.

Last updated

HTTP Status Codes Reference runs in the browser to help you inspect, build, and debug requests. It's one of the free Network & API Tools on UseToolSuite. Use it below, then scroll down for a step-by-step guide, answers to common questions, and related tools.

62 Codes Instant Search
/
Popular:

What is the HTTP Status Codes Reference?

The HTTP Status Codes Reference is an interactive, lightning-fast developer tool for exploring and understanding web server response codes. Designed for frontend engineers, backend developers, and SEO specialists, it provides immediate, offline-capable access to detailed explanations, common usage scenarios, and official specification links for over 60 HTTP status codes. Because it operates entirely locally in your browser, lookups are instantaneous. Whether you are debugging an elusive API error, configuring server redirects, or optimizing SEO crawlers, this tool delivers the technical clarity you need without the latency of a web search.

How does it work?

This reference tool is built as a static application using Astro and Vanilla JavaScript. The entire database of HTTP status codes is bundled into the client-side code. When you search or filter, a local JavaScript function instantly queries the dataset in memory and updates the DOM, ensuring zero network requests and sub-millisecond response times.

Common use cases

1. Quickly identifying the appropriate 4xx or 5xx error code to return when building RESTful API endpoints.
2. Understanding the difference between 301 and 302 redirects to ensure correct SEO implementation during site migrations.
3. Troubleshooting unexpected API responses in frontend applications by looking up obscure server codes.

The first digit is the whole story

Every status code’s category is set by its leading digit, and clients should branch on the category first, the specific code second:

ClassMeaningClient should…
1xxInformationalKeep waiting (rarely surfaced)
2xxSuccessProceed
3xxRedirectionFollow, or revalidate cache
4xxClient errorFix the request; don’t blindly retry
5xxServer errorRetry with backoff; the request may be fine

That 4xx/5xx split drives retry logic: hammering a server after a 400 just wastes both sides’ resources, while a 503 genuinely may succeed on the next attempt.

2xx has more than 200

Reaching for 200 every time throws away information clients could use:

  • 201 Created — a resource was made; pair it with a Location header.
  • 202 Accepted — you’ve queued the work but haven’t done it yet (async jobs). The client should poll a status URL.
  • 204 No Content — success, deliberately empty body. Ideal for DELETE and for PUT updates where echoing the object is pointless.
  • 206 Partial Content — you’re serving a byte range (video scrubbing, resumable downloads).

3xx: the method-preservation gotcha

The redirect codes split on a subtle but important axis — whether the HTTP method survives the redirect:

CodePermanent?Preserves method?
301YesNo — may rewrite POST → GET
308YesYes — POST stays POST
302NoNo — historically rewrites to GET
307NoYes — method preserved
304n/a”Not Modified” — use your cached copy

Use 301 for plain URL moves (HTTP→HTTPS, domain migration) where turning a POST into a GET is harmless. Use 307/308 when a redirected request must remain a POST — for example, an API endpoint that moved but still receives form submissions. Choosing 302 for an API redirect is how POST bodies silently vanish.

The codes that signal a mature API

A few well-placed codes make an integration noticeably more pleasant:

  • 429 Too Many Requests with a Retry-After header tells well-behaved clients exactly how long to back off, instead of leaving them to guess.
  • 409 Conflict for a duplicate create or a lost-update edit, rather than a vague 400.
  • 410 Gone for resources you’ve permanently retired — search engines de-index a 410 faster than a 404.
  • 503 Service Unavailable with Retry-After during maintenance, so clients and load balancers don’t treat a planned window as a hard failure.

The opposite anti-pattern — returning 200 OK with an {"error": ...} body — defeats every layer that reads status codes (caches, proxies, client libraries). Let the status line carry the outcome and the body carry the detail.

How helpful was this tool?

Click to rate

Key Concepts

Essential terms and definitions related to HTTP Status Codes Reference.

HTTP Status Code

A three-digit integer returned in the first line of an HTTP response. The first digit indicates the response class (1xx–5xx), and the remaining digits provide specific meaning within that class. Status codes are defined by IETF RFCs and are the primary mechanism for communicating request outcomes between servers and clients.

RFC (Request for Comments)

A publication from the IETF (Internet Engineering Task Force) that defines internet standards and protocols. HTTP status codes are primarily defined in RFC 9110 (HTTP Semantics). RFCs go through a rigorous review process and serve as the authoritative specification for internet protocols.

Idempotent

An HTTP method is idempotent if making the same request multiple times produces the same result as making it once. GET, PUT, DELETE, and HEAD are idempotent. POST is not idempotent. Understanding idempotency is essential for choosing the correct status codes — for example, a duplicate POST should return 409 Conflict, while a duplicate PUT should return 200 OK.

Frequently Asked Questions

What are HTTP status codes?

HTTP status codes are three-digit numbers returned by web servers in response to client requests. They indicate whether a request succeeded (2xx), was redirected (3xx), failed due to a client error (4xx), or failed due to a server error (5xx). The first digit defines the category, and the remaining digits identify the specific condition.

What is the difference between 401 and 403?

401 Unauthorized means the request lacks valid authentication credentials — the user needs to log in or provide a valid API key. 403 Forbidden means the server understood the request and the user is authenticated, but they do not have permission to access the resource. Authentication will not help with a 403.

When should I return 404 vs 410?

Return 404 Not Found when a resource does not exist or its existence is uncertain. Return 410 Gone when you know the resource existed previously but has been intentionally and permanently removed. 410 tells search engines to de-index the URL, while 404 leaves the possibility of return.

What does HTTP 429 mean and how do I handle it?

HTTP 429 Too Many Requests means the client has exceeded the rate limit imposed by the server. The response typically includes a Retry-After header indicating how long to wait before retrying. Implement exponential backoff in your client code to handle this gracefully.

What is the difference between 301 and 308 redirects?

Both indicate permanent redirects, but 301 allows the browser to change the HTTP method (e.g., POST to GET), while 308 preserves the original HTTP method. Use 301 for standard URL changes (HTTP to HTTPS, domain migration). Use 308 when you need to ensure POST requests remain POST after the redirect.

Is this reference kept up to date with RFC changes?

This reference includes all standard HTTP status codes from RFC 9110 (HTTP Semantics, 2022) which consolidated and replaced the older RFC 7231. It also includes extension codes from WebDAV (RFC 4918), rate limiting (RFC 6585), and other commonly used specifications.

What status code should a successful POST that creates a resource return?

201 Created, with a Location header pointing at the URL of the new resource (e.g. Location: /api/orders/9876). Many APIs return a bare 200, but 201 + Location is the RFC-correct answer: it tells the client a resource was created and exactly where to find it, which lets generic HTTP clients and caches behave properly. Include the created object in the body so the client doesn't need a follow-up GET.

When should I use 422 instead of 400?

Use 400 Bad Request when the request itself is malformed — broken JSON, a missing required field, the wrong content type. Use 422 Unprocessable Content when the syntax is perfectly valid but the data fails business rules — an email that's well-formed but already taken, a start date after an end date, a quantity that exceeds stock. The distinction tells the client whether to fix their request format (400) or fix the values (422), which makes error handling far cleaner.

Troubleshooting & Technical Tips

Common errors developers encounter and how to resolve them.

Getting 502 Bad Gateway after deploying a new backend version

502 means the reverse proxy (Nginx, Apache, load balancer) received an invalid response from your application server. Common causes: application crashed during startup, wrong port configuration, application not listening on the expected address, or firewall blocking the connection. Check your application logs first, then verify the proxy upstream configuration.

API returns 200 OK but the response body contains an error

Some APIs wrap errors inside a 200 response with an error field in the JSON body instead of using proper HTTP status codes. While this is considered a bad practice, it is common in older APIs. Always check both the HTTP status code and the response body for errors when integrating with external APIs.

Related Tools