Searchable reference for every HTTP response code. Free, private, runs in your browser.
100% private — your files and text never leave your browser. All processing happens locally on your device.
The server has received the request headers and the client should proceed to send the request body.
The requester has asked the server to switch protocols and the server has agreed to do so.
The server has received and is processing the request, but no response is available yet (WebDAV).
Used to return some response headers before final HTTP message.
Standard response for successful HTTP requests.
The request has been fulfilled and a new resource was created.
The request has been accepted for processing, but the processing has not been completed.
The server successfully processed the request, but is returning information that may be from another source.
The server successfully processed the request, but is not returning any content.
The server successfully processed the request, but is not returning any content and requires the requester reset the document view.
The server is delivering only part of the resource due to a range header sent by the client.
The message body that follows is an XML message and can contain a number of separate response codes (WebDAV).
The members of a DAV binding have already been enumerated in a preceding part of the response (WebDAV).
The server has fulfilled a request for the resource, and the response is a representation of the result of one or more instance-manipulations.
Indicates multiple options for the resource from which the client may choose.
This and all future requests should be directed to the given URI.
Common causes: Used for permanent URL changes — cached by browsers and search engines. Prefer 301 over 302 for real moves.
Tells the client to look at another URL. A browser redirects to this page but search engines don't update their links to the resource.
Common causes: Temporary redirect — good for A/B tests, maintenance pages, geolocation routing.
The response to the request can be found under another URI using the GET method.
Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match.
The request should be repeated with another URI, but future requests should still use the original URI.
The request and all future requests should be repeated using another URI. HTTP method is preserved (unlike 301).
The server cannot or will not process the request due to an apparent client error.
Common causes: Malformed request syntax, invalid request message framing, or deceptive request routing.
Authentication is required and has failed or has not yet been provided.
Common causes: Missing or invalid credentials, expired session token, wrong API key.
Reserved for future use. Sometimes used by APIs for quota/billing signals.
The request was valid, but the server is refusing action. The user might not have the necessary permissions.
Common causes: Insufficient permissions, blocked IP, missing required role.
The requested resource could not be found but may be available in the future.
Common causes: URL typo, deleted resource, missing file on server, incorrect routing.
A request method is not supported for the requested resource.
The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.
The client must first authenticate itself with the proxy.
The server timed out waiting for the request.
The request could not be processed because of conflict in the current state of the resource.
The resource requested is no longer available and will not be available again.
The request did not specify the length of its content, which is required by the requested resource.
The server does not meet one of the preconditions that the requester put on the request.
The request is larger than the server is willing or able to process.
The URI provided was too long for the server to process.
The request entity has a media type which the server or resource does not support.
An April Fools' joke from 1998 (RFC 2324). Returned by teapots requesting to brew coffee.
The request was well-formed but was unable to be followed due to semantic errors (WebDAV).
The server is unwilling to risk processing a request that might be replayed.
The client should switch to a different protocol such as TLS/1.0.
The origin server requires the request to be conditional.
The user has sent too many requests in a given amount of time.
Common causes: Rate limit exceeded. Back off and retry after the Retry-After header value.
The server is unwilling to process the request because either an individual header field, or all the header fields collectively, are too large.
A server operator has received a legal demand to deny access to a resource or to a set of resources.
Non-standard status code used by nginx when the client has closed the connection before the server could send a response.
A generic error message when an unexpected condition was encountered.
Common causes: Unhandled exception in application code, misconfigured server, database failure.
The server either does not recognize the request method, or it lacks the ability to fulfil the request.
The server was acting as a gateway or proxy and received an invalid response from the upstream server.
Common causes: Upstream server crashed, DNS failure, firewall blocking.
The server is currently unavailable (overloaded or down for maintenance).
Common causes: Planned maintenance, overload, auto-scaling not ready.
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
The server does not support the HTTP protocol version used in the request.
The server is unable to store the representation needed to complete the request (WebDAV).
The server detected an infinite loop while processing the request (WebDAV).
The client needs to authenticate to gain network access (e.g., captive portal).
Cloudflare — catch-all error when the origin server returns an empty, unknown, or unexpected response.
Cloudflare — the origin server refused the connection.
Cloudflare — the TCP handshake with the origin server timed out.
Cloudflare — could not resolve or reach the origin server.
Cloudflare — the HTTP request to the origin took longer than 100 seconds.
Cloudflare — SSL handshake between Cloudflare and the origin server failed.
Showing 61 of 61 HTTP status codes.
Every HTTP response starts with a three-digit status code that summarizes what happened. The first digit indicates the class: 1xx is informational, 2xx means success, 3xx is a redirect, 4xx is a client error (your fault), and 5xx is a server error (their fault). Knowing the families helps you debug faster — a 404 tells you the URL is wrong; a 502 tells you the upstream server is broken.
In practice, most traffic is 200 (OK), 301/302 (redirects), 304 (Not Modified, cached), 404 (Not Found), 429 (Rate Limited), 500 (Internal Server Error), and 503 (Service Unavailable). This tool covers all of those plus the more obscure ones you'll encounter in API responses, CDN logs, and WebDAV systems.
301 is permanent — browsers cache it aggressively, and search engines update their indexes to the new URL. 302 is temporary — caches are cautious and indexes stay pointing at the original. Using 302 when you meant 301 is one of the most common SEO mistakes because you lose the link equity transfer. When in doubt for a real URL move, use 301.
Some widely-used codes aren't in any RFC: 499 is nginx's 'Client Closed Request' (user navigated away), 520-526 are Cloudflare's origin-error family, and 418 'I'm a teapot' is an April Fools' joke from 1998 that somehow survived in real codebases. The tool includes these because you'll hit them in production logs.
Some codes (418 'I'm a teapot') exist in RFCs as jokes or legacy markers. Others (499) are non-standard but widely used — 499 is nginx's 'Client Closed Request'. We include both standard and de-facto codes for completeness.
301 is permanent — browsers and search engines cache it, and it passes link authority to the new URL. 302 is temporary — keeps the original URL's authority, good for A/B tests or maintenance. Use 301 for moved content, 302 for temporary detours.
When a server returns 200 OK for a page that actually shows a 'not found' message. Search engines treat these as bugs — always return an actual 404 status for truly missing pages.