HTTP Status Codes

Continue

The server has received the request headers and the client should proceed to send the body.

When: Large POST requests; client checks if server will accept before sending body.

Switching Protocols

The server agrees to switch protocols as requested by the client.

When: WebSocket handshake — upgrading from HTTP to WebSocket protocol.

Processing

The server has received the request and is processing it but no response is available yet.

When: Long-running requests (WebDAV). Prevents client from timing out.

Early Hints

Hints about resources the server expects to include in the final response.

When: Sending Link headers early so browsers can start preloading assets.

OK

The request succeeded. The response body contains the requested data.

When: Standard success response for GET, PUT, PATCH, DELETE.

e.g. GET /users → 200 with JSON array

Created

The request succeeded and a new resource was created as a result.

When: Successful POST that creates a new resource.

e.g. POST /users → 201 with new user object

Accepted

The request has been received but processing is not complete.

When: Async operations — email sending, background jobs, queued tasks.

Non-Authoritative Information

Success, but the response has been modified by a proxy or cache.

When: Transformed or cached responses from intermediary servers.

No Content

The request succeeded but there is no content to return.

When: DELETE requests, or PUT/PATCH when the caller does not need the updated resource back.

Reset Content

The request succeeded; client should reset the document view.

When: Form submissions where the form should be cleared after success.

Partial Content

Only part of the resource is being returned, as specified in a Range header.

When: Video streaming, download resumption, large file transfers.

Multi-Status

Multiple status codes apply to different parts of a single response.

When: WebDAV batch operations where some succeed and some fail.

Already Reported

Members of a WebDAV binding have already been enumerated.

When: WebDAV responses to avoid repeating members of a collection.

IM Used

The server has fulfilled a GET request for the resource using delta encoding.

When: HTTP delta encoding (RFC 3229) — rarely used in practice.

Multiple Choices

The request has multiple possible responses and the client must choose.

When: Content negotiation when multiple representations exist.

Moved Permanently

The resource has permanently moved to the URL in the Location header.

When: Permanent redirects — changing domains, removing /index.html, HTTP→HTTPS.

e.g. http://example.com → https://example.com

Found

The resource is temporarily at the URL in the Location header.

When: Temporary redirects after form submission (Post/Redirect/Get pattern).

e.g. POST /login → 302 → GET /dashboard

See Other

Redirect to a different URL using GET, regardless of the original method.

When: After POST/PUT, redirect to a "result" page. Prevents form resubmission.

Not Modified

The resource has not changed since the last request — use the cached version.

When: ETags and Last-Modified caching — browser sends If-None-Match/If-Modified-Since.

Temporary Redirect

Temporary redirect; client must use the same HTTP method for the new request.

When: Like 302 but explicitly preserves the HTTP method (POST stays POST).

Permanent Redirect

Permanent redirect; client must use the same HTTP method for the new request.

When: Like 301 but explicitly preserves the HTTP method.

Bad Request

The server cannot process the request due to malformed syntax or invalid data.

When: Invalid JSON body, missing required fields, type mismatches.

e.g. POST /users with invalid email format

Unauthorized

Authentication is required and has failed or not been provided.

When: Missing, expired, or invalid auth token/session.

e.g. GET /profile without Bearer token

Payment Required

Payment is required to access this resource.

When: Paywalled content, API rate limits on paid tiers, subscription required.

Forbidden

The server understood the request but refuses to authorize it.

When: Authenticated but lacking permission — wrong role, IP block, insufficient scope.

e.g. Regular user accessing /admin

Not Found

The server cannot find the requested resource.

When: Wrong URL, deleted resource, typo in endpoint path.

e.g. GET /users/999 when user 999 doesn't exist

Method Not Allowed

The HTTP method is not supported for this endpoint.

When: POST to a GET-only endpoint, DELETE on a read-only resource.

Not Acceptable

The server cannot produce a response matching the Accept header.

When: Client requests application/xml but server only supports application/json.

Proxy Authentication Required

Authentication with a proxy server is required.

When: Corporate proxies that require credentials before forwarding requests.

Request Timeout

The server timed out waiting for the client to send a complete request.

When: Slow network, large file upload stalled, idle connection.

Conflict

The request conflicts with the current state of the resource.

When: Duplicate unique key, version conflict in optimistic locking, concurrent edit.

Gone

The resource has been permanently deleted and will not return.

When: Deliberate deletion — deleted accounts, archived content, retired endpoints.

Length Required

The server requires a Content-Length header in the request.

When: Uploading data without specifying Content-Length.

Precondition Failed

A precondition in the request headers was not met.

When: If-Match/If-Unmodified-Since headers failed — resource changed since last fetch.

Content Too Large

The request body is larger than the server is willing to process.

When: File upload exceeds server limit, JSON payload too large.

URI Too Long

The URL is longer than the server is willing to interpret.

When: Extremely long query strings (over ~2000 chars). Use POST instead.

Unsupported Media Type

The request body format is not supported.

When: Sending text/plain to an endpoint that only accepts application/json.

Range Not Satisfiable

The Range header specifies a range that cannot be satisfied.

When: Requesting bytes beyond the file size in partial content requests.

Expectation Failed

The server cannot meet the requirements of the Expect header.

When: Expect: 100-continue but server rejects the request upfront.

I'm a Teapot

The server refuses to brew coffee because it is a teapot. An April Fools joke (RFC 2324).

When: Easter eggs, joke APIs, and testing. Some services return it for blocked bots.

Unprocessable Entity

The request is well-formed but contains semantic errors.

When: Validation failures — email format valid but domain doesn't exist, business logic errors.

Locked

The resource is locked.

When: WebDAV locks, or resources locked by another user/process.

Failed Dependency

A previous request in a batch failed, so this one also fails.

When: WebDAV PROPPATCH where a dependent operation failed.

Too Early

The server is unwilling to risk processing a request that might be replayed.

When: TLS 0-RTT early data replay protection.

Upgrade Required

The client must upgrade to a different protocol.

When: Server requires TLS upgrade or a newer protocol version.

Precondition Required

The server requires the request to be conditional.

When: Optimistic locking — must include If-Match header to prevent lost updates.

Too Many Requests

The user has sent too many requests in a given time window.

When: API rate limiting — exceed quota, DDoS protection, throttling.

e.g. Calling /api/search 100x/min on a 60/min plan

Request Header Fields Too Large

One or more request headers are too large.

When: Cookies or auth tokens that have grown too large for the server.

Unavailable For Legal Reasons

The resource cannot be served due to a legal demand.

When: GDPR takedowns, court orders, government censorship.

Internal Server Error

The server encountered an unexpected condition that prevented it from fulfilling the request.

When: Unhandled exceptions, uncaught errors, bugs in server code.

e.g. NullPointerException, database query crash

Not Implemented

The server does not support the functionality required by the request.

When: HTTP method not implemented, feature not yet built.

Bad Gateway

The server, acting as a gateway, received an invalid response from an upstream server.

When: Reverse proxy (nginx/Cloudflare) can't reach your app server — app is down.

e.g. Your Next.js app crashed; nginx returns 502

Service Unavailable

The server is not ready to handle the request — overloaded or under maintenance.

When: Planned maintenance, server overload, circuit breaker open.

e.g. Deployment in progress, high traffic spike

Gateway Timeout

The server, acting as a gateway, did not get a response in time.

When: Database query too slow, upstream API timeout, long-running Lambda.

HTTP Version Not Supported

The HTTP version used in the request is not supported.

When: Sending HTTP/3 to a server that only supports HTTP/1.1.

Insufficient Storage

The server cannot store the representation needed to complete the request.

When: WebDAV — disk full, storage quota exceeded.

Loop Detected

The server detected an infinite loop while processing a request.

When: WebDAV infinite depth request that creates a circular reference.

Not Extended

Further extensions are required for the server to fulfill the request.

When: HTTP extension framework (RFC 2774) — rarely used.

Network Authentication Required

The client must authenticate to gain network access.

When: Captive portals — hotel WiFi, airport networks that require login.