HTTP Status Codes Reference

Complete reference for all standard HTTP status codes. Search by code number or keyword, filter by category, and click any code to see its description, common use cases, and example response. Everything runs client-side -- your data never leaves your browser.

🔍

How It Works

🔎

Instant Lookup

Type any status code number or keyword to instantly find the code you need. The search matches against code numbers, names, and descriptions for fast discovery.

🎨

Color-Coded Categories

Status codes are organized by category with distinct colors: gray for 1xx Informational, green for 2xx Success, blue for 3xx Redirection, orange for 4xx Client Error, and red for 5xx Server Error.

📝

Detailed Information

Click any status code to expand its details including a full description, common real-world use cases, and an example HTTP response showing typical headers and body.

📋

One-Click Copy

Copy any status line (e.g., "200 OK" or "404 Not Found") to your clipboard with a single click. Useful when writing documentation, tests, or API specifications.

Understanding HTTP Status Codes

HTTP status codes are standardized three-digit numbers that a web server returns in response to every HTTP request. Defined in RFC 9110 and related specifications, these codes tell the client whether the request was successful, needs further action, or encountered an error. Understanding status codes is essential for web developers, API designers, and system administrators.

The Five Categories

HTTP status codes are grouped into five classes based on their first digit:

Status Codes in REST APIs

Proper use of HTTP status codes is a cornerstone of RESTful API design. Using the correct status code helps API consumers understand exactly what happened without parsing the response body. For example, returning 201 Created (with a Location header) after creating a resource, 204 No Content after a successful deletion, or 422 Unprocessable Entity for validation errors communicates intent clearly and enables better error handling on the client side.

Common Mistakes

A frequent mistake is returning 200 OK for every response and encoding the actual status in the response body (e.g., {"status": "error"}). This defeats the purpose of HTTP status codes and makes it harder for clients, proxies, and monitoring tools to handle responses correctly. Another common error is confusing 401 (not authenticated) with 403 (authenticated but not authorized), or using 302 when 307 or 308 would be more appropriate to preserve the request method.

Frequently Asked Questions

What are HTTP status codes?
HTTP status codes are three-digit numbers returned by a web server in response to a client's request. They indicate whether the request was successful, redirected, or resulted in an error. Status codes are grouped into five categories: 1xx (Informational), 2xx (Success), 3xx (Redirection), 4xx (Client Error), and 5xx (Server Error). They are defined in RFC 9110 and related IETF specifications.
What is the difference between 401 and 403 status codes?
A 401 Unauthorized response means the client has not authenticated -- it needs to provide valid credentials (such as a login token or API key). A 403 Forbidden response means the server knows who the client is (they are authenticated) but they do not have permission to access the requested resource. In short: 401 means "Who are you?" while 403 means "I know who you are, but you can't access this."
What is the difference between 301 and 302 redirects?
A 301 Moved Permanently redirect tells clients and search engines that the resource has permanently moved to a new URL. Browsers and search engines will update their references and pass SEO link equity to the new URL. A 302 Found redirect indicates a temporary move -- the original URL should still be used for future requests. For permanent URL changes, always use 301. For temporary situations like maintenance redirects, use 302 or 307.
When should I use 200 vs 201 vs 204?
Use 200 OK for successful GET requests or any successful request that returns data in the response body. Use 201 Created after a POST request that successfully creates a new resource -- typically include a Location header pointing to the new resource. Use 204 No Content for successful DELETE or PUT/PATCH requests where there is no response body to return. Using the correct code helps API consumers understand exactly what happened.
What does a 502 Bad Gateway error mean?
A 502 Bad Gateway error occurs when a server acting as a reverse proxy or gateway (such as Nginx, Apache, or a load balancer) receives an invalid response from the upstream (backend) server. Common causes include the backend application crashing, the backend server being down, network issues between the proxy and backend, or the backend returning a malformed response. It is a server-side issue, not something the end user can fix.
What is the 418 I'm a Teapot status code?
The 418 I'm a Teapot status code was defined in RFC 2324 as part of the Hyper Text Coffee Pot Control Protocol (HTCPCP), published as an April Fools' joke in 1998. It states that the server refuses to brew coffee because it is, permanently, a teapot. While not a real HTTP status code for production use, it has become a beloved easter egg in the developer community and is implemented by some APIs and websites (including Google at google.com/teapot) as a humorous response.
How should I handle 429 Too Many Requests in my application?
When you receive a 429 Too Many Requests response, check the Retry-After header for how long to wait before retrying. Implement exponential backoff: wait progressively longer between retries (e.g., 1s, 2s, 4s, 8s). Also check for X-RateLimit-Limit and X-RateLimit-Remaining headers to understand the rate limit. On the server side, use 429 to protect your API from abuse by setting request limits per IP, API key, or user account. Always return the Retry-After header to help clients know when they can try again.

Explore More Developer Tools

Check out our other free developer tools. Decode JWTs, format JSON, parse cron expressions, and more -- all from your browser with no sign-up required.

JSON Formatter →