What Are HTTP Status Codes?
If you’ve ever wondered how a browser or client knows whether a request has been successful or not, you’re in the right place — the HTTP specification, or section
6.xx of the RFC document lists a variety of three-digit numbers that denote a specific “event” in a HTTP response. Whether your request to a certain web server is successful or not — or even if you’re redirected elsewhere — there will always be a HTTP response code waiting for your browser/client (or you) inside of the respective response header.
Having said that, the most common status codes you might have inadvertently heard of are the “404 Not Found” error and possibly “200 OK.” As much as these are used to generate corny jokes around a tech-startup’s office, these status codes make up a large majority of web requests — in particular, every website whose server successfully generates a reply will also return a group of successful status codes in the
2xx range. You might have noticed that the “4xx” series, such as:
… all denote client errors. Section 6 of RFC7231 also contains a variety of other HTTP spec. information, including GET/POST requests from your browser — to how clients should negotiate with HTTP servers. Those topics will be covered in other articles in the “HTTP” Series.
200 Level Status Codes (Successful)
As mentioned previously, 2xx status codes generally denote a “successful” request to a web-server. These include:
- 200 OK
- When you send a request to, say, https://bunny.net, the server will, if nothing wrong happens (exp. You’ve requested a document or page that does not exist), you will receive a “200 OK” response.
- 201 Created
- This is more commonly used in API requests; notably when you send a request to, for example, create (deploy) a virtual machine, a REST API can respond with “201 Created” to tell a client that the “resource” has been created.
- 202 Accepted
- This is used to denote a request that has been received, but requires more time to process (i.e. an asynchronous request; potentially used for requests that require a large set of data to be processed)
- 204 No Content
- As the name of “204 No Content” might imply, the webserver simply has nothing to say in response to a request. When this status code is used, no “body” can be returned to a client.
- 205 Reset Content
- Used to tell a client to reset a page; an example would be a successful submission of a form and a server replying that the form should be cleared.
300 Level Status Codes (Redirection)
The most popular “redirection” status codes are 301/302; these indicate both permanent and temporary redirects respectively. Less popular status codes will only be referred to by their names.
- 300 Multiple Options
- Due to the nature of the “300” status code, it is not commonly used (if at all). It provides multiple options in a non-standard response such that individual clients can select the best URL to head to (based on user-agent).
- 301 Moved Permanently
- As the name implies, this status code is provided to a client when a page requested to a server has been moved permanently. In essence: the client should no longer visit the old URL; rather, they should keep a copy of the newer URL (within the “Location” header). There should also be no content inside of the body of the request.
- 302 Found
- Denotes a temporary redirect (within the “Location” header field) to another website or URL.
- 303 See Other
- 305 Use Proxy
- 307 Temporary Redirect
400 Level Status Codes (Client Errors)
The 400-series of status codes represent client errors, and range from 400-426 (the list below is non-exhaustive):
- 400 Bad Request
- This occurs with malformed HTTP requests: invalid headers, invalid request body, etc.
- 401 Unauthorized
- Client not authenticated.
- 402 Payment Required
- 403 Forbidden
- You do not have permission to access a particular document or resource on a server.
- 404 Not Found
- File or document requested by a client could not be found on the server - 405 Method Not Allowed
- 405 Method Not Allowed
- Example: If you send a GET request to an endpoint that only accepts POST requests, the endpoint can return the “405” status code
- 406 Not Acceptable
- 408 Request Timeout
- 409 Conflict
- 410 Gone
- The resource requested has been permanently removed.
500 Level Status Codes (Server Errors)
The final “class” of status codes are the 5xx series — these errors are returned by a server to denote that an error has occurred, however, it is not an issue with the client.
- 500 Internal Server Error
- Occurs when a server encounters an exception, or is in an unknown state; in response, the server notifies a client that it is unable to handle the error and thus cannot process the request.
- 501 Not Implemented
- As the name implies, “501” errors occur when a server does not have the capability to process the request.
- 502 Bad Gateway
- When using a (reverse) proxy, this indicates that the origin server responded with an invalid HTTP response (or is offline).
- 503 Service Unavailable
- The server is unable to process the request; generally, this occurs when a server is being attacked, or is under extreme loads.
- 504 Gateway Timeout
- The gateway server (i.e. a reverse proxy server) could not connect to the origin due to a time-out. This does not guarantee that the origin is down, however, it strongly indicates that there is an issue with the origin (which is causing the long delay, or time out).
- 505 HTTP Version Unsupported
- Sent to a client when the server does not support a HTTP protocol version that is being used by the client.
Whether you’re visiting Google, or sending an API request, HTTP status codes provide valuable information regarding both client and server errors. They also provide a mechanism for web-servers to indicate successful requests (2xx) and an avenue for servers to tell clients that content has moved elsewhere.
In short: HTTP Status Codes play an important role on the Internet -- from acknowledgement responses to responding with errors, they give valuable information regarding both client and server-side issues.