This guide provides an overview of common HTTP status codes and a brief explanation as to where you might find them or use them.
You would often see these in your server’s access/transfer logs after the request method used. You can see how to enable these on our legacy H-Sphere system using one of our guides. Below you can see an example log file displayed within the legacy H-Sphere system after transfer logging has been enabled.
1xx – Informational
An informational response means that a request was received and understood. They are only ever provided provisionally whilst the processing of the client’s request continues before letting the client know to wait for a response.
100 – Continue
This response lets the client know they should be okay to send the request’s body after the server has received the request’s headers and confirmed the headers aren’t inappropriate and unable to be accepted.
101 – Switching Protocol
This response is sent when the server receives an upgrade request and agrees to honour it by switching protocols.
102 – Processing (WebDAV)
The server has received the request, but is waiting to respond due to WebDAV requests potentially containing many sub-requests. These usually take a while for the server to process and it will let the client know this by responding with this code.
103 – Early Hints
This is used to provide some information in the form of response headers before the final full HTTP message is sent. It lets the user agent start preloading resources while the server is getting ready to respond.
2xx – Successful
Successful responses provide the information to the client stating their request was received, understood and then accepted.
200 – OK
The standard response for successful HTTP requests.
201 – Created
A new resource has been successfully created after receiving the request.
202 – Accepted
The request has been accepted, but processing is still pending. It still has a chance of being disallowed once processing has occurred.
203 – Non Authoritative Information
A transforming proxy received a 200 response from the origin server, but is returning a modified version of this to the client.
204 – No Content
There is no content to be sent to the client, however the headers will still be available and still able to be used.
205 – Reset Content
The request is still processed, but no content is returned. The server then responds saying that the requester must reset the document’s view.
206 – Partial Content
A range header is sent from the client requesting only a specific part of the resource and this is the response. It is often used when a client starts a download that ends unexpectedly and then needs to be resumed, hence why only partial data.
207 – Multi-Status (WebDAV)
A default XML message body is sent which may contain a number of sub-requests containing a number of other response codes.
208 – Already Reported (WebDAV)
A DAV binding’s members have already been enumerated and aren’t being included a second time.
226 – IM Used
This response is used to represent instance manipulation applied to the current instance.
3xx – Redirections
Additional action is required to complete 3XX responses. Usually, no user interaction is required to perform this action when the request sent is a GET or HEAD request. These are often used in URL redirects.
300 – Multiple Choices
The client can choose from multiple options for the resource requested. E.g. different file format extensions or video format.
301 – Moved Permanently
This request and any future ones should be redirected to the URL sent in the response.
302 – Found (this was previously labelled as Moved Temporarily)
Tells the client to browse to another URL that is temporary (sometimes has the same functionality of a 303 response).
303 – See Other
This response was sent to direct the client to get the requested resource from another URL via a GET request.
304 – Not Modified
The resource hasn’t been modified since the version requested, meaning there is no need to send the resource again as the client already possesses it.
305 – Use Proxy (Deprecated)
A deprecated status code due to security issues that would be used to provide an address to a proxy which would be needed to complete the request.
306 – Switch Proxy (Deprecated)
Another deprecated code. It would have been used to state any further requests need to use the specified proxy.
307 – Temporary Redirect
This response is exactly the same as the 302 one, but the client’s request isn’t allowed to change the method that was used when performing the original request.
308 – Permanent Redirect
This is similar to the 301 code, however the client’s request isn’t allowed to change the method that was used when performing the original request.
4xx – Client-Side Errors
These response codes are sent out when there appears to be an error occurring on the client’s side. The error that has occurred should be briefly explained in the response to the client.
400 – Bad Request
The client couldn’t understand the request, most likely due to misinterpreted/incorrect syntax used.
401 – Unauthorised
This means the client is unauthenticated and hasn’t provided the level of authentication required to bypass the authentication system in place. It is most likely to be seen when basic authentication is in place.
402 – Payment Required
This code isn’t actually used as a standard yet, but is intended for future use when it comes to making payments or using digital currency.
403 – Forbidden
The client was understood and their identity is known, but, based on this, the server refuses any further action due to the lack of authentication/permissions required.
404 – Not Found
The requested resource by the client cannot be found, but may still be available in future.
405 – Method Not Allowed
The method used to make a request to the server is known, but is unsupported for the resource requested by the client.
406 – Not Acceptable
The server couldn’t find any content linked to the criteria specified by the client in the Accept headers sent in the request.
407 – Proxy Authentication Required
The requester must first authenticate themselves with the proxy server.
408 – Request Timeout
The server timed out due to not receiving a request within the time that the server was prepared to wait. The request may be repeated by the client.
409 – Conflict
The requested resource is currently causing a conflict stopping the request from being able to be processed.
410 – Gone
Suggested to be used for promotional/limited time services, this response indicates the resource is permanently unavailable and will not be accessible again.
411 – Length Required
The length of the request was unspecified in the Content-Length header which is required to access the requested resource.
412 – Precondition Failed
The request headers sent by the client specify one or more preconditions that the server is unable to meet.
413 – Payload Too Large
The request is too large for what the server can/is willing to process. This was previously called Request Entity Too Large.
414 – URL Too Long
The URL sent in the request is too long for server to process/interpret.
415 – Unsupported Media Type
The media type requested is unsupported by the server or resource specified. E.g. a video is uploaded in a format unsupported on the server.
416 – Requested Range Not Satisfiable
A request has been made for a segment of the requested resource, but the server is unable to server it. E.g. when a segment of the file is requested, but that segment requested lies before or after this segment.
417 – Expectation Failed
The Expect request-header field’s requirements cannot be met by the server.
418 – I’m a Teapot
This response was intended as an April Fools joke and responds stating that coffee cannot be brewed in a teapot.
421 – Misdirected Request
The request was directed elsewhere to an entity that was unable to said request.
422 – Unprocessable Entity (WebDAV)
The request was well-formed but was unable to be followed due to semantic errors.
The request was well-formed but was unable to be followed due to semantic errors.
423 – Locked (WebDAV)
The resource requested is locked.
424 – Failed Dependency (WebDAV)
The request failed due to a previous response failing that this request depended on to be successful.
425 – Too Early
The request may be replayed and the server doesn’t want to risk this occurring.
426 – Upgrade Required
The client needs to upgrade to a different protocol, such as a more recent TLS version.
428 – Precondition Required
The request is required to be conditional in order to avoid a server state being modified during the request and it causing conflicts.
429 – Too Many Requests
The requests submitted exceed that permitted by the server (rate limiting).
431 – Request Header Fields Too Large
The a/all the header field/s of the request are too large to be processed by the server.
440 – Login Time Out (IIS Web Servers)
The client’s session has expired. They need to login again.
444 – No Response (NGINX Web Server)
Used internally by the server to tell it to return no information to the client and close the connection immediately.
449 – Retry With (IIS Web Servers)
The server cannot honour the request because the user has not provided the required information.
451 – Unavailable For Legal Reasons
A server operator has received a legal demand to deny access to a resource or to a set of resources that includes the requested resource. These requests are often made when a resource needs to be censored to comply with government standards.
494 – Request Header Too Large (NGINX Web Servers)
The request or its headers were too large for the server to handle.
495 – SSL Certificate Error (NGINX Web Servers)
Used when a client has provided an invalid client certificate.
496 – SSL Certificate Required (NGINX Web Servers)
Used when a client certificate is required but hasn’t been provided.
497 – HTTP Request Sent to HTTPS Port (NGINX Web Servers)
Used when the client has made a HTTP request to a port listening for HTTPS requests.
499 – Client Closed Request (NGINX Web Servers)
Used when the client has closed the request before the server could send a response.
5xx – Server-Side Errors
These responses are often sent by the server when it knows it is unable to process a request. It should respond with a brief error/reason why it cannot handle the request.
500 – Internal Server Error
The server doesn’t know how to handle the request and no more specific error message is suitable.
501 – Not Implemented
The request method submitted is one unknown or unable to be processed by the server due to it not being implemented as compatible.
502 – Bad Gateway
Whilst acting as a gateway or proxy, the server received an invalid response from the upstream server.
503 – Service Unavailable
The server can’t handle the request due to a temporary issue. Examples include the server being down for maintenance or it being overloaded with requests which it is unable to process/handle.
504 – Gateway Timeout
This response is sent when a server is acting as a gateway or proxy, but is unable to respond due to the upstream server not responding within the sufficient time frame.
505 – HTTP Version Not Supported
The server doesn’t provide support for the HTTP protocol version used in the request.
506 – Variant Also Negotiates
The chosen variant resource is configured to engage in transparent content negotiation itself, therefore it isn’t a proper end point in the negotiation process.
507 – Insufficient Storage (WebDAV)
The method use in the request is unable to before performed on the requested resource due to the server being unable to store the representation required to complete the request.
508 – Loop Detected (WebDAV)
An infinite loop was detected whilst processing the request.
509 – Bandwidth Limit Exceeded (Apache Web Servers)
The server has exceeded the bandwidth specified by the server administrator; this is often used by shared hosting providers to limit the bandwidth of customers.
510 – Not Extended
The server requires further extensions to the request in order to fulfil it successfully.
511 – Network Authentication Required
The client needs to authenticate before being able to gain access to the network. It is often implemented by intercepting proxies used to control access to the network. A good example would be when connecting to a Wi-Fi Hotspot, a portal will appear requesting you agree to their ToS (Terms of Service) before being able to connect successfully. If the terms aren’t agreed to, this response will be sent.
520 – Unknown Error (Cloudflare)
Used as a catch-all response for if the origin server returns something unexpected. Common trigger include listing connection resets, large headers, and empty or invalid responses.
521 – Web Server Is Down (Cloudflare)
The origin server has refused connection.
522 – Connection Timed Out (Cloudflare)
The TCP handshake failed negotiations with the origin server.
523 – Origin Is Unreachable (Cloudflare)
The origin server was unable to be reached, most likely due to incorrect DNS records.
524 – A Timeout Occurred (Cloudflare)
A TCP connection to the origin server was completed successfully, but a timely HTTP response wasn’t received.
525 – SSL Handshake Failed (Cloudflare)
An SSL/TLS handshake with the origin server was unable to be negotiated successfully.
526 – Invalid SSL Certificate (Cloudflare)
The SSL certificate on the origin server was unable to be validated.
527 – Railgun Error (Cloudflare)
The request timed out/failed after the WAN (wide-area network) connection had been established.
530 – Origin DNS Error (Cloudflare)
The requested host name could not be resolved to an origin server on the network.
Classification: Public
Last saved: 2019/11/27 at 16:03 by