HTTP Diagram and Status Codes

 

Header HTTP Status Codes

With Hypertext Transfer Protocol (HTTP) response status codes, the first digit of the code indicates one of five classes of responses. HTTP clients must at least recognize these five classes:

  1. The first class of codes is informational, indicating a provisional response while processing continues.
  2. The second class of status codes communicates that the client’s request was received and processed successfully.
  3. The third class of status codes indicates further action is necessary on behalf of the client in order to complete the request, as with URL redirection.
  4. The fourth class of codes is used when the client has made an error.
  5. The fifth class of status codes indicates that the server has made an error and is incapable of fulfilling an apparently valid request.

Click on image to view at full size and find the embed code just below our HTTP Status Code infographic.

http-decision-diagram

Share this infographic on your site:

Except where noted below, the codes below come from the HTTP/1.1 standard (RFC 7231). The official registry of HTTP status codes is maintained by the Internet Assigned Numbers Authority (IANA).

1xx Informational 
100 - ContinueThe server has received the initial request, and the client should continue sending the remainder of the request.
101 - Switching ProtocolsThe server is acknowledging that it is switching protocols based on the requesterÕs instructions.
102 - Processing Request (WebDAV; RFC 2518)To avoid timing out, the server acknowledges that a request has been received and is being processed, though no response is available.
103 - CheckpointResumes aborted PUT or POST requests in Resumable HTTP Requests Proposal.
122 - Too LongAn IE7-only code that indicates that the URI is longer than the maximum 2,083 characters.
2xx Success
200 - OKThe standard response for successful HTTP requests. Varies according to request method. For GET requests, responses contain an entity corresponding to the requested resource. For POST requests, responses contain an entity describing or containing the result of the action.
201 - CreatedThe request has been fulfilled, resulting in the creation of a new resource.
202 - AcceptedThe request has been accepted, but processing is still pending. Upon processing, the request might be disallowed, meaning it might or might not actually be acted upon.
203 - Non-Authoritative Information (since HTTP/1.1)The request has been successfully processed by the server, but the information being returned may be from another source.
204 - No ContentThe request has been successfully processed by the server, but no content is being returned. Often a successful delete request.
205 - Reset ContentThough the request was successfully processed, no content is being returned and the requester must reset the document view.
206 - Partial Content (RFC 7233)Because of the range header sent by the client, only part of the resource is being delivered by the server.
207 - Multi-Status (WebDAV; RFC 4918)Depending on the number of sub-requests made by the client, the XML message that follows might contain multiple separate response codes.
208 - Already Reported (WebDAV; RFC 5842)The results have been included in a previous reply and are not being returned again.
226 - IM Used (RFC 3229)A request for this resource has been fulfilled by the server. The response represents the result of one or more instance manipulations for the current instance.
3xx Redirection
300 - Multiple ChoicesIndicates multiple options for the resource delivered, such as format options for video or list files with different extensions. The user can select preferred representation and redirect the request to that location.
301 - Moved PermanentlyThis request and all future ones should be directed to the given URI.
302 - FoundIndicates that the requested resource can be found temporarily via an alternative URI. Because many popular user agent implementations treat 302 responses similar to 303 responses, both status codes 303 and 307 were added to allow servers more specificity.
303 - See Other (since HTTP/1.1)Indicates the response to the request can be found via alternative URI using GET method. Many pre-HTTP/1.1 user agents do not recognize 303, in which case the 302 status code can be used instead.
304 - Not Modified (RFC 7232)Indicates that the resource has not been modified since last requested, and there is no need to retransmit as the client has a previously downloaded copy.
305 - Use Proxy (since HTTP/1.1)Requested resource is located elsewhere and can be accessed through a proxy provided in the response. For security reasons, HTTP clients like Firefox and Internet Explorer do not correctly handle 305 responses.
306 - Switch ProxyOriginally indicated that subsequent requests should use the proxy specified. This status code is no longer used.
307 - Temporary Redirect (since HTTP/1.1)Indicates that the request should be repeated with a different URI as specified, but future requests should use the original URI.
308 - Permanent Redirect (RFC 7538)This and all future requests should be repeated using a different URI as specified. Unlike 301 and 302, with 307 and 308 status codes the HTTP method should not change.
4xx Client Error
400 - Bad RequestThe request cannot be processed by the server because of a client error such as syntax, framing, or routing.
401 - UnauthorizedIndicates that authentication is required and was either not provided or has failed. If the request already included authorization credentials, then the 401 status code indicates that those credentials were not accepted.
402 - Payment RequiredReserved for future use. Originally intended to be part of a digital cash or micropayment model, this code is not currently widely used.
403 - ForbiddenIndicates that though the request was valid, the server refuses to respond to it. Unlike the 401 status code, providing authentication will not change the outcome.
404 - Not FoundIndicates that the requested resource could not be found but may be available in the future.
405 - Method Not AllowedThe request method is not supported by the resource requested, as when using GET on a form that requires data to be presented via POST.
406 - Not AcceptableThe requested content is not acceptable according to the requestÕs Accept headers.
407 - Proxy Authentication Required (RFC 7235)The client must first authenticate itself with the proxy.
408 - Request TimeoutIndicates that the server timed out while waiting for the request, though the client may repeat the request without modifications.
409 - ConflictThere is a conflict in the request that prevents it from being processedÑfor example, an edit conflict in the case of multiple updates.
410 - GoneThe requested resource is no longer available and will not be available again, as when a resource has been intentionally removed and should be purged. The client should not request the resource again.
411 - Length RequiredThe request did not specify the length of its content, though length is required by the requested source.
412 - Precondition Failed (RFC 7232)Indicates that the server does not meet the request preconditions as specified by requester.
413 - Request Entity Too LargeIndicates that the request is larger than the server can or will process.
414 - Request-URI Too LongThe provided URI was too long to be processed by the server. When resulting from too much data encoded as GET request query-string, convert to a POST request.
415 - Unsupported Media TypeThe server does not support the media type included by the request entity.
416 - Requested Range Not Satisfiable (RFC 7233)Indicates that the client has requested a portion of the file that the server is unable to provide, such as a part of the file that lies beyond the end of the file.
417 - Expectation FailedIndicates that the server is unable to meet the requirements of Expect request-header field.
418 - I'm a teapot (RFC 2324)Defined in 1998 as a traditional IETF April FoolÕs joke and is not expected to be implemented by actual HTTP servers. The RFC specifies that this code should be returned by teapots requested to brew coffee.
419 - Authentication Timeout (not in RFC 2616)Indicates that previously valid authentication has expired. Though not a part of the HTTP standard, the 419 status code is used as an alternative to 401 to differentiate from unauthorized clients being denied access.
420 - Method Failure (Spring Framework)Defined by Spring in the HttpStatus class to be used when a method fails. Not a part of the HTTP standard, this status code is deprecated by Spring.
420 - Enhance Your Calm (Twitter)Returned by version 1 of the Twitter Search and Trends API when the client is being rate limited. Not a part of the HTTP standard.
421 - Misdirected Request (HTTP/2)Indicates that the request is directed at a server that is unable to produce a response.
422 - Unprocessable Entity (WebDAV; RFC 4918)Indicates that the request is unable to be followed due to semantic errors.
423 - Locked (WebDAV; RFC 4918)Indicates that the resource that is being accessed is locked.
424 - Failed Dependency (WebDAV; RFC 4918)Indicates that the request failed because of the failure of a previous request.
426 - Upgrade RequiredIndicates that the client should switch to a different protocol as specified in the Upgrade header field.
428 - Precondition Required (RFC 6585)Indicates that origin server requires the request to be conditional to prevent the Òlost updateÓ problem.
429 - Too Many Requests (RFC 6585)Occurs when the user has sent too many requests in a given amount of time. For use with rate limiting.
431 - Request Header Fields Too Large (RFC 6585)Indicates that the request cannot be processed by the server because a single header field or all headers are collectively too large.
440 - Login Timeout (Microsoft)Microsoft extension indicating that the session has expired.
444 - No Response (Nginx)
In Nginx logs as a malware deterrent, indicates that the server returned no information and closed the connection.
449 - Retry With (Microsoft)Microsoft extension indicating that the request should be retried after performing a specific action.
450 - Blocked by Windows Parental Controls (Microsoft)Microsoft extension indicating that Windows Parental Controls are turned on and blocking access to the page in question.
451 - Unavailable For Legal Reasons (Internet draft)Indicates that resource access has been denied for legal reasons such as censorship or government-mandated blocked access. Defined in the Internet draft as "A New HTTP Status Code for Legally-restricted Resources." References the dystopian novel Fahrenheit 451 (1953), in which books are outlawed.
451 - Redirect (Microsoft)In Exchange ActiveSync, used when there is a more efficient server or the server cannot access the clientÕs mailbox. Client should re-run the HTTP Autodiscovery protocol to find a better suited server.
494 - Request Header Too Large (Nginx)Similar to 431, Nginx internal code earlier in version 0.9.4.
495 - Cert Error (Nginx)Nginx internal code indicating that SSL client certificate error has occurred
496 - No Cert (Nginx)Nginx internal code indicating that the client didn't provide certificate.
497 - HTTP to HTTPS (Nginx)Nginx internal code indicating that plain HTTP requests were sent to HTTPS port.
498 - Token Expired/Invalid (Esri)Returned by ArcGIS for Server when token is expired or otherwise invalid.
499 - Client Closed Request (Nginx)In Nginx logs, indicates that the connection has been closed by the client while the server is still processing its request, in which case the server is unable to send a status code back.
499 - Token Required (Esri)Returned by ArcGIS for Server when a token is required but was not submitted.
5xx server error
500 - Internal Server ErrorGeneric error message for when there is no suitable specific information. Indicates an unexpected condition.
501 - Not Implemented
Indicates that the server does not recognize the method or is unable to fulfill it. Can indicate future availability.
502 - Bad GatewayIndicates that server, when acting as gateway or proxy, received an invalid response from the upstream server.
503 - Service UnavailableIndicates that the server is temporarily unavailable, often because of maintenance or overloading.
504 - Gateway TimeoutIndicates that the server, when acting as gateway or proxy, did not receive a timely response from the upstream server.
505 - HTTP Version Not SupportedOccurs when the server does not support the requestÕs HTTP protocol version.
506 - Variant Also Negotiates (RFC 2295)Indicates that transparent content negotiation for the request is causing a circular reference.
507 - Insufficient Storage (WebDAV; RFC 4918)Occurs when the server cannot store the representation necessary for completing the request.
508 - Loop Detected (WebDAV; RFC 5842)Indicates that the server detected an infinite loop while processing the request.
509 - Bandwidth Limit Exceeded (Apache BW/Limited Extension)Use unknown. Status code not specified by any RFCs.
510 - Not Extended (RFC 2774)Indicates that the server requires further extensions in order to fulfill the request.
511 - Network Authentication Required (RFC 6585)
Client must authenticate in order to gain network access. Often used by proxies that control network access such as Wi-Fi hotspots.
598 - Network Read Timeout Error (Unknown)Used by Microsoft HTTP proxies to indicate a network read time-out behind the proxy to a client in front of the proxy. Not specified in any RFCs.
599 - Network connect timeout error (Unknown)Used by Microsoft HTTP proxies to indicate a network connect time-out behind the proxy to a client in front of the proxy. Not specified in any RFCs.

Share Your Thoughts

Top