Understanding HTTP Status Codes: A Developer's Quick Reference Guide

Every time your browser loads a web page, submits a form, or fetches an image, the server responds with an HTTP status code. These three-digit numbers tell the browser (and you) whether the request succeeded, failed, or requires further action. Understanding these codes is essential for web developers, system administrators, SEO professionals, and anyone who troubleshoots websites.

You can inspect the status codes returned by any website using our HTTP Headers tool, which shows the full response headers including the status code.

How HTTP Status Codes Work

When your browser sends a request to a server, the server always includes a status code in its response. The first digit of the code defines the class of response:

Let's walk through the most important codes in each category with practical explanations and troubleshooting advice.

1xx Informational Responses

These are rarely seen by end users but are important in the HTTP protocol.

100 Continue

The server has received the request headers and the client should proceed to send the request body. This is used with large uploads, where the client first sends headers to check if the server will accept the request before sending the entire payload.

101 Switching Protocols

The server is changing protocols as requested by the client. This is commonly seen when upgrading an HTTP connection to a WebSocket connection.

103 Early Hints

A relatively new code that allows the server to send preliminary headers before the final response. This is used for preloading resources (CSS, JavaScript) while the server is still preparing the full page response.

2xx Success

These codes mean the request was successfully received, understood, and accepted.

200 OK

The standard success response. The request has succeeded and the server is returning the requested data. This is the most common status code you'll see on healthy websites.

When you see it: Every successful page load, API call, or resource fetch.

201 Created

The request has been fulfilled and a new resource has been created. Commonly returned by REST APIs when you successfully POST data to create a new record.

Example: Creating a new user account, submitting a form that creates a database entry.

204 No Content

The server successfully processed the request but is not returning any content. This is commonly used for DELETE operations or when an update is applied and there's no body to return.

206 Partial Content

The server is delivering only part of the resource due to a range header sent by the client. This is used for resumable downloads and video streaming, where the client requests specific byte ranges.

3xx Redirection

These codes indicate the client must take additional action to complete the request, usually following a redirect.

301 Moved Permanently

The resource has permanently moved to a new URL. All future requests should use the new URL. Search engines will transfer ranking signals to the new URL.

When to use: Domain migrations, permanent URL structure changes, redirecting HTTP to HTTPS.

SEO impact: This is the most important redirect for SEO. It tells search engines to update their index with the new URL and passes nearly all link equity.

302 Found (Temporary Redirect)

The resource is temporarily at a different URL, but the original URL should still be used for future requests. Search engines will keep the original URL in their index.

When to use: Temporary maintenance redirects, A/B testing, temporary promotions.

Common mistake: Using 302 when you mean 301. Many developers accidentally use temporary redirects for permanent URL changes, which can hurt SEO.

304 Not Modified

The resource hasn't changed since the last request. The browser should use its cached version instead of downloading the resource again. This saves bandwidth and speeds up page loading.

How it works: The browser sends an If-Modified-Since or If-None-Match header. If the resource hasn't changed, the server responds with 304 instead of sending the full content again.

307 Temporary Redirect

Similar to 302, but the HTTP method (GET, POST, etc.) must not change during the redirect. A POST request redirected with 307 must remain a POST at the new URL.

308 Permanent Redirect

Similar to 301, but the HTTP method must not change. A POST request redirected with 308 must remain a POST at the new URL.

4xx Client Errors

These codes indicate the problem is on the client's (browser's) side.

400 Bad Request

The server cannot process the request due to malformed syntax. The client sent something the server doesn't understand.

Common causes:

• Malformed JSON or XML in the request body
• Invalid characters in the URL
• Missing required fields in an API request
• Request headers that exceed size limits

How to fix: Check the request format. Validate JSON payloads. Ensure all required parameters are included and properly formatted.

401 Unauthorized

The request requires authentication. The client must provide valid credentials to access the resource.

Common causes:

• Missing authentication token or API key
• Expired session or token
• Invalid credentials

How to fix: Ensure you're sending the correct authentication headers (e.g., Authorization: Bearer ). Check if your token or session has expired.

403 Forbidden

The server understood the request but refuses to authorize it. Unlike 401, re-authenticating will not help. The client does not have permission to access this resource.

Common causes:

• IP address blocked by the server's firewall
• Insufficient user permissions
• Directory listing disabled on the web server
• Geographic restrictions

How to fix: Check file/directory permissions on the server. Verify the user's role has adequate privileges. Check if your IP is being blocked using our IP Lookup tool to verify your address.

404 Not Found

The most famous error code. The server cannot find the requested resource. The URL may have never existed, or the resource may have been removed.

Common causes:

• Broken links pointing to pages that no longer exist
• Typos in URLs
• Deleted pages without proper redirects
• CMS permalink changes

How to fix:

1. Check for typos in the URL
2. Set up 301 redirects from old URLs to new ones
3. Create a custom 404 page that helps users find what they're looking for
4. Regularly audit your site for broken links

SEO impact: Too many 404 errors indicate poor site maintenance. Search engines tolerate some 404s, but excessive broken links can hurt crawl efficiency and user experience.

405 Method Not Allowed

The HTTP method used in the request (GET, POST, PUT, DELETE, etc.) is not supported for the requested resource. For example, trying to POST data to a URL that only accepts GET requests.

408 Request Timeout

The server timed out waiting for the client to finish sending the request. This can happen on slow connections or when uploading large files.

429 Too Many Requests

The client has sent too many requests in a given time period (rate limiting). This is an important code for API developers to handle gracefully.

How to handle: Implement exponential backoff in your application. Respect the Retry-After header if the server provides one. Cache responses where possible to reduce request frequency.

5xx Server Errors

These codes indicate the server failed to fulfill a valid request. The problem is on the server's side.

500 Internal Server Error

A generic catch-all error indicating something went wrong on the server but the server can't be more specific about what. This is the most common server error.

Common causes:

• Unhandled exceptions in server-side code
• Database connection failures
• Misconfigured server settings
• Corrupted .htaccess file (Apache)
• Memory exhaustion

How to troubleshoot:

1. Check server error logs for the specific exception
2. Test database connectivity
3. Check available disk space and memory
4. Review recent code deployments for bugs
5. Temporarily rename .htaccess to rule it out (Apache)

502 Bad Gateway

The server, while acting as a gateway or proxy, received an invalid response from the upstream server. This commonly occurs in reverse proxy configurations (Nginx in front of a Node.js or PHP application).

Common causes:

• The upstream application server has crashed
• The upstream server is overloaded and not responding
• Firewall blocking communication between the proxy and application
• Misconfigured proxy settings

How to troubleshoot:

1. Check if the upstream application is running
2. Check application logs for crashes
3. Verify proxy configuration (Nginx, Apache, or cloud load balancer)
4. Test direct connectivity to the upstream server

503 Service Unavailable

The server is temporarily unable to handle the request. This is typically used during maintenance or when the server is overloaded.

Common causes:

• Server maintenance (intentional downtime)
• Resource exhaustion (CPU, memory, connections)
• DDoS attacks overwhelming the server
• Application pool recycling

How to handle: The server should include a Retry-After header to indicate when the service will be available again. For planned maintenance, return 503 with an informative page rather than letting the server crash.

SEO impact: Search engines treat 503 as a temporary issue and will retry later. This is preferable to serving 500 errors during maintenance.

504 Gateway Timeout

Similar to 502, but the upstream server didn't respond in time. The proxy waited too long for a response.

Common causes:

• Slow database queries
• Long-running API calls
• Network issues between the proxy and application server
• Insufficient timeout configuration

How to troubleshoot:

1. Check application response times
2. Identify and optimize slow database queries
3. Increase timeout settings in the proxy configuration
4. Check network connectivity between servers using Traceroute

Quick Reference Table

Inspecting Status Codes in Practice

Using Browser Developer Tools

1. Open Developer Tools (F12 or Cmd+Option+I)
2. Go to the Network tab
3. Reload the page
4. Click any request to see its status code and headers

Using Our HTTP Headers Tool

Visit our HTTP Headers tool and enter any URL to see the full response headers, including the status code, server information, caching headers, and security headers.

Using cURL

curl -I https://example.com

The -I flag fetches only the headers, showing you the status code without downloading the full page.

curl -o /dev/null -s -w "%{http_code}" https://example.com

This outputs just the status code number.

Key Takeaways

• Status codes are grouped into five classes: 1xx (informational), 2xx (success), 3xx (redirection), 4xx (client error), 5xx (server error)
• 301 redirects are critical for SEO when permanently moving content
• 404 errors should be minimized through proper link management and redirects
• 500-level errors indicate server-side problems that need immediate attention
• Use HTTP Headers to inspect any website's response codes and headers
• Always check server logs when troubleshooting 5xx errors

Related Articles:

• How to Check If a Port Is Open: Complete Troubleshooting Guide
• Network Troubleshooting Guide: Fix Common Internet Connection Problems
• How to Read Traceroute Results: Finding and Fixing Network Problems