A complete HTTP status code reference with all 60+ standard codes across 1xx, 2xx, 3xx, 4xx, and 5xx categories. Search by code number or keyword to find the right status code for your API responses.
How to Use HTTP Status Codes Correctly
Choosing the right HTTP status code communicates intent clearly to clients, browsers, and API consumers. Here are the most important decisions developers face.
2xx: Success Codes
Use 200 OK for successful GET/PUT/PATCH requests. Use 201 Created for successful POST that creates a resource — include a Location header with the new resource URL. Use 204 No Content for successful DELETE or PUT where you're not returning a body.
3xx: Redirects
Use 301 for permanent URL changes (Google transfers SEO equity). Use 302/307 for temporary redirects. Use 304 Not Modified with conditional GET requests (ETag/If-None-Match) to save bandwidth — return 304 when the resource hasn't changed since the client's cached version.
4xx: Client Errors
Use 400 for malformed requests, 401 for unauthenticated, 403 for authenticated but unauthorized, 404 for not found, 409 for conflicts (duplicate email), 422 for validation errors, 429 for rate limiting. Always include an error message body explaining the issue.
5xx: Server Errors
Use 500 for unexpected server errors. Use 503 for planned downtime or capacity issues — add Retry-After header. Use 502/504 for upstream/gateway timeouts in proxied architectures. Never return stack traces in production 500 responses — log them server-side and return a generic message.
Frequently Asked Questions
Is this HTTP status code reference free?
Yes, completely free with instant search. No account required.
What is the difference between 401 and 403?
401 Unauthorized means the client is not authenticated — they need to log in first. 403 Forbidden means the client IS authenticated (the server knows who they are) but they don't have permission to access the resource. Use 401 for missing/invalid credentials, 403 for valid credentials but insufficient permissions.
When should I use 422 vs 400 for validation errors?
400 Bad Request is for malformed syntax (invalid JSON, missing required header). 422 Unprocessable Entity is for well-formed requests that fail semantic validation (e.g., valid JSON structure but invalid field values like negative age or invalid email format). Many REST APIs use 400 for both — either is acceptable as long as you're consistent.
What is the difference between 301 and 302 redirects?
301 Moved Permanently tells browsers and search engines the resource has permanently moved — browsers cache it and search engines transfer link equity to the new URL. 302 Found (temporary redirect) means the resource is temporarily at a different URL — browsers don't cache it and search engines don't transfer link equity.
When should I use HTTP 429?
Return 429 Too Many Requests when a client exceeds your API rate limit. Include a Retry-After header specifying when they can try again (in seconds or as an HTTP-date string). Also include X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers for client-side rate tracking.
What is the difference between 500 and 503?
500 Internal Server Error means an unexpected error occurred in your application code. 503 Service Unavailable means the server is temporarily unable to handle the request — typically used during maintenance, deployments, or when the server is overloaded. Pair 503 with a Retry-After header to tell clients when to try again.