What is HTTP Response Codes?
Hypertext Transfer Protocol (HTTP) response codes are issued by a server in response to a request made to the server. It includes codes from IETF Request for Comments (RFCs), as well as some additional codes that are commonly used in applications of HTTP.
HTTP status codes indicate whether a specific HTTP request has been successfully completed. Responses are generally grouped together in five classes:
- Informational responses (100-199)
- Successful responses (200-299)
- Redirects (300-399)
- Client errors (400-499)
- Server errors (500-599)
The 1xx class of status codes are informational and they indicate that a request was received and understood. It is issued as a provisional status, while the process is still undergoing. It also tells the client to wait for a final response. These messages consist of the status line and the optional header fields.
The 2xx range of codes generally means that the request was successfully received, understood and accepted, while the 3xx range of codes indicate that the client must take additional action to complete the specific request. This is often used in URL redirection.
The 4xx class of status codes are aimed at situations where the error seems to have been caused by the client. These status codes are applicable to any request method and user agents should display any included entity to the user.
The 5xx range of codes refers to server error codes that indicate the request was accepted, but that there was an error that prevented the server from fulfilling the request.
Although there is a long list of HTTP error codes, you’ll likely only encounter about a dozen of them. But once you understand what they mean, you’ll know what needs to be done to fix them.
We’ll take a closer look at the various HTTP response codes and what they mean.
1, Information Responses
HTTP response codes in this family are just for more information, only to identify that a specific process has been finished or a request has been completed. It is rare that HTTP status codes within this range are used, because most of them specify seemingly mundane processes. Examples of these HTTP status codes include the most basic: 100: Continue, meaning the server is to carry on as usual, and 102: Processing, meaning the request is being handled by either the server or the client (the client is the entity at the receiving end of the request). As you can see, these two informational codes are part of the normal process, by why the need to identify HTTP response code for them? These HTTP codes help on tracking the pathways of data in the entirety of the server’s performance. Without these HTTP status codes, there will be no signposts for specific process, and log viewing turns into a guessing game. HTTP response codes from 100 – 199 have a relevant usage, after all.
This response will indicate that everything so far is okay and that there are no other issues so the client can continue the request. However, the client can also ignore the response if the request is already finished.
101 Switching Protocols
This response indicates that the code is sent in response to an upgrade request header from the client, which indicates the protocol the servers switching to.
102 Processing (WebDAV)
This code indicates that the server has already received and is currently processing the request, but there is no available response yet.
103 Early Hints
This HTTP response code is mainly used with the Link header, letting the user agent start preloading resources while the server prepares a response.
2, Successful Responses
HTTP error codes under this family show success in different forms. HTTP response codes 200 – 299 are bearers of good news: the request has been accepted, a new request has been created, or a certain problem was solved. As HTTP status codes in the earlier group act as signposts, HTTP status codes in the 200 group act as go signals for specific actions to continue, because needed requests have been made possible. 202: Accepted means that the client received the request. The HTTP response code 202 does not necessarily mean that the request is made, but what is important is that it is being handled. Part of these HTTP status codes is 206: Partial Content. This means that the request is met partially, but met, nonetheless.
This status code indicates that the request has been successful. The meaning of success in on the specific HTTP method:
- GET: the resource was fetched and is being transmitted
- HEAD: the entity headers are in the message body
- PUT or POST: the resource describing the result of the action is transmitted in the message body
- TRACE: the message body contains the request message as received
This indicates that the waste has succeeded and that a new resource has been created as a result. This is typically a response that is sent after POST requests, or some PUT requests.
The request has been accepted for processing, but the processing has not been completed. The request may be eventually acted upon and may be disallowed when processing occurs. This is intended for cases where another process or server handles the requests, or for batch processing.
203 Non-Authoritative Information
This status code really means that the returned meta information is not entirely the same as the information available from the origin server, but it is collected from a local or third-party copy. This is mostly useful for backups of another resource.
204 No Content
This status code shows where there is no content sent for a specific request, although the headers may be useful. The user agent may update its cached headers for this resource with new ones.
205 Reset Content
This status code tells the user agent to reset the document which sent the request.
206 Partial Content
This response code is used when the Range header is sent from the client to request only part of a resource.
207 Multi-Status (WebDAV)
This status code provides information for multiple independent operations. The message of the is default an XML message and it can provide various response codes, depending on how many sub-requests were made.
208 Already Reported (WebDAV)
Used inside a <dav:propstat> response element to avoid repeatedly enumerating the internal members of multiple bindings to the same collection.
226 IM Used (HTTP Delta encoding)
The server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance.
3, Redirection Messages
HTTP status codes 300-399 talk about redirection. These HTTP response codes mean that the request had to be redirected, for various reasons. 300 – 399 HTTP status code may need immediate action, because the redirection could be a pending request, and the web browser is stuck somewhere. 300: Multiple Choices makes it confuse for the web browser to choose where to go, so direct action must be done. 310: Resource Moved Permanently means that from that point on, the route of the request will change for good.
300 Multiple Choice
This requested resource corresponds to any one of a set of representations, each having its own specific location and information. This is provided so that the user agent can choose a specific representation and then redirect the request to that location.
301 Moved Permanently
This HTTP response code indicates that the specific URL of the resource that is requested has changed permanently. The new URL is given in the response.
This code indicates that the URL of the requested resource has been changed temporarily. The changes in the URL might also be made in future, therefore the same URL should be used in future requests. This is an example of industry practice contradicting the standard.
303 See Other
When this status code is received it indicates that the server sends the response to direct the client to get the requested resource at another URL with a GET request.
304 Not Modified
This indicates that the client has performed a conditional request and access is allowed, but documents have not been modified, and the server should respond with the status code. It is important to note that the 304 response must not contain the message body so it is always terminated by the first empty line after the header fields.
305 Use Proxy
This code is defined as a previous version of the HTTP specification to indicate that the requested response must be accessed by proxy. It has been deprecated due to security concerns regarding in and configuration of a proxy.
This code is no longer used. It used to mean that sub requests should use the specified proxy.
307 Temporary Redirect
For this status code, it means that the request should be repeated with another URI. However, any future requests should still use the original URI. It is essentially like the 302 Found HTTP code, but with the exception that the user agent must not change the HTTP method used. If a POST was used in the first request, a POST must be used in the second request.
308 Permanent Redirect
This status code indicates that the resource is not permanently located at another URL. This will be specified by the Location: HTTP Response header. This is also like the 301 moved permanently response code, the exception that the user agent must not change the HTTP method used. If a POST was used in the first request, a POST must be used in the second request.
4, Client Error Responses
We now go to HTTP error codes that may be alarming to some extent. HTTP response codes in the HTTP error 400s mean that the client is not in capacity to complete a request. The most known among the error 400 family of Hypertext Transfer Protocol (HTTP) Status Code is 404: File Not Found. This simply means that the client being contacted is nowhere to be found, thus the request cannot be completed.
400 Bad Request
This is a common status code that indicates that the server could not understand the request as a result of a syntax that is invalid.
Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. Like 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided.
402 Payment Required
This response code is reserved for future use. The initial goal was to use it for digital payment systems; however, the code is used very rarely and there is no standard for it.
This status code for the one priced so the service is refusing to give resources. Unlike a 401 error, the client identity is known to the server.
404 Not Found
This status code means that the server is unable to find the requested resource. In your internet browser this means that the URL is not recognized. Where in an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send out the response instead of a 403 error to hide the existence of a resource from an unauthorized client. This is probably one of the most famous response codes that frequently appears online.
405 Method Not Allowed
This response code means the request method is known by the server but has been disabled and cannot be used. An example is where an API may forbid deleting a resource.
406 Not Acceptable
This response code is delivered when the web server doesn't find any content that conforms to the criteria given by the user agent, often forming server driven content negotiation.
407 Proxy Authentication Required
This response code is very similar to the 401 code, but authentication is needed to be done by proxy.
408 Request Timeout
This response is usually sent by some server’s idle connection, even without any previous request by the client. It essentially means that the server likes to close the idle connection and the response is used much more these days since web browsers such as chrome and Firefox use HTTP connection mechanisms to speed up surfing. Also note that some servers may shut down the connection without issuing this notice.
This response he sent by the server when a request conflict with the current state of the server.
This error state this indicates that the resource requested is no longer available and that it will not be available again. This code should be used when a resource has been intentionally removed and the resource should not be purged. When a 410 status code is received, the client should not request this resource again in the future. Clients such as search engines will remove the resource.
411 Length Required
This response simply means that the request did not specify a link the content, which is required by the requested resource.
412 Precondition Failed
the 412 status code means that the server does not meet one of the preconditions that the request to put on the request header fields.
413 Payload Too Large
Request entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field.
414 URI Too Long
The request is larger than the server is willing or able to process. Previously called "Request Entity Too Large".
415 Unsupported Media Type
The server is refusing to service the request because the entity of the request is in a format not supported by the requested resource for the requested method.
416 Range Not Satisfiable
The range specified by the Range header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.
417 Expectation Failed
The server cannot meet the requirements of the Expect request-header field.
418 I'm a Teapot
The server refuses the attempt to brew coffee with a teapot. This code was defined in 1998 as one of the traditional IETF April Fools' jokes.
421 Misdirected Request
The request was directed at a server that is not able to produce a response. This can be sent by a server that is not configured to produce responses for the combination of scheme and authority that are included in the request URI.
422 Unprocessable Entity (WebDAV)
The request was well-formed but was unable to be followed due to semantic errors. For example, this error condition may occur if an XML request body contains well-formed (i.e., syntactically correct), but semantically erroneous, XML instructions.
423 Locked (WebDAV)
The resource that is being accessed is locked.
424 Failed Dependency (WebDAV)
The request failed because it depended on another request and that request failed.
425 Too Early
Indicates that the server is unwilling to risk processing a request that might be replayed.
426 Upgrade Required
The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol. The server sends an Upgrade header in a 426 response to indicate the required protocol(s).
428 Precondition Required
The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.
429 Too Many Requests
The 429 status code indicates that the user has sent too many requests in a given amount of time ("rate limiting"). The response representations SHOULD include details explaining the condition, and MAY include a Retry-After header indicating how long to wait before making a new request. When a server is under attack or just receiving a very large number of requests from a single party, responding to each with a 429 status code will consume resources.
431 Request Header Fields Too Large
The 431 status code indicates that the server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields. It can be used both when the set of request header fields in total are too large, and when a single header field is at fault. In the latter case, the response representation should specify which header field was too large.
451 Unavailable for Legal Reasons
The user-agent requested a resource that cannot legally be provided, such as a web page censored by a government. This is also a reference to the 1953 novel Fahrenheit 451, where books are outlawed, and 451°F is the autoignition temperature of paper.
5, Server Error Responses
And finally, the 500 – 599 HTTP status codes, informs the log of problems with the server. Servers are supposed to coordinate with each other, but these Hypertext Transfer Protocol (HTTP) Response Code mean that there might be a problem in how these servers worked together. 502: Bad Gateway simple means that one server received an invalid response from another server. The gravity of this situation may vary, though. But then again, HTTP response codes in the 500 group may need some attention.
500 Internal Server Error
This HTTP status code is a generic error message that indicates a condition was encountered unexpectedly and no more specific details are available. One of the most common causes for this error is a server misconfiguration.
501 Not Implemented
The server either does not recognize the request method, or it lacks the ability to fulfil the request. Usually this implies future availability.
502 Bad Gateway
The server was acting as a gateway or proxy and received an invalid response from the upstream server.
503 Service Unavailable
This error code refers to the server that was acting as a gateway or proxy and has received an invalid response from the upstream server.
504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
505 HTTP Version Not Supported
This status code indicates that the server does not support the HTTP protocol version used in the request.
506 Variant Also Negotiates
This server error means that the negotiation for the server’s request results in circular references.
507 Insufficient Storage (WebDAV)
The server is unable to store the representation needed to complete the request.
508 Loop Detected (WebDAV)
The server terminated an operation because it encountered an infinite loop while processing a request with "Depth: infinity". This status indicates that the entire operation failed.
510 Not Extended
The policy for accessing the resource has not been met in the request. The server should send back all the information necessary for the client to issue an extended request.
511 Network Authentication Required
The client needs to authenticate to gain network access. Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).
Other Important HTTP Status Codes
HTTP 502: Bad Getaway. HTTP 404: File Not Found. Do these words sound familiar? These are probably some of the most common HTTP response codes that we encounter maybe daily. These are not the only HTTP status codes there is. In fact, there is a plethora of them, from 100 to 599, all bearing specific news to whoever needs to hear them: log administrations, website visitors, programmers. These codes are part of specific language that will help those that run the World Wide Web in making it a well-oiled machine that links everyone online.
But why should you know all about HTTP response code? These HTTP error codes already appear alien to you; for some, a simple HTTP 502 or HTTP 404 error already baffles them. Here at BelugaCDN, we see the value of being tech-savvy, not only at the individual sense but also at the professional sense, especially for potential CDN clients like you and the workforce you wish to support. This kind of knowledge also puts you at an advantage when it comes to using technology side-by-side with business. With the knowledge of HTTP response codes, server logs make better sense to you, and you can avail of more specific technology solutions than specific ones that everyone uses. On that note, let’s start your journey with proficiency in other important HTTP status codes.
Used to return some response headers before the final HTTP message.
218 This is fine (Apache Web Server)
Used as a catch-all error condition for allowing response bodies to flow through Apache when ProxyErrorOverride is enabled.
419 Page Expired (Laravel Framework)
Used by the Laravel Framework when a CSRF Token is missing or expired.
420 Method Failure (Spring Framework)
A deprecated response used by the Spring Framework when a method has failed.
420 Enhance Your Calm (Twitter)
The 420 Enhance Your Calm status code is an unofficial extension by Twitter. Twitter used this to tell HTTP clients that they were being rate limited. Rate limiting means putting restrictions on the total number of requests a client may do within a time period.
430 Request Header Fields Too Large (Shopify)
This status code indicates that the server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields. ... Responses with the 430 status code MUST NOT be stored by a cache
450 Blocked by Windows Parental Controls (Microsoft)
The Microsoft extension code indicated when Windows Parental Controls are turned on and are blocking access to the requested webpage.
498 Invalid Token (Esri)
Returned by ArcGIS for Server. Code 498 indicates an expired or otherwise invalid token.
499 Token Required (Esri)
A non-standard status code introduced by nginx for the case when a client closes the connection while nginx is processing the request.
509 Bandwidth Limit Exceeded (Apache Web Server/cPanel)
The server has exceeded the bandwidth specified by the server administrator; this is often used by shared hosting providers to limit the bandwidth of customers.
526 Invalid SSL Certificate
This HTTP response code refers to when the client should switch to a different protocol, given in the Upgrade header field.
529 Site is overloaded
This HTTP response code is used by Qualys in the SSLLabs server testing API to signal that the site can't process the request.
530 Site is frozen
This error indicates that the requested host name could not be resolved on the Cloudflare network to an origin server.
598 (Informal convention) Network read timeout error
Used by some HTTP proxies to signal a network read timeout behind the proxy to a client in front of the proxy.
Internet Information Services
440 Login Time-out
The client's session has expired and must log in again.
449 Retry With
The server cannot honour the request because the user has not provided the required information.
The server is denying access to the resource as a consequence of a legal demand.
444 No Response
This status is used to indicate that nginx has been instructed to close the connection without sending a response to the client. This is often used to deny malformed or malicious requests.
494 Request header too large
This status code is used by nginx to indicate that the request sent by the client is too large, or that the header line is too long.
495 SSL Certificate Error
An expansion of the 400 Bad Request response code, used when the client has provided an invalid client certificate.
496 SSL Certificate Required
An expansion of the 400 Bad Request response code, used when a client certificate is required but not provided.
497 HTTP Request Sent to HTTPS Port
An expansion of the 400 Bad Request response code, used when the client has made a HTTP request to a port listening for HTTPS requests.
499 Client Closed Request
A non-standard status code introduced by nginx for the case when a client closes the connection while nginx is processing the request.
520 Web Server Returned an Unknown Error
The 520 error is used as a "catch-all response for when the origin server returns something unexpected", listing connection resets, large headers, and empty or invalid responses as common triggers.
521 Web Server Is Down
This error indicates that the connection from Cloudflare was refused by the server.
522 Connection Timed Out
This status code indicates that a TCP handshake could not be negotiated with Cloudflare.
523 Origin Is Unreachable
Cloudflare could not reach the origin server; for example, if the DNS records for the origin server are incorrect.
524 A Timeout Occurred
Cloudflare was able to complete a TCP connection to the origin server but did not receive a timely HTTP response.
525 SSL Handshake Failed
Cloudflare could not negotiate an SSL/TLS handshake with the origin server.
526 Invalid SSL Certificate
Used by Cloudflare and Cloud Foundry's gorouter to indicate failure to validate the SSL/TLS certificate that the origin server presented.
527 Railgun Error
Error 527 indicates that the request timed out or failed after the WAN connection had been established.
Error 530 indicates that the requested host name could not be resolved on the Cloudflare network to an origin server.
AWS Elastic Load Balancer
This error could indicate that the file form a link is inaccessible because it has been marked restricted, e.g., due to a copyright claim. If you believe a file has been incorrectly flagged, contact support.
This error code refers to an invalid media name.
And there you have it! That’s your brief look into what HTTP codes are, and what these groups of HTTP status codes mean. That’s a good first step to understand that server log, and you’re on a good start to be well-informed which of these HTTP response codes needs attention, or not.
Speed Up Your Website InstantlyTry FREE for 30 Days
30 Day Free Trial Cancel Anytime