When should I return 4xx versus 5xx?
Return 4xx when the client can fix the request, credentials, or timing. Return 5xx when the request was reasonable but the server or an upstream dependency failed anyway.
Reference
HTTP Status Codes
Start here when you know whether the request succeeded, redirected, or failed, but you still need the code that matches what actually happened.
Error-First Navigation
Broken or Missing Page
Start with 404 diagnostics for deleted routes, stale links, and typos.
Auth Required
Use 401 when credentials are missing or invalid; pair with WWW-Authenticate.
Permission Denied
Use 403 when identity is known but the action is not allowed.
Rate Limit Hit
Use 429 for throttling and communicate retry windows clearly.
Unhandled Server Error
Debug unknown origin failures and improve fallback behavior.
Temporary Outage
Signal maintenance or overload conditions with clear recovery hints.
1xx Informational
Interim responses that indicate request progress before a final response is sent.
Best for: Protocol handshakes, continue flows, and early rendering hints.
2xx Success
Responses indicating the request was accepted and processed successfully.
Best for: Successful reads/writes where the request was accepted and processed.
3xx Redirection
Responses that tell clients to perform additional actions, usually by following a new URL.
Best for: URL changes and canonical migrations that preserve user navigation.
4xx Client Error
Client-side request issues such as invalid syntax, missing resources, or permission failures.
Best for: Client-side request issues like missing resources, invalid auth, or rate limits.
5xx Server Error
Server-side failures where the request was valid but the server could not complete it.
Best for: Server-side failures, upstream outages, and transient platform incidents.
Tip: press / to focus search.
100 Continue
The server received the request headers and the client should proceed to send the body. Learn when and how to use 100 Continue for efficient large uploads.
101 Switching Protocols
The server is switching to a different protocol as requested by the client. Learn about WebSocket upgrades and protocol negotiation.
102 Processing
The server has accepted the request and is processing it, but no response is available yet. Learn about this WebDAV status code for long-running operations.
103 Early Hints
The server sends preliminary response headers to help the client start preloading resources. Learn how 103 Early Hints improves page load performance.
HTTP 200 OK: Success Response Explained
Learn what HTTP 200 OK means, when servers return it, and how to handle successful responses in your applications.
201 Created
Resource successfully created. Learn when to use 201 Created, proper response format, and best practices for creation endpoints.
202 Accepted
The request was accepted for processing but not completed yet. Learn when to use 202 for asynchronous operations.
204 No Content
The request succeeded with no response body. Learn when to use 204 No Content for successful operations that don't return data.
300 Multiple Choices
The request has multiple possible responses. Learn when to use 300 Multiple Choices for content negotiation and alternative resource locations.
HTTP 301 Moved Permanently: Permanent Redirect
Learn what 301 redirect means, when to use it vs 302, and how to implement permanent redirects for SEO and URL changes.
HTTP 302 Found: Temporary Redirect
Learn what 302 redirect means, when to use temporary vs permanent redirects, and how 302 differs from 301, 307, and 308.
303 See Other
Redirect to a different resource using GET. Learn when to use 303 to prevent form resubmission and implement the Post-Redirect-Get pattern.
304 Not Modified
Cached response is still valid. Learn how 304 Not Modified improves performance through conditional requests and caching.
307 Temporary Redirect
Temporary redirect that preserves the HTTP method. Learn when to use 307 instead of 302 for method-sensitive redirects.
308 Permanent Redirect
Permanent redirect that preserves the HTTP method. Learn when to use 308 instead of 301 for method-sensitive permanent redirects.
400 Bad Request
Learn what 400 Bad Request means when servers reject malformed requests. Understand common causes like invalid JSON, missing parameters, and how to debug.
HTTP 401 Unauthorized: Authentication Required
Learn what 401 Unauthorized means, why it happens, and how to fix authentication errors. Complete guide with examples for APIs and web applications.
402 Payment Required
Reserved for future use in digital payment systems. Learn about this experimental status code and modern payment verification alternatives.
HTTP 403 Forbidden: Access Denied
Learn what 403 Forbidden means, why access is denied, and how to fix permission errors. Complete guide with examples for APIs and web applications.
HTTP 404 Not Found: What It Means and How to Fix It
Learn what a 404 Not Found error means, why it happens, and how to fix it. Complete guide with examples for developers and users.
405 Method Not Allowed
Learn what 405 Method Not Allowed means when HTTP methods are rejected. Understand the Allow header, proper API design, and how to handle method restrictions.
406 Not Acceptable
The server cannot produce a response matching the client's Accept headers. Learn about content negotiation and how to handle format mismatches.
408 Request Timeout
Learn what 408 Request Timeout means when servers close idle connections. Understand timeout causes, client retry strategies, and connection management.
409 Conflict
Learn what 409 Conflict means when requests conflict with server state. Understand concurrent updates, version conflicts, and optimistic locking strategies.
410 Gone
Learn what 410 Gone means and when resources are permanently removed. Understand the difference between 410 and 404, and SEO implications for deleted content.
412 Precondition Failed
The server doesn't meet one or more preconditions specified in request headers. Learn about conditional requests and how to prevent conflicts.
413 Payload Too Large
The request body is too large for the server to process. Learn about size limits and how to handle large uploads.
414 URI Too Long
The requested URI exceeds the server's maximum length limit. Learn about URI length limits and how to handle oversized requests.
415 Unsupported Media Type
The server doesn't support the media type of the request. Learn about Content-Type headers and format requirements.
422 Unprocessable Entity
Learn what 422 Unprocessable Entity means for semantically invalid requests. Understand validation errors, the difference from 400, and proper error handling.
423 Locked
The resource is locked and cannot be accessed or modified. Learn about WebDAV locks and how to handle locked resources.
426 Upgrade Required
The server refuses to perform the request using the current protocol and requires the client to upgrade to a different protocol.
428 Precondition Required
The server requires the request to be conditional. Learn when to use 428 Precondition Required to prevent lost updates and race conditions.
HTTP 429 Too Many Requests: Rate Limiting
Learn what 429 Too Many Requests means, how rate limiting works, and how to handle API throttling in your applications.
431 Request Header Fields Too Large
The server refuses to process the request because header fields are too large. Learn how to handle and prevent 431 errors in your applications.
451 Unavailable For Legal Reasons
The requested resource is unavailable due to legal demands. Learn about 451 status code used for censorship and content blocking.
HTTP 500 Internal Server Error: Causes and Solutions
Learn what HTTP 500 Internal Server Error means, common causes, and how to fix it. Complete troubleshooting guide for developers.
501 Not Implemented
The server doesn't support the functionality required to fulfill the request. Learn about unimplemented features.
HTTP 502 Bad Gateway: Server Communication Error
Learn what 502 Bad Gateway means, why it happens, and how to fix it. Guide covering proxy errors, upstream failures, and troubleshooting.
HTTP 503 Service Unavailable: Server Overloaded
Learn what 503 Service Unavailable means, why servers become unavailable, and how to handle temporary outages gracefully.
504 Gateway Timeout
The gateway timed out waiting for a response from an upstream server. Learn about timeout issues and solutions.
505 HTTP Version Not Supported
Learn what 505 HTTP Version Not Supported means when servers reject protocol versions. Understand HTTP/1.1, HTTP/2 compatibility and version negotiation.
507 Insufficient Storage
The server cannot store the representation needed to complete the request. Learn about storage limitations in WebDAV and file upload scenarios.
520 Web Server Returned an Unknown Error
Cloudflare-specific error when the origin server returns an unexpected response. Learn about 520 errors and how to troubleshoot them.
521 Web Server Is Down
Cloudflare-specific status code indicating the origin server refused the connection. Learn about this proxy error and how to troubleshoot it.
522 Connection Timed Out
Cloudflare-specific error when unable to establish a TCP connection to the origin server. Learn how to diagnose and fix 522 timeout errors.
523 Origin Is Unreachable
Cloudflare-specific error when the origin server's IP address is unreachable. Learn about DNS and routing issues causing 523 errors.
524 A Timeout Occurred
Cloudflare-specific error when the origin server takes too long to respond. Learn how to diagnose and fix 524 timeout errors.
How Status Codes Encode Outcome
Status codes are the shortest honest summary of what happened to a request. If your API returns the wrong one, clients retry the wrong thing, browsers behave differently, and debugging gets slower for everyone involved.
- 1xx informational
- Interim responses that keep the exchange moving before the final answer is ready, such as 100 Continue or 103 Early Hints.
- 2xx success
- The request worked. The details still matter, though: 200, 201, 202, and 204 all imply different follow-up expectations.
- 3xx redirection
- The client is not done yet. It needs another URL, a different method, or cached state before the flow is complete.
- 4xx and 5xx errors
- 4xx means the request is wrong for the current client context. 5xx means the server or one of its dependencies failed to complete valid work.
Use This Hub When The Outcome Is Clear But The Code Is Not
Most arguments about status codes happen when multiple answers sound plausible. This page helps narrow those cases down fast.
- Choose the code that matches the protocol outcome, not the wording of the exception in your app.
- Look at related headers too: Location, Retry-After, WWW-Authenticate, and Cache-Control often finish the story.
- Use class pages and the picker when the debate is between two valid-looking codes, not when you already know the answer.
Questions Teams Argue About
When should I use 401 instead of 403?
Use 401 when the request lacks valid credentials and the client can authenticate again. Use 403 when the identity is known but still not allowed to do the thing it asked for.
Why do redirects use different 3xx codes?
Because some redirects preserve the original method and body while others switch the follow-up request to GET. The distinction affects forms, APIs, caches, and browser behavior.
No status codes match this filter.