Web Development 2026-03-14 5 min read

HTTP Status Codes Guide — Complete Reference for Web Developers

Complete guide to HTTP status codes: 1xx informational, 2xx success, 3xx redirects, 4xx client errors, and 5xx server errors with use cases.

By DevKits Team

Status Code Categories

HTTP status codes are three-digit numbers grouped by their first digit into five classes:

  • 1xx Informational — request received, continuing process
  • 2xx Success — request successfully received, understood, and accepted
  • 3xx Redirection — further action needed to complete the request
  • 4xx Client Error — request contains bad syntax or cannot be fulfilled
  • 5xx Server Error — server failed to fulfill a valid request

2xx Success Codes

  • 200 OK — standard success response. Use for GET and most successful requests.
  • 201 Created — resource created successfully. Use after POST that creates a new resource. Include Location header pointing to the new resource.
  • 204 No Content — success with no body. Use for DELETE or PUT when you don't return data.
  • 206 Partial Content — response to a range request (video streaming, file downloads with resume).

3xx Redirect Codes

  • 301 Moved Permanently — resource permanently moved. Browsers and search engines update their records. Use for SEO-important redirects.
  • 302 Found — temporary redirect. The original URL will be used again in the future.
  • 304 Not Modified — conditional GET response when content hasn't changed. Client should use its cached version.
  • 307 Temporary Redirect — like 302 but preserves the HTTP method. POST /submit stays POST, not GET.
  • 308 Permanent Redirect — like 301 but preserves the HTTP method.

4xx Client Error Codes

  • 400 Bad Request — invalid syntax, missing required fields, validation failure.
  • 401 Unauthorized — authentication required. The client must authenticate itself to get the requested response.
  • 403 Forbidden — authenticated but not authorized. The server refuses to give you access.
  • 404 Not Found — resource doesn't exist. Also used to hide existence of unauthorized resources.
  • 409 Conflict — request conflicts with current state (e.g., duplicate username, concurrent edit).
  • 422 Unprocessable Entity — well-formed request but semantic errors. Common for API validation failures.
  • 429 Too Many Requests — rate limit exceeded. Include Retry-After header.

5xx Server Error Codes

  • 500 Internal Server Error — generic server error. Log it, alert on it, and never return stack traces to clients.
  • 502 Bad Gateway — upstream server returned invalid response. Often a proxy/load balancer issue.
  • 503 Service Unavailable — server temporarily unavailable (overloaded or in maintenance). Include Retry-After.
  • 504 Gateway Timeout — upstream server didn't respond in time.

Frequently Asked Questions

Should I use 401 or 403?

401 means "you aren't logged in." 403 means "you're logged in but don't have permission." A common mistake is returning 401 for both cases — use 403 when the user is authenticated but lacks access.

When should I use 404 vs 410?

410 Gone means the resource existed but was permanently deleted. 404 Not Found is ambiguous. For SEO, use 410 for deleted pages so search engines stop crawling them faster.

Deploy Your Own Tools — Recommended Hosting

🌐
Hostinger
Web Hosting from $2.99/mo
 💧
DigitalOcean
$200 Free Credit