Http Status Codes

How to Use the Http Status Codes

1. Enter your input values above
2. Results update automatically
3. Copy or download the output

What is a Http Status Codes?

An HTTP Status Codes reference lists all HTTP response status codes defined in RFC 9110 (HTTP Semantics, 2022) — the standardized codes servers return with every HTTP response to tell the client (browser, app, API consumer) what happened with their request. Every web developer and API designer needs to know status codes: 200 OK (success), 201 Created, 301 Moved Permanently, 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 500 Internal Server Error, and the more nuanced codes in between. This interactive reference lets you search by code, category, or description — much faster than reading the RFC.

How Does It Work?

Browse all HTTP status codes organized by category (1xx Informational, 2xx Success, 3xx Redirection, 4xx Client Error, 5xx Server Error). Click any code for details: official description, typical use cases, what the client should do, and common mistakes. The quiz mode tests your knowledge: 'What status code should you return for a successful DELETE request? Answer: 200 OK or 204 No Content.'

Formula

HTTP Status Code Categories:\n\n1xx Informational: 100 Continue, 101 Switching Protocols, 103 Early Hints\n2xx Success: 200 OK, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content\n3xx Redirection: 301 Moved Permanently, 302 Found, 304 Not Modified, 307 Temp Redirect, 308 Permanent Redirect\n4xx Client Error: 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 405 Method Not Allowed, 409 Conflict, 422 Unprocessable Entity, 429 Too Many Requests\n5xx Server Error: 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable, 504 Gateway Timeout\n\nMost Common:\n• 200 OK — standard success\n• 201 Created — resource created via POST\n• 204 No Content — success, no body (DELETE, PUT)\n• 301 vs 302: 301 = permanent, 302 = temporary\n• 400 vs 422: 400 = malformed, 422 = valid format but semantic error\n• 401 vs 403: 401 = not authenticated, 403 = authenticated but not allowed

Who Uses This Tool?

• API developers choosing appropriate status codes for endpoints
• Web developers debugging failed requests in browser DevTools
• System administrators interpreting server logs and monitoring
• Technical writers documenting API response behavior
• Interview preparation: 'What's the difference between 401 and 403?'

Pro Tips

• Consistency matters: don't return 200 OK with an error message in the body. Use 4xx/5xx status codes for errors — it's the HTTP contract
• For REST APIs: 201 for resource creation, 200 or 204 for successful PUT, 202 for async operations, 303 after POST that creates a resource the client should GET
• Don't use 302 for permanent redirects — use 301. 302 is 'Found' (temporary). Google and browsers treat them differently for SEO
• For rate limiting, always return 429 Too Many Requests with a Retry-After header. Include how long to wait and the rate limit in headers (X-RateLimit-*)

Frequently Asked Questions about Http Status Codes

Should I use 401 or 403?

401 Unauthorized = user is not authenticated (not logged in, invalid token). The response should include a WWW-Authenticate header. 403 Forbidden = user IS authenticated but doesn't have permission (logged in as regular user, trying to access admin endpoint).

What status code should a REST API return for validation errors?

422 Unprocessable Entity is the standard for semantic/validation errors (valid JSON format, but the data fails business rules). Some APIs use 400 Bad Request for all client errors. RFC 9110 clarifies 422 for validation specifically.

Free online Http Status Codes — no signup, 100% client-side processing. All data stays in your browser.