OpsKitty

HTTP Status Codes: The Complete Reference Guide

Complete HTTP status codes reference — every 1xx, 2xx, 3xx, 4xx, and 5xx code explained with real-world examples, troubleshooting tips, and SEO implications.

By OpsKitty Team
httpreferencestatus-codes

Every time a browser requests a page from a server, the server responds with a three-digit number called an HTTP status code. That number tells the browser — and you — exactly what happened with the request.

Most of the time, you never see these codes. Your browser silently handles 200 OK responses by rendering the page, follows 301 redirects automatically, and only shows you an error page when something goes genuinely wrong. But understanding status codes is essential for debugging website issues, monitoring uptime, and maintaining healthy SEO.

This reference covers every status code you’re likely to encounter, organized by category.

1xx — Informational Responses

These codes indicate that the server received the request and is continuing to process it. You’ll rarely see these in practice, but they exist in the protocol.

100 Continue — The server received the initial part of the request and the client should continue sending the rest. Used with large file uploads where the client sends headers first to check if the server will accept the full request.

101 Switching Protocols — The server is switching to a different protocol as requested by the client. Most commonly seen when upgrading an HTTP connection to WebSocket.

102 Processing — The server is working on the request but hasn’t finished yet. Used with WebDAV to prevent timeouts on long operations.

103 Early Hints — The server sends preliminary headers (like preload links) before the final response. Allows the browser to start loading resources while the server prepares the main response.

2xx — Success

These are the codes you want to see. They indicate the request was received, understood, and processed successfully.

200 OK — The standard success response. The server returned the requested content. This is what every uptime monitoring tool looks for when checking your website.

201 Created — The request succeeded and a new resource was created. Commonly returned after a successful POST request (like submitting a form that creates a new record).

202 Accepted — The request was accepted for processing, but the processing isn’t complete yet. Used for asynchronous operations where the server queues work for later execution.

204 No Content — The request succeeded but there’s no content to return. Often used for DELETE operations or form submissions where no response body is needed.

206 Partial Content — The server is returning only part of the resource. Used for range requests, like resuming a large file download from where it left off.

3xx — Redirection

These codes indicate the client needs to take additional action to complete the request, usually by following a redirect to a different URL.

301 Moved Permanently — The resource has been permanently moved to a new URL. All future requests should use the new URL. This is the redirect you should use for SEO — it passes link equity (ranking power) from the old URL to the new one.

302 Found (Temporary Redirect) — The resource is temporarily at a different URL. The client should continue using the original URL for future requests. Search engines treat this differently from 301 — they keep the original URL indexed.

303 See Other — The response to the request can be found at another URL. Typically used after a POST submission to redirect the user to a confirmation page (preventing duplicate form submissions on refresh).

304 Not Modified — The resource hasn’t changed since the client’s last cached copy. The server tells the browser to use its cached version, saving bandwidth and load time.

307 Temporary Redirect — Similar to 302, but guarantees the HTTP method won’t change. If the original request was POST, the redirect will also be POST. Important for API redirects.

308 Permanent Redirect — Like 301, but guarantees the HTTP method won’t change. Useful for APIs where you need a permanent redirect that preserves POST/PUT methods.

SEO note: Redirect chains (A → B → C → D) slow down crawling and dilute link equity. Keep redirects to a single hop whenever possible. Use OpsKitty’s Redirect Chain Checker to find and fix multi-hop redirects on your site.

4xx — Client Errors

These indicate something went wrong on the client’s (browser’s) side — a bad URL, missing authentication, or a request the server can’t fulfill.

400 Bad Request — The server couldn’t understand the request due to malformed syntax. Common causes: corrupted cookies, oversized request headers, or malformed URL parameters.

401 Unauthorized — The request requires authentication. The client hasn’t provided valid credentials. Not to be confused with 403 — 401 means “you haven’t identified yourself,” while 403 means “I know who you are and you’re not allowed.”

403 Forbidden — The server understood the request but refuses to authorize it. The client’s identity is known (or irrelevant) but access is denied. Common causes: file permission issues, IP blocks, directory listing disabled, or WAF (Web Application Firewall) blocks.

404 Not Found — The server can’t find the requested resource. The most familiar error code on the internet. Common causes: broken links, deleted pages, typos in URLs, or incorrect internal links.

SEO note: A few 404s are normal, but excessive 404s signal poor site maintenance. Google Search Console reports crawl errors, and monitoring tools can track broken links continuously. Every 404 is a lost opportunity — either fix the link or set up a 301 redirect to the most relevant existing page.

405 Method Not Allowed — The HTTP method (GET, POST, PUT, DELETE) isn’t supported for this resource. For example, trying to POST to a page that only accepts GET.

408 Request Timeout — The server timed out waiting for the request. The client took too long to send data. Often caused by poor network connections or overly large request payloads.

409 Conflict — The request conflicts with the current state of the server. Common in API contexts where a resource update conflicts with another concurrent update.

410 Gone — The resource has been permanently deleted and won’t be coming back. Stronger than 404 — it tells search engines to remove the page from their index rather than rechecking later.

413 Payload Too Large — The request body exceeds the server’s size limit. Common when uploading files that exceed the configured maximum.

414 URI Too Long — The URL is longer than the server is willing to process. Usually caused by excessive query parameters or poorly implemented search functionality.

429 Too Many Requests — Rate limiting. The client has sent too many requests in a given time period. APIs commonly return this when you exceed their rate limits. The response usually includes a Retry-After header telling you when you can try again.

451 Unavailable For Legal Reasons — The resource is blocked due to legal demands (like government censorship or court orders). Named after Fahrenheit 451.

5xx — Server Errors

These indicate the server failed to fulfill a valid request. These are the codes that monitoring tools flag as critical — they usually mean something is broken on your infrastructure.

500 Internal Server Error — The generic “something went wrong on the server” code. The server encountered an unexpected condition. Could be a code bug, database connection failure, misconfigured server, or unhandled exception.

Troubleshooting: Check server error logs (access logs won’t have enough detail). Common causes include PHP fatal errors, application exceptions, database timeouts, and memory exhaustion.

501 Not Implemented — The server doesn’t support the HTTP method used. Less common than 405 — this means the server doesn’t recognize the method at all, not just for this specific resource.

502 Bad Gateway — The server acting as a gateway or proxy received an invalid response from an upstream server. Common in architectures with reverse proxies (Nginx, Cloudflare) sitting in front of application servers.

Troubleshooting: The problem is usually with the upstream application server, not the proxy. Check if your application process (Node.js, PHP-FPM, Python) has crashed or is overloaded. Restart the application server and check its logs.

503 Service Unavailable — The server is temporarily unable to handle requests. Common during maintenance windows, traffic spikes that exceed server capacity, or when the application is deploying a new version.

Troubleshooting: Check server resource utilization (CPU, RAM, disk). If resources are fine, check if a deployment is in progress or if a dependency (database, external API) is down. 503 often includes a Retry-After header.

504 Gateway Timeout — The gateway or proxy server didn’t get a timely response from the upstream server. Similar to 502 but specifically a timeout rather than an invalid response.

Troubleshooting: The upstream application is taking too long to respond. This could be a slow database query, an external API call that’s timing out, or an operation that exceeds the proxy’s configured timeout. Increase timeout limits as a temporary fix while investigating the root cause.

507 Insufficient Storage — The server can’t store the representation needed to complete the request. Usually a WebDAV status, but you might see it when disk space is exhausted.

521/522/523/524 — These aren’t official HTTP codes but are used by Cloudflare to indicate specific connection issues between Cloudflare’s servers and your origin server. If you use Cloudflare and see these codes, the issue is between Cloudflare and your hosting — not between the user and Cloudflare.

Status Codes and SEO: What Google Cares About

Search engines interpret status codes to make crawling and indexing decisions. The key relationships:

200 — Google indexes the page normally. This is what you want for all your important pages.

301 — Google follows the redirect and transfers ranking signals to the new URL. Use for permanent URL changes, domain migrations, and removing old pages.

302/307 — Google keeps the original URL indexed but may eventually treat a long-standing 302 as a 301. Use only for genuinely temporary situations.

404/410 — Google will eventually drop these pages from the index. 410 signals faster removal than 404.

5xx — Temporary 5xx errors are tolerated, but persistent ones cause Google to reduce crawl frequency and may lead to deindexing.

Redirect chains — Multiple consecutive redirects slow crawling and dilute ranking signals. Flatten chains to single-hop redirects wherever possible.

Monitoring Status Codes in Practice

Uptime monitoring tools check your site’s status code at regular intervals. The standard approach is to alert when the response is anything other than 2xx (success) or an expected 3xx (redirect).

Setting up keyword monitoring alongside status code checks adds an extra layer of protection — it catches cases where your server returns a 200 status code but the page content is wrong (error messages rendered in HTML, blank pages, or maintenance notices that don’t properly use 503).

Check your website’s status code right now with OpsKitty’s free HTTP Status Checker. Find broken links, redirect chains, and server errors across your entire site.

← Back to all posts