HTTP Response Codes

HTTP is the bread and butter of developers, but who wants to remember tonnes of response codes? When trying to remember these codes I get a lot of 404s from my brain; so I'm listing them out for my future self. Hashtag #futureself.

I got these originally from Marty Hall's great JSP and Servlet course.


  • 100-199 - You should do something else
  • 200-299 - Success
  • 300-399 - She don't live here anymore, maybe there will be a forwarding address
  • 400-499 - You messed up
  • 500-599 - I messed up


100 (Continue)

If the server receives an Expect request header with a value of 100-continue, it means the client is asking if it can send an attached document in a follow-up request. The server should either respond with status 100 to tell the client to go ahead or use 417 (Expectation Failed) to tell the client it won't accept the document.

101 (Switching Protocols)

A 101 status indicates that the server will comply and change to a different protocol.


200 (OK)

200 means that everything is fine. The document follows for GET and POST requests.

201 (Created)

A status code of 201 means that the server created a new document in response to the request; the Location header should give its URL.

202 (Accepted)

A value of 202 tells the client that the request is being acted upon, but processing is not yet complete.

203 (Non-Authoritative Information)

A 203 status signifies that the document is being returned normally, but some of the response headers might be incorrect since a document copy is being used.

204 (No Content)

A status code of 204 stipulates that the browser should continue to display the previous document because no new document is available. This behaviour is useful if the user keeps reloading the page, you can determine that the previous page is already up-to-date.

205 (Reset Content)

A value of 205 means that there is no new document, but the browser should reset the document view. This status code is used to force browsers to clear form fields.

206 (Partial Content)

A status code of 206 is sent when the server fulfils a partial request that includes a Range header.


300 (Multiple Choices)

A value of 300 signifies that the requested document can be found several places, which will be listed in the returned document. If the server has a preferred choice, it should be listed in the Location response header.

301 (Moved Permanently)

The 301 status indicates that the requested document is elsewhere; the new URL for the document is given in the Location response header. Browsers should automatically follow the link to the new URL.

302 (Found)

This value is similar to 301, except that the URL given by the Location header should be interpreted as a temporary replacement, not a permanent one.

With a 302 you could follow the Location response header.

This status code is sometimes used interchangeably with 301. For example, if you erroneously ask for http://host/~user (missing the trailing slash), some servers will reply with a 301 code while others will use 302.

Technically, browsers are only supposed to automatically follow the redirection if the original request was GET. For details, see the discussion of the 307 status code.

303 (See Other)

The 303 status is similar to 301 and 302, except that if the original request was POST, the new document (given in the Location header) should be retrieved with GET.

304 (Not Modified)

When a client has a cached document, it can perform a conditional request by supplying an If-Modified-Since header to indicate that it only wants the document if it has been changed since the specified date. A value of 304 means that the cached version is up-to-date and the client should use it. Otherwise, the server should return the requested document with the normal (200) status code. Servlets normally should not set this status code directly. Instead, they should implement the getLastModified method and let the default service method handle conditional requests based upon this modification date. An example of this approach is given in Section 2.8 (An Example Using Servlet Initialisation and Page Modification Dates).

305 (Use Proxy)

A value of 305 signifies that the requested document should be retrieved via the proxy listed in the Location header.

307 (Temporary Redirect)

The rules for how a browser should handle a 307 status are identical to those for 302. Follow redirected GET and POST requests in the case of 303 responses; follow redirected GET but not POST requests in the case of 307 responses.

400 (Bad Request)

A 400 status is bad syntax in the client request.

401 (Unauthorised)

A value of 401 signifies that the client tried to access a password-protected page without proper identifying information in the Authorisation header. The response must include a WWW-Authenticate header. For an example, see Section 4.5, “Restricting Access to Web Pages.”

403 (Forbidden)

A status code of 403 means that the server refuses to supply the resource, regardless of authorisation. This status is often the result of bad file or directory permissions on the server.

404 (Not Found)

The infamous 404 status tells the client that no resource could be found at that address. This value is the standard “no such page” response. It is such a common and useful response that there is a special method for it in the HttpServletResponse class: sendError("message"). The advantage of sendError over setStatus is that, with sendError, the server automatically generates an error page showing the error message. Unfortunately, however, the default behaviour of Internet Explorer 5 is to ignore the error page you send back and displays its own, even though doing so contradicts the HTTP specification. To turn off this setting, go to the Tools menu, select Internet Options, choose the Advanced tab, and make sure “Show friendly HTTP error messages” box is not checked. Unfortunately, however, few users are aware of this setting, so this “feature” prevents most users of Internet Explorer version 5 from seeing any informative messages you return. Other major browsers and version 4 of Internet Explorer properly display server-generated error pages. See Figures 6–3 and 6–4 for an example.

405 (Method Not Allowed)

A 405 value indicates that the request method (GET, POST, HEAD, PUT, DELETE, etc.) was not allowed for this particular resource.

406 (Not Acceptable)

A value of 406 signifies that the requested resource has a MIME type incompatible with the types specified by the client in its Accept header. See Table 7.1 in Section 7.2 (HTTP 1.1 Response Headers and Their Meaning) for the names and meanings of the common MIME types.

407 (Proxy Authentication Required)

The 407 value is similar to 401, but it is used by proxy servers. It indicates that the client must authenticate itself with the proxy server. The proxy server returns a Proxy-Authenticate response header to the client, which results in the browser reconnecting with a Proxy-Authorisation request header.

408 (Request Timeout)

The 408 code means that the client took too long to finish sending the request.

409 (Conflict)

Usually associated with PUT requests, the 409 status is used for situations such as an attempt to upload an incorrect version of a file.

410 (Gone)

A value of 410 tells the client that the requested document is gone and no forwarding address is known. Status 410 differs from 404 in that the document is known to be permanently gone, not just unavailable for unknown reasons, as with 404.

411 (Length Required)

A status of 411 signifies that the server cannot process the request (assumedly a POST request with an attached document) unless the client sends a Content-Length header indicating the amount of data being sent to the server.

412 (Precondition Failed)

The 412 status indicates that some precondition specified in the request headers was false.

413 (Request Entity Too Large)

A status code of 413 tells the client that the requested document is bigger than the server wants to handle now. If the server thinks it can handle it later, it should include a Retry-After response header.

414 (Request URI Too Long)

The URI is too long. In this context, "URI" means the part of the URL that came after the host and port in the URL.

415 (Unsupported Media Type)

A value of 415 means that the request had an attached document of a type the server doesn't know how to handle.

416 (Requested Range Not Satisfiable)

A status code of 416 signifies that the client included an unsatisfiable Range header in the request.

417 (Expectation Failed)

If the server receives an Expect request header with a value of 100-continue, it means that the client is asking if it can send an attached document in a follow-up request. In such a case, the server should either respond with this status (417) to tell the browser it won't accept the document or use 100 to tell the client to go ahead.

500 (Internal Server Error)

Something broke on the server, owch.

501 (Not Implemented)

The 501 status notifies the client that the server doesn't support the functionality to fulfil the request. It is used, for example, when the client issues a command like PUT that the server doesn't support.

502 (Bad Gateway)

Used by servers that act as proxies or gateways indicating that the initial server got a bad response from the remote server.

503 (Service Unavailable)

Either the server is down through maintenance or overloading. The server can supply a Retry-After header to tell the client when to try again.

504 (Gateway Timeout)

Used by servers that act as proxies or gateways indicating that the initial server didn't get a response in time from the remote server.

505 (HTTP Version Not Supported)

HTTP version in the request line is not supported.