HTTP status codes are like a short note from the web server that gets tacked onto the top of a web page. It’s not actually part of the web page. Instead, it’s a message from the server letting you know how things went when the request to view the page was received by the server.
These sorts of messages are returned every time your browser interacts with the server, even if you don’t see them all that often. If you’re a website owner or developer understanding HTTP status codes is critical. Because when they do crop up, HTTP status codes are an invaluable tool for diagnosing and fixing website configuration errors.
This article introduces the most common server status and error codes and explains what they reveal about what’s happening on the server behind the scenes.
Every time you click on a link or type in a URL and press “Enter” your browser sends a request to a web server. The web server receives and processes the request, and then sends back the requested resources along with an HTTP header.
HTTP status codes are delivered to your browser in the HTTP header. While status codes are returned every single time your browser requests a web page or resource, most of the time you don’t see them. It’s when something goes wrong that you might see an HTTP status code displayed in your browser. It’s the server’s way of saying: “Something isn’t right. Here’s a code that explains what went wrong.”
It’s when something goes wrong that you might see an HTTP status code displayed in your browser. It’s the server’s way of saying: “Something isn’t right. Here’s a code that explains what went wrong.”
If you want to see the status codes that your browser doesn’t normally show you there are many different tools that make it easy. Browser extensions are available for developer-friendly browsers like Chrome and Firefox, and there are many web-based header fetching tools like Web Sniffer.
To see the HTTP status code with one of these tools look for the line appearing near the top of the report that says “Status: HTTP/1.1” followed by the status code returned by the server.
The list of HTTP status codes are divided into 5 classes:
- 100’s: Informational codes indicating that the request initiated by the browser is continuing.
- 200’s: Success codes returned when browser request was successfully received, understood, and processed by the server.
- 300’s: Redirection codes returned when a new resource has been substituted for the requested resource.
- 400’s: Client error codes indicating that there was a problem with the request.
- 500’s: Server error codes indicating that the request was accepted, but that an error on the server prevented the fulfillment of the request.
Within each of these classes, a variety of server codes exist and may be returned by the server. Each individual code has a specific and unique meaning.
There are over 40 different server status codes. However, there are really fewer than a dozen that you’ll run into on a regular basis. If you’re running a website, get a good handle on these codes and you’ll understand what you’re up against the vast majority of times that a HTTP status code rears it’s head. Check out the list of HTTP status codes below:
200 Status Code
- 200: “Everything is OK.” This is the code that is delivered when a web page or resource acts exactly the way it’s expected to.
300 Status Codes
- 301: “The requested resource has been moved permanently.” This code is delivered when a web page or resource has been permanently replaced with a different resource. It is used for permanent URL redirection.
- 302: “The requested resource has moved, but was found.” This code is used to indicate that the requested resource was found, just not at the location where it was expected. It is used for temporary URL redirection.
- 304: “The requested resource has not been modified since the last time you accessed it.” This code tells the browser that resources stored in the browser cache haven’t changed. It’s used to speed up web page delivery by reusing previously downloaded resources.
400 Status Codes
- 401: “Unauthorized” or “Authorization Required.” This is returned by the server when the target resource lacks valid authentication credentials. You might see this if you’ve set up basic HTTP authentication using htpasswd.
- 403: “Access to that resource is forbidden.” This code is returned when a user attempts to access something that they don’t have permission to access. For example, trying to view password-protected content without logging in might produce a 403 error.
- 404: “The requested resource was not found.” The most common error message of them all. This code means that the requested resource does not exist and that the server does not know if it ever existed.
- 405: “Method not allowed.” This is generated when the hosting server (origin server) supports the method received, but the target resource doesn’t.
- 406: “Not acceptable response.” The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.
- 408: “The server timed out waiting for the rest of the request from the browser.” This code is generated when a server times out while waiting for the complete request from the browser. In other words, the server didn’t get the full request that was sent by the browser. One possible cause could be net congestion resulting in the loss of data packets between the browser and server.
- 410: “The requested resource is gone and won’t be coming back.” Similar to a 404 “Not Found” code, except a 410 indicates that the condition is expected and permanent.
- 429: “Too many requests.” Generated by the server when the user has sent too many requests in a given amount of time (rate-limiting). This can sometimes occur from bots or scripts attempting to access your site. In this case, you might want to try changing your WordPress login URL.
- 499: “Client closed request.” This is returned by NGINX when the client closes the request while NGINX is still processing it.
500 Status Codes
- 500: “There was an error on the server and the request could not be completed.” A generic code that simply means “internal server error”. Something went wrong on the server and the requested resource was not delivered. This code is typically generated by third-party plugins, faulty PHP, or even the connection to the database breaking. Check out our tutorials on how to fix the error establishing a database connection and other ways to resolve a 500 internal server error.
- 501: “Not Implemented.” This error indicates that the server does not support the functionality required to fulfill the request. This is almost always a problem on the web server itself and usually must be resolved by the host. Check out our recommendations on how to resolve a 501 not implemented error.
- 502: “Bad Gateway.” This error code typically means that one server has received an invalid response from another. Sometimes a query or request will take too long and so it is canceled or killed by the server and the connection to the database breaks. Check out our in-depth tutorial on how to fix the 502 Bad Gateway error.
- 503: “The server is unavailable to handle this request right now.” The request cannot be completed right now. This code may be returned by an overloaded server that is unable to handle additional requests. Check out our in-depth tutorial on how to fix the 503 Service Unavailable Error.
- 504: “The server, acting as a gateway, timed out waiting for another server to respond.” The code returned when there are two servers involved in processing a request, and the first server times out waiting for the second server to respond. Read more about how to fix 504 errors.
- 521: “Web server is down” Error 521 is a Cloudflare-specific error message. It means that your web browser was able to successfully connect to Cloudflare, but Cloudflare was not able to connect to the origin web server.
Learn More About HTTP Status Codes
The list above explains most of the HTTP status codes you’re likely to run into on a regular basis. However, there are many additional codes that you might bump into from time to time. Two places where you can learn more about rare HTTP status codes that aren’t on this list, are: