sade.dev
TR EN
Tool

HTTP Status Codes Reference

The most commonly used HTTP status codes and what they mean. Searchable

This tool runs in your browser. No data leaves your device.

  • 100 Continue

    The client may send the rest of the request.

    Common: Large body upload with Expect: 100-continue.

  • 101 Switching Protocols

    The server agreed to switch protocols.

    Common: HTTP → WebSocket upgrade.

  • 103 Early Hints

    Early hints sent before the final response.

    Common: Early preload for CSS/JS.

  • 200 OK

    The request succeeded.

    Common: Standard success response.

  • 201 Created

    A new resource was created.

    Common: After a POST, with a Location header.

  • 202 Accepted

    The request was accepted but not yet completed.

    Common: Queuing an async job.

  • 204 No Content

    Success with no response body.

    Common: DELETE or a successful PUT.

  • 206 Partial Content

    Only the requested byte range was returned.

    Common: Video / large file range requests.

  • 301 Moved Permanently

    The resource has moved permanently.

    Common: Domain or URL structure changes.

  • 302 Found

    Temporary redirect.

    Common: Redirect back after login.

  • 303 See Other

    Redirect to another resource via GET after a POST.

    Common: After a form submission.

  • 304 Not Modified

    The cache is still fresh.

    Common: ETag / If-None-Match validations.

  • 307 Temporary Redirect

    Temporary redirect that preserves the method.

    Common: Method-preserving alternative to 302.

  • 308 Permanent Redirect

    Permanent redirect that preserves the method.

    Common: Method-preserving alternative to 301.

  • 400 Bad Request

    The server could not understand the request.

    Common: Invalid JSON, missing field.

  • 401 Unauthorized

    Authentication is missing or failed.

    Common: Missing / invalid token.

  • 403 Forbidden

    Authenticated but not authorized.

    Common: Access to an unauthorized resource.

  • 404 Not Found

    The resource does not exist.

    Common: A typical wrong URL.

  • 405 Method Not Allowed

    The HTTP method is not supported.

    Common: GET instead of POST, or vice versa.

  • 409 Conflict

    Conflict with the current state.

    Common: Concurrent writes, unique constraint.

  • 410 Gone

    The resource was permanently deleted.

    Common: Deprecation of an old endpoint.

  • 415 Unsupported Media Type

    The Content-Type is not supported.

    Common: Wrong MIME, missing Content-Type.

  • 422 Unprocessable Entity

    Syntax is valid but the semantics are not.

    Common: Validation errors (Laravel default).

  • 429 Too Many Requests

    The rate limit was exceeded.

    Common: Rate limiting (Retry-After).

  • 500 Internal Server Error

    An unexpected error on the server.

    Common: An uncaught exception.

  • 501 Not Implemented

    The server does not recognize the method.

    Common: A beta endpoint.

  • 502 Bad Gateway

    Invalid response from the upstream.

    Common: Nginx → PHP-FPM connection issue.

  • 503 Service Unavailable

    The server is temporarily unavailable.

    Common: Maintenance mode, overload.

  • 504 Gateway Timeout

    The upstream timed out.

    Common: Slow query, stuck worker.

How It Works

HTTP status codes have three digits; the first digit denotes the class:

  • 1xx — Informational: In progress (rarely seen).
  • 2xx — Success: The request succeeded.
  • 3xx — Redirection: The client should go to a different resource.
  • 4xx — Client Error: Something is wrong with the request.
  • 5xx — Server Error: Something is wrong on the server.

Commonly confused

401 vs 403:

  • 401 Unauthorized — “I couldn’t verify who you are” (login required).
  • 403 Forbidden — “I know who you are, but you aren’t allowed to access this resource”.

422 vs 400:

  • 400 Bad Request — the syntax is wrong (e.g. malformed JSON).
  • 422 Unprocessable Entity — the syntax is correct but the meaning is invalid (e.g. “abc” in an email field). Laravel returns default validation errors with 422.

301 vs 308:

  • 301 Moved Permanently — a permanent redirect. Old browsers may downgrade the method to GET.
  • 308 Permanent Redirect — a permanent redirect that preserves the method. It redirects a POST as a POST.

502 vs 503 vs 504:

  • 502 Bad Gateway — the upstream returned an invalid response (e.g. PHP-FPM crash).
  • 503 Service Unavailable — the server is deliberately not responding (maintenance, rate limit).
  • 504 Gateway Timeout — the upstream timed out (a slow worker).

Idempotency

A method being idempotent means that making the same request many times does not change the side effect:

  • GET, PUT, DELETE, HEAD, OPTIONS — idempotent.
  • POST, PATCH — usually not idempotent.

Idempotent methods can be retried automatically after a 5xx error. Non-idempotent ones (e.g. taking a payment) require mechanisms like an Idempotency-Key header to be retried safely.

Common anti-patterns

  • Returning an error with 200 OK — in a {"error": "..."} shape. Bad for REST clients; use the status code.
  • Hiding an authorization error behind 404 — “I don’t want to leak whether this resource exists”. In that case the correct code is still 403 or 401. Use 404 only when the resource doesn’t exist.
  • 500 everywhere — there are more descriptive codes (422, 502, 503, 504). 500 is only for an unexpected exception.

Resources

Privacy

This is a static reference. Whatever you type to search runs entirely in your browser and never leaves it — there is no server lookup behind the box.