HTTP Error Codes
Standard HTTP status codes for web applications and APIs
Multiple Choices
Seeing a 300 Multiple Choices means the server found multiple representations of the resource and can't decide which one to return—different formats, languages, or versions are available. This client-side informational response (3xx) requires the client to choose. Most common when content negotiation offers multiple options, but also appears when resources exist in multiple formats, servers provide multiple versions, or Accept headers match several variants.
Moved Permanently
Getting a 301 Moved Permanently means the resource has permanently moved to a new URL—the Location header shows where it went, and you should update all references to use the new URL permanently. This client-side redirect (3xx) tells browsers and search engines the old URL is obsolete. Most common when APIs migrate endpoints, domains change, or URL structures are restructured, but also appears when resources are permanently relocated, old URLs are deprecated, or permanent redirects are configured.
Found
Seeing a 302 Found means the resource temporarily moved to a new URL—follow the Location header for this request, but keep using the original URL for future requests since it's temporary. This client-side redirect (3xx) is the classic temporary redirect, though browsers often change POST to GET. Most common when resources are temporarily relocated, maintenance mode redirects users, or A/B testing routes traffic, but also appears when temporary redirects are configured, maintenance windows redirect, or temporary location changes occur.
See Other
Getting a 303 See Other means the server wants you to fetch the result of your POST/PUT/DELETE operation using GET at a different URL—the Location header shows where to get the result, and you must use GET even if the original request was POST. This client-side redirect (3xx) is designed for POST-after-GET patterns. Most common after form submissions when results are available elsewhere, but also appears when POST operations redirect to result pages, form submissions redirect to confirmation pages, or operations redirect to status pages.
Not Modified
Getting a 304 Not Modified means the resource hasn't changed since your last request—the ETag or Last-Modified timestamp matches, so you can use your cached version. This client-side informational response (3xx) saves bandwidth by not sending the full response. Most common when conditional requests use If-None-Match or If-Modified-Since, but also appears when cached resources are still valid, ETags match, or Last-Modified timestamps are unchanged.
Use Proxy
Seeing a 305 Use Proxy means the server wants you to access the resource through a proxy specified in the Location header—this status code is deprecated and rarely used in modern web development. This client-side redirect (3xx) was meant for proxy configuration but is obsolete. Most common in legacy systems, but modern applications should use 307 or 308 redirects instead, or configure proxies directly without this status code.
Temporary Redirect
Getting a 307 Temporary Redirect means the resource temporarily moved to a new URL—follow the Location header using the same HTTP method (POST stays POST, PUT stays PUT). This client-side redirect (3xx) preserves the request method, unlike 302 which browsers may change POST to GET. Most common when resources are temporarily relocated and method must be preserved, but also appears when maintenance mode redirects, load balancing routes traffic, or temporary location changes occur.
Permanent Redirect
Getting a 308 Permanent Redirect means the resource permanently moved to a new URL—follow the Location header using the same HTTP method (POST stays POST, PUT stays PUT) and update all references permanently. This client-side redirect (3xx) is like 301 but preserves the request method. Most common when APIs permanently migrate endpoints and method must be preserved, but also appears when domains permanently change, URL structures are permanently restructured, or permanent redirects with method preservation are needed.
Bad Request
Seeing a 400 Bad Request means the server rejected your request because it's malformed—invalid JSON syntax, missing required fields, or parameters that violate validation rules. This client-side error (4xx) happens when the browser or API client sends data the server can't parse or validate. Most common in API calls where JSON payloads have syntax errors, but also appears when form submissions miss required fields or URLs contain invalid query parameters.
Unauthorized
Hitting a 401 Unauthorized means the server rejected your request because authentication is required—missing Authorization header, expired JWT token, or invalid credentials. This client-side error (4xx) occurs when the server can't verify your identity. Most common in API calls where Bearer tokens are missing or expired, but also appears when session cookies expire or login credentials are incorrect.
Payment Required
Hitting a 402 Payment Required means the server requires payment to access the resource—subscription expired, credit limit reached, or payment method failed. This client-side error (4xx) is reserved for future use but commonly implemented by APIs requiring payment. Most common when accessing premium content without active subscription, but also appears when free tier limits are exceeded, payment methods are invalid, or billing issues block access.
Forbidden
Getting a 403 Forbidden means the server knows who you are (unlike 401) but explicitly denies access—your user lacks permissions, the resource is restricted, or IP-based access control blocked you. This client-side error (4xx) happens after authentication succeeds but authorization fails. Most common when authenticated users try to access admin-only resources, but also appears when geographic restrictions, rate limiting, or firewall rules block requests.
Not Found
Seeing a 404 Not Found means the server couldn't locate the resource—wrong URL, deleted endpoint, typo in the path, or route handler doesn't exist. This client-side error (4xx) occurs when the request reaches the server but no route matches. Most common when API endpoints are misspelled or resources are deleted, but also appears when frontend routes don't match backend routes or HTTP methods are incorrect.
Method Not Allowed
Getting a 405 Method Not Allowed means you're using the wrong HTTP method—trying to DELETE on a GET-only endpoint, POST on a read-only route, or the server doesn't support that method for that path. This client-side error (4xx) happens when the route exists but the method is invalid. Most common when REST API conventions are violated (GET for updates), but also appears when CORS preflight OPTIONS requests aren't handled or methods are disabled by configuration.
Not Acceptable
Getting a 406 Not Acceptable means the server can't produce a response in any format your Accept header requests—asking for application/xml when the server only serves JSON, or requesting a language/encoding the server doesn't support. This client-side error (4xx) happens when content negotiation fails. Most common when Accept headers request unsupported MIME types, but also appears when language preferences (Accept-Language) aren't available, character encodings (Accept-Encoding) are unsupported, or quality values (q=) prioritize unavailable formats.
Proxy Authentication Required
Getting a 407 Proxy Authentication Required means the proxy server needs authentication before forwarding your request—similar to 401 but for proxy-level authentication. This client-side error (4xx) happens when corporate proxies, VPN gateways, or network proxies require credentials. Most common in enterprise networks with authenticated proxies, but also appears when proxy credentials expire, Proxy-Authorization headers are missing, or proxy configuration is incorrect.
Request Timeout
Getting a 408 Request Timeout means the server stopped waiting for your request—the client took too long to send the complete request body, network latency delayed transmission, or the server's timeout is too aggressive. This client-side error (4xx) happens when the server closes the connection because the request headers or body didn't arrive within the allowed window. Most common during large file uploads without proper streaming, but also appears when slow network connections, client-side processing delays, or aggressive server timeout configurations cut requests short.
Conflict
Hitting a 409 Conflict means your request collided with the server's current state—another process modified the resource, you tried to create a duplicate, or the operation conflicts with an in-progress transaction. This client-side error (4xx) happens when optimistic concurrency control detects state changes or business rules prevent the operation. Most common during concurrent edits where multiple users update the same resource, but also appears when creating resources with unique constraints, attempting state transitions that aren't allowed, or database transaction conflicts.
Gone
Seeing a 410 Gone means the resource was permanently deleted and won't come back—unlike 404 (might exist elsewhere), this explicitly signals intentional, permanent removal. This client-side error (4xx) happens when servers want to distinguish between "not found" (404) and "was here, now deleted forever" (410). Most common when users delete content, temporary resources expire, or URLs are intentionally removed, but also appears in APIs that implement soft-delete workflows or resource lifecycle management.
Length Required
Getting a 411 Length Required means the server needs a Content-Length header but your request doesn't include one—the server can't determine request body size upfront and refuses to accept chunked encoding or streams without explicit length. This client-side error (4xx) happens when servers require knowing payload size before processing. Most common in upload endpoints that validate size limits, but also appears when servers don't support Transfer-Encoding: chunked or need Content-Length for security/validation checks.
Precondition Failed
Hitting a 412 Precondition Failed means your conditional request headers (If-Match, If-None-Match, If-Modified-Since, If-Unmodified-Since) didn't match the server's current resource state—the ETag changed, the resource was modified, or the version check failed. This client-side error (4xx) happens when optimistic concurrency control validates request preconditions and they fail. Most common during concurrent edits where your If-Match ETag is stale, but also appears when conditional GET requests use If-None-Match to check cache validity or If-Modified-Since to verify freshness.
Payload Too Large
Getting a 413 Payload Too Large means your request body exceeds the server's size limits—file upload too big, JSON payload exceeds max size, or multiple large files in one request hit the configured ceiling. This client-side error (4xx) happens when servers enforce request body size limits to prevent resource exhaustion. Most common during file uploads that exceed limits, but also appears when API clients send large JSON payloads, batch operations include too many items, or uncompressed data could be compressed.
URI Too Long
Seeing a 414 URI Too Long means your URL exceeded the server's maximum length limit—too many query parameters, large data embedded in the path, or deeply nested routes pushed the URL past acceptable boundaries. This client-side error (4xx) happens when servers enforce URI length limits (typically 2048-8192 characters) to prevent buffer overflows and performance issues. Most common when GET requests include large arrays or objects in query strings, but also appears when filters/search parameters accumulate, base64-encoded data ends up in URLs, or path parameters become excessively long.
Unsupported Media Type
Getting a 415 Unsupported Media Type means the server rejected your request because the Content-Type header doesn't match what the endpoint accepts—sending JSON when it expects XML, uploading a file format the server can't process, or missing the Content-Type header entirely. This client-side error (4xx) happens when servers validate request media types before processing. Most common when file uploads use wrong MIME types or API calls send data in unsupported formats, but also appears when Accept headers request formats the server doesn't support or Content-Type is missing or malformed.
Range Not Satisfiable
Hitting a 416 Range Not Satisfiable means your Range header requested bytes outside the file's actual size—asking for bytes 1000-2000 on a 500-byte file, or the range format is invalid. This client-side error (4xx) happens when servers validate Range headers for partial content requests. Most common during video streaming or large file downloads where range calculations are wrong, but also appears when file sizes change between requests, range syntax is malformed, or multiple overlapping ranges confuse the server.
Expectation Failed
Getting a 417 Expectation Failed means the server couldn't meet the requirement in your Expect header—most commonly "Expect: 100-continue" where the server refuses to send a 100 Continue response before processing the request body. This client-side error (4xx) happens when servers reject expectation headers they don't support or can't fulfill. Most common when clients send Expect: 100-continue for large uploads but the server doesn't support it, but also appears when custom expectation values are unsupported, servers explicitly reject expectations, or proxy servers strip Expect headers.
I'm a Teapot
Hitting a 418 I'm a Teapot is a joke status code from RFC 2324 (Hyper Text Coffee Pot Control Protocol)—the server is humorously refusing to brew coffee because it identifies as a teapot. This client-side error (4xx) is intentionally whimsical and often used for testing, Easter eggs, or API humor. Most common when accessing joke endpoints or test routes, but also appears when developers implement RFC 2324 compliance, April Fools' pranks, or intentional API easter eggs.
Misdirected Request
Getting a 421 Misdirected Request means the request reached a server that can't handle it for the given scheme and authority—HTTP/2 requests hitting a server configured for different virtual hosts, or requests sent to the wrong server instance. This client-side error (4xx) happens when servers reject requests they're not configured to handle. Most common in HTTP/2 environments where requests are misrouted, but also appears when virtual host configurations don't match, load balancers route incorrectly, or DNS points to wrong servers.
Unprocessable Entity
Getting a 422 Unprocessable Entity means your request syntax is valid (unlike 400) but the data violates business rules or validation constraints—email format is wrong, required relationships are missing, or values break domain-specific rules. This client-side error (4xx) happens when servers validate request semantics after parsing succeeds. Most common in API calls where data passes JSON validation but fails business logic (e.g., duplicate email, invalid date ranges), but also appears when nested resources don't exist, foreign key constraints fail, or custom validation rules reject the data.
Locked
Hitting a 423 Locked means the resource is currently locked by another process or user—a file is in use, a database record has an active lock, or concurrent access is blocked. This client-side error (4xx) happens when servers enforce resource locking to prevent conflicts. Most common in WebDAV operations or file systems, but also appears when database transactions lock records, concurrent edits are prevented, or distributed locks are active.
Failed Dependency
Getting a 424 Failed Dependency means the operation failed because a required dependency operation failed—creating an order item when the order doesn't exist, or a nested operation in a batch request failed. This client-side error (4xx) is common in WebDAV but also appears in REST APIs with dependencies. Most common when creating nested resources where the parent fails, but also appears when batch operations have partial failures, transaction dependencies fail, or prerequisite operations don't complete.
Too Early
Hitting a 425 Too Early means the server rejected your request because it might be a replay attack—the request arrived too early in a timing window, or replay protection detected a potential duplicate. This client-side error (4xx) is used in HTTP/2 Server Push and HTTP/3 to prevent replay attacks. Most common when requests are sent too quickly after a previous request, but also appears when timing windows are violated, nonces are reused, or replay protection mechanisms trigger.
Upgrade Required
Hitting a 426 Upgrade Required means the server refuses your request because it requires a protocol upgrade—using HTTP/1.0 when the server needs HTTP/1.1, or trying HTTP when HTTPS is mandatory. This client-side error (4xx) happens when servers enforce minimum protocol versions. Most common when legacy clients use HTTP/1.0 on servers requiring HTTP/1.1, but also appears when servers require TLS upgrades, WebSocket upgrades are mandatory, or security policies enforce protocol minimums.
Precondition Required
Getting a 428 Precondition Required means the server requires conditional headers (If-Match, If-None-Match, If-Modified-Since, If-Unmodified-Since) but your request doesn't include them—the server enforces optimistic concurrency control and won't process requests without version checks. This client-side error (4xx) happens when servers mandate conditional requests to prevent lost updates. Most common when updating resources without ETag validation, but also appears when servers require If-Match for all modifications, delete operations need conditional headers, or security policies enforce version checks.
Too Many Requests
Hitting a 429 Too Many Requests means you've exceeded the rate limit—too many API calls in a time window, API quota exhausted, or DDoS protection triggered throttling. This client-side error (4xx) happens when servers enforce rate limiting to prevent abuse and ensure fair resource usage. Most common when clients make rapid-fire requests without throttling, but also appears when API quotas are reached, retry loops create request storms, or traffic spikes trigger automatic rate limiting.
Request Header Fields Too Large
Getting a 431 Request Header Fields Too Large means your request headers exceeded the server's size limit—too many cookies, large custom headers, or cumulative header size is too big. This client-side error (4xx) happens when servers enforce header size limits (typically 8-16KB) to prevent buffer overflows. Most common when Cookie headers accumulate and grow large, but also appears when custom headers contain too much data, multiple authentication tokens are sent, or debug headers add excessive size.
Unavailable For Legal Reasons
Hitting a 451 Unavailable For Legal Reasons means the server blocked access due to legal requirements—government censorship, DMCA takedown, geographic restrictions, or court orders. This client-side error (4xx) is a reference to Ray Bradbury's "Fahrenheit 451" and indicates legal compliance blocking. Most common when content is geo-blocked in certain regions, but also appears when DMCA takedowns remove content, government censorship blocks access, or legal compliance requires content removal.
Internal Server Error
Seeing a 500 Internal Server Error means the server crashed or encountered an unexpected condition—unhandled exceptions, database connection failures, memory exhaustion, or configuration mistakes. This server-side error (5xx) indicates the server failed, not your request. Most common when application code throws uncaught exceptions, but also appears when database connections fail, memory runs out, environment variables are missing, or server configuration is broken.
Not Implemented
Getting a 501 Not Implemented means the server doesn't support the HTTP method or feature you're requesting—trying PATCH on a server that only supports GET/POST, or requesting HTTP/2 features on an HTTP/1.1-only server. This server-side error (5xx) indicates a permanent limitation, not a temporary issue. Most common when using modern HTTP methods (PATCH, DELETE) on legacy servers, but also appears when requesting unsupported protocol features, WebDAV operations on non-WebDAV servers, or experimental HTTP extensions.
Bad Gateway
Getting a 502 Bad Gateway means the gateway or proxy server received an invalid response from the upstream server—the backend crashed, returned malformed data, or closed the connection unexpectedly. This server-side error (5xx) happens when infrastructure (load balancer, reverse proxy, API gateway) can't get a valid response from the application server. Most common when the backend application crashes or times out, but also appears when upstream servers return invalid HTTP responses, network issues break connections mid-request, or the backend is overloaded and can't respond.
Service Unavailable
Hitting a 503 Service Unavailable means the server is temporarily unable to handle requests—it's overloaded, under maintenance, or resources are exhausted. This server-side error (5xx) indicates a temporary condition that should resolve. Most common during traffic spikes that overwhelm the server, but also appears when maintenance mode is enabled, database connection pools are exhausted, or the server is scaling up to handle load.
Gateway Timeout
Getting a 504 Gateway Timeout means the gateway or proxy waited too long for the upstream server to respond—the backend took longer than the gateway's timeout, the request is still processing, or the backend is hung. This server-side error (5xx) happens when infrastructure (load balancer, reverse proxy) times out waiting for the application server. Most common when backend operations are slow (database queries, external API calls), but also appears when gateway timeout settings are too aggressive, network latency is high, or the backend is overloaded and can't respond in time.
HTTP Version Not Supported
Hitting a 505 HTTP Version Not Supported means the server doesn't support the HTTP protocol version you're using—requesting HTTP/2 or HTTP/3 on a server that only supports HTTP/1.1, or using an experimental version the server rejects. This server-side error (5xx) indicates a permanent protocol limitation. Most common when clients force HTTP/2 or HTTP/3 on legacy servers, but also appears when protocol negotiation fails, servers explicitly reject certain versions, or infrastructure doesn't support newer protocols.
Variant Also Negotiates
Getting a 506 Variant Also Negotiates means the server has a configuration error where a variant resource is trying to negotiate its own content, creating a negotiation loop. This server-side error (5xx) indicates an internal server misconfiguration, not a client problem. Most common when content negotiation is misconfigured, but also appears when variant resources are set up incorrectly, negotiation loops occur, or server configuration conflicts create recursive negotiation.
Insufficient Storage
Getting a 507 Insufficient Storage means the server ran out of disk space or hit storage quotas—the file system is full, storage quota exceeded, or there's no room to save uploaded files or generated data. This server-side error (5xx) happens when servers can't write data due to storage limits. Most common during large file uploads when disk space is exhausted, but also appears when log files fill up the disk, database storage quotas are reached, or temporary file storage runs out.
Loop Detected
Hitting a 508 Loop Detected means the server found an infinite loop while processing your request—circular references in resource structures, recursive operations that never terminate, or WebDAV depth infinity requests that create loops. This server-side error (5xx) happens when server logic detects it's stuck in a loop. Most common in WebDAV PROPFIND requests with depth infinity on circular structures, but also appears when recursive operations hit circular references, resource trees have cycles, or server processing logic creates loops.
Not Extended
Getting a 510 Not Extended means the server needs additional protocol extensions to process your request—the Require header lists extensions that must be included. This client-side error (4xx) happens when servers mandate specific HTTP extensions. Most common when servers require experimental or custom extensions, but also appears when protocol extensions are mandatory, extension negotiation fails, or servers enforce extension requirements.
Network Authentication Required
Hitting a 511 Network Authentication Required means you need to authenticate with the network before accessing the internet—captive portals in hotels, airports, or public Wi-Fi require login or terms acceptance. This client-side error (4xx) happens when network infrastructure intercepts requests to force authentication. Most common when connecting to public Wi-Fi that requires login, but also appears when corporate networks require authentication, terms of service must be accepted, or network access control (NAC) systems block unauthenticated devices.