Every HTTP status code explained — search, filter, copy
61 status codes across 5 classes · RFC 9110 and extensions
HTTP status codes are three-digit responses a server sends to tell a client what happened to its request. From the informational 1xx class through redirects (3xx), client errors (4xx), and server faults (5xx), knowing these codes is essential for debugging APIs, building web apps, and interpreting server logs. This searchable reference covers all standard HTTP status codes with plain-English descriptions and RFC citations.
401 Unauthorized means the request lacks valid authentication credentials — the user is not logged in. 403 Forbidden means the server understood the request and the user may be authenticated, but they do not have permission to access that resource. Re-authenticating will not fix a 403.
Return 400 Bad Request when the request itself is malformed — invalid JSON, missing required headers, or a completely wrong format. Return 422 Unprocessable Content when the request is syntactically correct but fails semantic validation, such as a date range where the end is before the start.
301 Moved Permanently tells browsers and search engines the resource has moved for good — they cache the redirect and update their records. 302 Found is a temporary redirect; clients keep using the original URL for future requests and do not cache the redirect.
RFC 2324, published on April 1, 1998, defined the Hyper Text Coffee Pot Control Protocol as a joke. The 418 status means 'I am a teapot and refuse to brew coffee.' Some APIs deliberately return it for requests they intentionally refuse to handle, as a humorous way to signal an unsupported operation.