The Quick Answer
HTTP status codes are three-digit numbers that a web server sends back to tell the client (usually a browser) what happened with its request. The first digit defines the category:
| Range | Category | Meaning |
|---|---|---|
| 1xx | Informational | Request received, processing continues |
| 2xx | Success | Request was received, understood, and accepted |
| 3xx | Redirection | Further action needed to complete the request |
| 4xx | Client Error | The request contains an error on the client side |
| 5xx | Server Error | The server failed to fulfill a valid request |
You can look up any code instantly with our HTTP Status Codes reference.
How HTTP Status Codes Work
Every time your browser requests a web page, the server responds with a status code before sending any content. This happens in the HTTP response header:
HTTP/1.1 200 OK
Content-Type: text/html
The browser reads this code to decide what to do next — display the page, follow a redirect, or show an error message.
Most of the time you never see these codes. They work silently in the background. You only notice them when something goes wrong (the infamous "404 Not Found" page).
The Most Common Status Codes
200 OK
The request succeeded. This is what happens on every normal page load. The server found what you asked for and sent it back.
201 Created
The server created a new resource as requested. Common in APIs after a successful POST request — for example, creating a new user account or submitting a form.
204 No Content
The server processed the request successfully but has nothing to send back. Used when you delete a resource or save preferences without needing a response body.
301 Moved Permanently
The resource has permanently moved to a new URL. The server tells the browser (and search engines) to update their records. All future requests should use the new URL.
When this matters for SEO: A 301 passes link equity to the new URL. Use it when you permanently change a page's URL, merge two pages, or move to a new domain.
302 Found (Temporary Redirect)
The resource is temporarily at a different URL. Unlike 301, the original URL is still the "correct" one. The browser follows the redirect but does not update bookmarks.
Common confusion: Many developers use 302 when they mean 301. The practical difference: search engines treat 301 as "replace the old URL in the index" and 302 as "keep the old URL."
304 Not Modified
The resource hasn't changed since the browser last fetched it. Instead of sending the full page again, the server says "use your cached copy." This saves bandwidth and speeds up page loads.
400 Bad Request
The server cannot process the request because something is wrong with how it was formed. Common causes:
- Malformed JSON in an API request
- Missing required parameters
- Invalid characters in the URL
- Request body too large for the content type
401 Unauthorized
Authentication is required but was not provided, or the credentials are invalid. Despite the name, this is about authentication (who you are), not authorization (what you're allowed to do).
Common fix: Log in, provide a valid API key, or refresh an expired token.
403 Forbidden
The server understood the request and knows who you are, but refuses to grant access. Unlike 401, re-authenticating won't help — you simply don't have permission.
Key difference from 401: 401 means "I don't know who you are." 403 means "I know who you are, and you can't access this."
404 Not Found
The server cannot find the requested resource. The most recognized HTTP error, often caused by:
- Typo in the URL
- The page was deleted or moved without a redirect
- A broken link on another website
- Incorrect API endpoint
For website owners: Monitor your 404 errors. High numbers can indicate broken internal links or missing redirects after a site restructure.
405 Method Not Allowed
The HTTP method (GET, POST, PUT, DELETE) is not supported for this URL. For example, trying to POST to a URL that only accepts GET requests.
408 Request Timeout
The server waited too long for the client to finish sending the request. This can happen on slow connections or when a client starts a request but never completes it.
409 Conflict
The request conflicts with the current state of the resource. Common in APIs when two users try to update the same record simultaneously, or when you try to create a resource that already exists.
429 Too Many Requests
You've hit a rate limit. The server is telling you to slow down. Most APIs return a Retry-After header indicating how long to wait before trying again.
500 Internal Server Error
Something went wrong on the server, but the server can't be more specific about what. This is the generic "something broke" error.
Common causes: unhandled exceptions in application code, database connection failures, misconfigured server settings, or bugs triggered by specific input.
502 Bad Gateway
The server was acting as a proxy or gateway and received an invalid response from the upstream server. In practice, this often means:
- The application server behind the load balancer crashed
- A microservice is down
- A reverse proxy (like Nginx) can't reach the backend
503 Service Unavailable
The server is temporarily unable to handle the request. Usually because it's overloaded or down for maintenance. Unlike 500, this implies the problem is temporary.
Tip: Servers should include a Retry-After header so clients know when to try again.
504 Gateway Timeout
Similar to 502, but instead of an invalid response, the upstream server didn't respond at all within the time limit. Common when backend processing takes too long.
301 vs 302: When to Use Each
| Scenario | Use | Why |
|---|---|---|
| Page permanently moved to new URL | 301 | Tells search engines to index the new URL |
| Temporary maintenance redirect | 302 | Original URL should stay in the index |
| Domain migration | 301 | All old URLs should point to the new domain |
| A/B test redirect | 302 | Both URLs are valid, temporary routing |
| HTTP to HTTPS | 301 | The HTTPS version is the permanent URL |
401 vs 403: Understanding the Difference
These two are often confused:
401 Unauthorized → "Who are you? Prove your identity."
- No credentials provided
- Invalid credentials (wrong password, expired token)
- Fix: provide valid authentication
403 Forbidden → "I know who you are, but you can't do this."
- Valid credentials, insufficient permissions
- IP blocked
- Resource restricted to certain roles
- Fix: request access or contact an administrator
What to Do When You See an Error
As a user
- 4xx errors: Check the URL for typos. Try refreshing. Clear your browser cache. If it's a 401 or 403, check if you're logged in.
- 5xx errors: Wait and try again. The problem is on the server side, not yours. If it persists, the service may be experiencing an outage.
As a developer
- 4xx errors: Check your request format, URL, authentication headers, and request body. Read the response body — many APIs include a detailed error message.
- 5xx errors: Check server logs. Look for unhandled exceptions, resource exhaustion (memory, disk, connections), or downstream service failures.
HTTP Status Codes and SEO
Search engines pay close attention to status codes:
- 200: Page is crawlable and indexable
- 301: Passes most link equity to the new URL (use for permanent moves)
- 302: Tells crawlers the original URL is canonical (use for temporary moves)
- 404: Page is removed from the index over time
- 410 Gone: Page is removed from the index faster than 404 (use when content is intentionally deleted)
- 503: Tells crawlers to come back later (use during maintenance, not as a permanent state)
Important: Returning a 200 status code on error pages (a "soft 404") confuses search engines. Always return the correct status code.
Frequently Asked Questions
What does HTTP status code 200 mean?
HTTP 200 OK means the request was successful. The server found and returned the requested resource. This is the standard response for every normal page load.
What is the difference between 301 and 302 redirects?
A 301 redirect means the resource has permanently moved, and search engines should update their index. A 302 redirect means the move is temporary, and the original URL should remain in the index.
Why do I get a 403 Forbidden error?
A 403 error means the server recognized your identity but denied access. Common causes include insufficient permissions, IP restrictions, or attempting to access a protected directory. Unlike 401, providing different credentials usually will not help.
What causes a 500 Internal Server Error?
A 500 error is a generic server-side failure. Common causes include application bugs, database connection issues, misconfigured servers, or unhandled exceptions in code. Check server logs for the specific cause.
What is the difference between 502 and 504 errors?
Both involve a server acting as a proxy. A 502 Bad Gateway means the proxy received an invalid response from the upstream server. A 504 Gateway Timeout means the upstream server did not respond in time. In both cases, the problem is with the backend, not the proxy itself.
How do I fix a 404 Not Found error?
As a visitor, check the URL for typos and try searching the site directly. As a site owner, set up 301 redirects for moved pages, fix broken internal links, and create a custom 404 page that helps users navigate.
What does 429 Too Many Requests mean?
HTTP 429 means you've exceeded the server's rate limit. Wait before sending more requests. Check the Retry-After response header for the recommended delay. APIs use this to prevent abuse and ensure fair usage.
Is a 304 Not Modified response good or bad?
A 304 is positive — it means the browser's cached version is still current, so the server doesn't need to send the full response again. This saves bandwidth and makes pages load faster.
What is the difference between 401 and 403?
A 401 means authentication is missing or invalid — the server doesn't know who you are. A 403 means the server knows who you are but you don't have permission. Fix a 401 by logging in; fix a 403 by requesting access.
What HTTP status code should I use for a deleted page?
Use 410 Gone if the page was intentionally and permanently deleted. Use 404 Not Found if you're not sure whether the page might return. Search engines remove 410 pages from their index faster than 404 pages.
What does 503 Service Unavailable mean?
HTTP 503 means the server is temporarily unable to handle requests, usually due to maintenance or being overloaded. It signals a temporary condition. The server should include a Retry-After header indicating when to try again.
Can HTTP status codes affect website performance?
Indirectly, yes. Excessive redirects (301/302 chains) add latency. Proper use of 304 Not Modified improves caching. Frequent 5xx errors cause search engines to reduce crawl rate, which can delay indexing of new content.