This class of status codes indicates that the request was received and understood, and that processing is ongoing. It is a provisional response and alerts the client to await a final response. The message includes only the status line and optional headers, ending with an empty line. HTTP/1.0 does not support 1xx status codes, so servers should not send them to HTTP/1.0 clients except for experimental purposes.

Below is a list of all official 1xx Status Codes used in applications like API and Webhooks:

Indicates that the server received the request headers and the client can send the body if needed. If the server responds with an error, the body should not be sent. A 417 Expectation Failed means the request should be retried without the Expect header.

Shows that the server agrees to switch protocols as requested by the client.

Used in WebDAV to signal that the server is still processing a complex request and no response is yet available. This status code is now deprecated.

Allows the server to send some response headers before the final HTTP response message is sent.

This class of status codes indicates that the client’s request was successfully received, understood, and accepted.

Below is a list of all official 2xx Status Codes used in applications like API and Webhooks:

Indicates a successful HTTP request. The response depends on the method used: GET returns the requested resource; POST returns the result of the action.

The request was successful, resulting in the creation of a new resource.

The request has been accepted for processing but not yet completed. The request might be acted upon or disallowed later.

The server, acting as a proxy, modified the response from the origin server and is returning the modified version.

The server successfully processed the request but is not returning any content.

The server successfully processed the request and asks the client to reset the document view, without returning any content.

The server is delivering only part of the resource due to a range header sent by the client. Useful for resuming interrupted downloads or splitting downloads.

The response body contains an XML message with multiple response codes for different sub-requests.

The members of a DAV binding were already listed in a previous part of the response and are not included again.

The server has fulfilled the request and the response represents the result of one or more instance-manipulations applied to the resource.

This class of status codes indicates that the client must perform additional actions to complete the request. Many of these codes are used for URL redirection. User agents may automatically handle redirection for GET or HEAD methods without user interaction but should prevent cyclical redirects.

Below is a list of all official 3xx Status Codes used in applications like API and Webhooks:

Indicates multiple options for the resource, and the client may choose from them, such as different file formats or URL options.

The requested resource has been permanently moved to a new URI. Future requests should use this new URI.

Tells the client to redirect to another URL. Historically, it changed the request method to GET, but now HTTP/1.1 uses 303 and 307 to clarify behavior.

The response is available at another URI using the GET method. For POST requests, the client should perform a GET request to the new URI.

The resource has not been modified since the last request, so there’s no need to resend it.

The resource is only available through a proxy, and the address is provided. Many clients do not support this code for security reasons.

No longer used; originally indicated that subsequent requests should use a specified proxy.

The request should be repeated with a different URI, but the request method must remain unchanged (e.g., POST should remain POST).

Similar to 301 but does not allow the HTTP method to change. Future requests should use the new URI without changing the method.

This class of status codes is used when an error is likely caused by the client. Except for HEAD requests, the server should provide an explanation of the error and indicate if the issue is temporary or permanent. These codes apply to all request methods, and user agents should display any included explanation to the user.

Below is a list of all official 4xx Status Codes used in applications like API and Webhooks:

Server cannot process request due to client error (e.g., malformed syntax, size too large).

Authentication required and has failed or not yet provided.

Reserved for future use (e.g., exceeded request limit, insufficient funds, failed payment).

Valid request but server refuses action (e.g., permissions issue, prohibited action).

Resource not found but may be available in the future.

Request method not supported for the requested resource.

Resource generates only non-acceptable content according to Accept headers.

Client must authenticate with proxy.

Server timed out waiting for the request.

Request conflict with current state of the resource.

Resource permanently removed and should not be requested again.

Content length required but not specified.

Server does not meet request preconditions.

Request larger than server is willing or able to process.

URI too long for server to process; often too much data in GET request.

Media type not supported by server or resource.

Client requested part of the file that lies beyond the end of the file.

Server cannot meet the requirements of the Expect request-header field.

Defined as an April Fools' joke; returned by teapots requested to brew coffee.

Request directed at a server unable to produce a response.

Request well-formed but could not be processed.

Resource is locked.

Request failed due to dependency on another failed request.

Server unwilling to risk processing a request that might be replayed.

Client should switch to a different protocol.

Origin server requires request to be conditional to prevent conflict.

User has sent too many requests in a given amount of time.

Request header fields too large for server to process.

Legal demand to deny access to a resource.

This class of status codes indicates that the server failed to fulfill the request. These codes signify that the server encountered an error or was otherwise incapable of performing the request. Except for HEAD requests, the server should provide an explanation of the error and whether it is temporary or permanent. User agents should display this information to the user.

Below is a list of all official 5xx Status Codes used in applications like API and Webhooks:

A generic error indicating an unexpected condition was encountered by the server.

The server does not recognize the request method or lacks the ability to fulfill the request.

The server received an invalid response from an upstream server while acting as a gateway or proxy.

The server cannot handle the request due to being overloaded or down for maintenance. This is usually temporary.

The server did not receive a timely response from an upstream server while acting as a gateway or proxy.

The server does not support the HTTP version used in the request.

Transparent content negotiation resulted in a circular reference.

The server cannot store the representation needed to complete the request.

The server detected an infinite loop while processing the request, replacing 208 Already Reported.

Further extensions to the request are required for the server to fulfill it.

The client needs to authenticate to gain network access, often used by intercepting proxies like captive portals.

Below is a list of unofficial Status Codes from several sources used in applications like API and Webhooks.

Used by Apache servers to indicate a catch-all error condition, allowing message bodies to pass through when ProxyErrorOverride is enabled.

Used by Laravel Framework when a CSRF token is missing or expired.

Deprecated response used by Shopify when request headers are too large.

Used by Shopify to indicate a malicious request.

Indicates access is blocked due to Windows Parental Controls.

Returned by ArcGIS for Server when a token is expired or invalid.

Returned by ArcGIS for Server when a required token is missing.

Indicates the server has exceeded its bandwidth limit.

Used by Qualys SSLLabs to indicate that the site cannot process the request.

Used by Pantheon Systems to indicate a site has been frozen due to inactivity.

Indicates Cloudflare can't resolve the requested DNS record.

Used by Shopify to signal a temporarily disabled endpoint.

Informal convention used by some HTTP proxies to signal a network read timeout behind the proxy.

Used by some HTTP proxies to indicate a network connect timeout behind the proxy.

Used by Shopify to indicate a JSON syntax error in the request.

Indicates the client's session has expired and they must log in again.

The server cannot fulfill the request because required information is missing; the client should retry with the required information.

Used in Exchange ActiveSync to indicate a more efficient server is available or that the server cannot access the user's mailbox.

Instructs the server to return no information to the client and close the connection immediately.

Indicates the client sent too large a request or header line.

Used when the client has provided an invalid SSL certificate.

Indicates a client certificate is required but not provided.

Used when an HTTP request is made to an HTTPS port.

Used when the client closed the request before the server could send a response.

Indicates the origin server returned an empty, unknown, or unexpected response.

The origin server refused connections from Cloudflare.

Cloudflare timed out contacting the origin server.

Cloudflare could not reach the origin server due to incorrect or missing DNS records.

Cloudflare completed a TCP connection to the origin server but did not receive a timely HTTP response.

Cloudflare could not negotiate an SSL/TLS handshake with the origin server.

Cloudflare could not validate the SSL certificate on the origin server.

Returned with an HTTP/2 GOAWAY frame if header length exceeds 8K bytes or more than 10K requests are served through one connection.

Indicates the client closed the connection before the Elastic Load Balancer’s idle timeout period elapsed.

The load balancer received an X-Forwarded-For header with more than 30 IP addresses.

Incompatible protocol versions between the client and origin server.

Authentication error from a server registered with a load balancer; returned when the IdP errors during user authentication.