The server has received the request headers and the client may proceed to send the request body. This mechanism is mainly used for large uploads to avoid bandwidth waste if the server is going to reject the request.

The server agrees to switch protocols as requested via the Upgrade header (e.g., to WebSocket, HTTP/2, or HTTP/3). The connection now follows a different protocol.

A WebDAV extension status code indicating that the server has received and is processing the request (such as generating a long report), but no response is available yet. Used to avoid client timeouts.

The server sends early hints (like Link: preload headers) before the final response to allow the browser to start loading resources earlier. A normal response (200/3xx/etc.) will follow.

Defined in IETF draft (non-standard). Indicates server support for resumable uploads, such as via HTTP-based protocols like tus.io or Resumable.js.

The request has been successfully processed and returns the requested resource or operation result. HTTP methods:

- GET: Returns the requested resource

- POST/PUT/DELETE: Returns the processing result

- HEAD: Returns response headers without body content

The request has been successfully processed and a new resource was created on the server. Response typically includes Location header pointing to the new resource address, and may include the resource content.

The request has been accepted for processing but is not yet completed. Used for asynchronous operations or delayed processing scenarios. Response may include task ID for follow-up queries.

The request succeeded but the response may come from a third-party proxy and differs from the original resource. Typically used when proxy caches modify content.

The server successfully processed the request but returns no content. Suitable for operations that don't require refreshing page resources, like form submissions or deletions.

After request completion, the server asks the client to reset the view or layout. Typically used to clear forms or reset edit pages.

The server responded to a partial content request, commonly used for resumable downloads or media streaming. Client uses Range requests to implement segmented processing.

WebDAV extension status code representing multiple sub-request statuses. Response body contains XML with execution results for each sub-request.

WebDAV avoids redundantly reporting already listed member statuses in responses to optimize information.

RFC 3229 defined status code indicating the response represents the result of applying instance manipulations (like delta encoding) to the original resource.

The server returns multiple available resource options.

The client should choose one of the URIs or handle redirection automatically in the response body.

Resource has permanently moved to a new URI.

Clients should update references, this response can be cached and future requests should use the new address.

Resource is temporarily available from a different URI.

Clients should continue using the original URL, with server typically providing Location header for temporary redirect.

Response directs client to use GET method at another URI to fetch resource, typically used as POST redirect.

Prevents duplicate submissions.

Resource has not been modified since last request.

Client can continue using cached version without redownloading.

Request must be accessed through specified proxy.

This status is rare and most modern browsers ignore it.

This status code is deprecated and no longer used.

Originally indicated client should switch proxy servers, now retained for legacy purposes.

Resource temporarily moved, client should resend request with same method (e.g. unchanged POST) to URI in Location header.

Unlike 302, guarantees method preservation.

Permanent redirect where client should preserve request method and redirect to new URI.

Unlike 301, suitable for REST API migration scenarios.

The server cannot understand the request.

Common causes include malformed JSON, missing required fields, Content-Type mismatch, or invalid URL format.

Authentication failed.

Client didn't provide valid credentials (token/cookie) or credentials are expired/invalid.

Reserved for experimental use.

Originally intended for digital payment scenarios when accessing paid resources. Rarely used in practice.

Server understood the request but refuses to execute it.

Authenticated but insufficient permissions or security policy restrictions.

Requested resource does not exist.

May be caused by API changes, URL typos, deleted resources, or misconfigured routing.

The request method is not allowed.

Server recognizes the path but doesn't support the current HTTP method (e.g. PUT request to GET-only resource).

Client request is not acceptable.

The Accept header specifies content types the server cannot provide (e.g. image/avif).

Proxy authentication required.

This standard code indicates the client needs to provide credentials to the proxy server.

Server timed out waiting for the request.

Client failed to complete the request sending in time or network latency was too high.

Request conflicts with current resource state.

Examples include concurrent modifications, duplicate unique values, or transaction errors.

Resource is permanently gone and no longer available.

Unlike 404, this status explicitly indicates the resource is deprecated with no migration.

Missing Content-Length.

Server requires explicit request body length, but client didn't set it or the value doesn't match actual body.

Precondition failed.

Typically used when ETag, If-Match or other optimistic lock control conditions fail validation.

Request payload too large.

Exceeds server's maximum accepted limit, commonly used for large file uploads or oversized JSON.

URI too long.

Caused by GET requests with too many parameters or redirect chains making URI bloated.

Unsupported media type.

Typically indicates Content-Type is not recognized or doesn't match by the server.

Range request is not satisfiable.

Requested range exceeds resource length or resource has changed causing mismatch.

Server cannot meet Expect header requirements.

Returned when Expect:100-continue is not supported.

Defined by IETF in RFC2324 (April Fools' RFC) as a joke.

Indicates 'I'm a teapot' that can't brew coffee, sometimes used to identify test/crawler requests. Not for formal use.

Laravel framework specific status code.

Indicates authentication timeout, commonly used when CSRF token expires or session times out. Not an official standard but widely used in web apps.

Spring Framework (WebDAV) specific status code.

Indicates method execution failure, commonly used in WebDAV development when partial resource operations fail. Not an official HTTP standard code.

Request was directed to wrong server.

Common in HTTP/2 when multiple domains share same IP without proper routing.

Request syntax correct but semantically invalid.

Commonly used for form/JSON validation failures like missing fields or illegal values.

Resource is locked.

Used in WebDAV when resource is being modified or locked by another request.

Current request failed due to dependency failure.

Common in WebDAV transaction scenarios where one failure causes subsequent failures.

Server rejects premature requests.

Prevents clients from sending requests before TLS handshake completes to avoid replay attacks.

Protocol upgrade required.

For example enforcing TLS or HTTP/2 for better security or performance.

Server requires conditional request headers.

Prevents blind write operations that may cause lost updates.

Too many requests sent, triggering rate limiting.

Server usually provides Retry-After header indicating when to retry.

Shopify custom status code.

Indicates request headers are too large, exceeding server size limits, often due to excessive cookies or custom headers.

Request header fields too large.

Commonly caused by cookie bloat, excessive custom headers, or cyclic accumulation.

Non-standard code defined by Nginx.

Server closes connection immediately without response to prevent malicious/scraping requests.

Microsoft IIS custom status code.

Indicates request failed due to certain conditions, client should modify and retry. Used when proxies/servers require request adjustments.

Microsoft IIS custom status code.

Indicates request was blocked by Windows Parental Controls, common in home networks or restricted enterprise environments.

Resource unavailable due to legal restrictions.

Blocked for reasons like copyright, censorship or court orders.

Nginx non-standard status code.

Request headers exceed server size limits, causing rejection.

Defined by Nginx.

Client provided invalid or untrusted SSL certificate, connection rejected.

Defined by Nginx.

Client didn't provide required SSL certificate while server is configured for mutual authentication.

Defined by Nginx.

Client incorrectly used HTTP protocol to access HTTPS port, causing protocol mismatch.

Defined by Esri ArcGIS Server.

Indicates client token is invalid, revoked or malformed, distinct from generic 401.

Non-standard code defined by Nginx and Esri ArcGIS Server.

Client closed connection before server responded.

Common with user cancellations, network fluctuations or mobile network switching.

Standard HTTP/1.0 server error.

Indicates the server encountered an unexpected condition.

Standard HTTP/1.1.

The server does not support the request method (e.g. PUT, PATCH or custom methods).

Standard HTTP/1.1.

Invalid response received from upstream server when acting as gateway/proxy.

Standard HTTP/1.1.

Server currently unable to handle requests (overloaded, maintenance or resource exhaustion).

Standard HTTP/1.1.

Upstream server didn't respond within configured timeout when acting as gateway/proxy.

Standard HTTP/1.1.

Server doesn't support the HTTP version specified by client.

WebDAV extension (RFC 2295).

Server configured variant negotiation proxy that itself participates in negotiation, causing circular dependency.

WebDAV extension (RFC4918).

Server cannot store content needed to complete the request (e.g. disk space exhausted).

WebDAV extension (RFC5842).

Server detected an internal circular reference causing infinite recursion.

Custom status code defined by Apache/cPanel.

Indicates server bandwidth limit reached, temporarily rejecting requests to prevent overload.

HTTP extension status code (RFC 2774), indicates client request lacks required extension info.

This status is deprecated and not recommended.

Standard status code (RFC 6585).

Client needs network authentication, common in Captive Portal scenarios like public WiFi login pages.

Custom status code defined by Cloudflare.

Indicates origin server returned an unknown error or empty response, preventing Cloudflare from properly responding.

Cloudflare custom code.

Cloudflare cannot connect to origin server - server is down or rejecting connections.

Cloudflare custom code.

TCP connection to origin succeeded but server didn't respond within timeout period.

Cloudflare custom code.

Cloudflare cannot reach origin server via DNS resolution, causing request failure.

Cloudflare custom code.

Connection established but origin server didn't complete response within timeout.

Cloudflare custom code.

SSL handshake between Cloudflare and origin failed, usually due to invalid certificate or misconfiguration.

Cloudflare custom code.

Origin server provided invalid or untrusted SSL certificate.

Cloudflare custom code (Railgun service).

Railgun communication error between Cloudflare and origin server.

Non-standard code defined by Qualys SSL Labs.

Indicates server is too overloaded to handle requests.

Custom status code defined by Pantheon.

Indicates site is frozen due to policy violation and inaccessible.

Reserved for CDN/cloud vendors or manufacturers.

Meaning varies by provider, not officially registered with IANA/IETF.

Same as 531 - vendor-specific reserved code range.

Same as above.

Same as above.

Same as above.

Same as above.

Same as above.

Same as above.

Non-standard proxy error code.

Proxy server timed out when connecting to upstream server.