HTTP Status Codes Explained
HTTP status codes are three-digit numbers returned by a web server to indicate the result of a client's request. They are grouped into five classes: 1xx informational, 2xx success, 3xx redirection, 4xx client errors, 5xx server errors. Understanding status codes is essential for debugging APIs, SEO, and web development.
2xx Success and 3xx Redirects
200 OK: successful response. 201 Created: resource created (after POST). 204 No Content: successful but no body (after DELETE). 301 Moved Permanently: resource has a new URL permanently — search engines update their index. 302 Found / 307 Temporary Redirect: temporary move — search engines keep the original URL. 308 Permanent Redirect: like 301 but preserves the HTTP method.
4xx Client Errors
400 Bad Request: malformed syntax or invalid parameters. 401 Unauthorized: authentication required (misleadingly named — it means 'unauthenticated'). 403 Forbidden: authenticated but not authorised. 404 Not Found: resource doesn't exist. 405 Method Not Allowed: HTTP method not supported. 422 Unprocessable Entity: valid syntax but semantic errors (common in REST APIs). 429 Too Many Requests: rate limit exceeded.
5xx Server Errors
500 Internal Server Error: unhandled exception — check server logs. 502 Bad Gateway: upstream server returned an invalid response (commonly a crashed app server behind a reverse proxy). 503 Service Unavailable: server overloaded or in maintenance. 504 Gateway Timeout: upstream server too slow. For APIs, 503 with a Retry-After header is the correct way to signal temporary unavailability.