HTTP Response Codes - The Complete What, Why and How Guide
HTTP response codes are standard responses from web servers. Here's a breakdown of the different types of HTTP response codes and what they mean.
In this article
- 1xx Informational responses
- 2xx Success responses
- 3xx Redirection responses
- 4xx Client error responses
- 5xx Server error responses
- How to troubleshoot 500 Internal Server Errors
- What causes a 503 error?
- How to fix a 403 error
- Lesser known HTTP response codes
- 102 Processing
- 103 Early Hints
- 208 Already Reported
- 306 (Unused)
- 418 I'm a teapot
- 419 Authentication Timeout
- 420 Enhance Your Calm
- 422 Unprocessable Entity
- 425 Too Early
- 429 Too Many Requests
- 431 Request Header Fields Too Large
- 440 Login Timeout
- 444 No Response
- 449 Retry With
- 451 Unavailable For Legal Reasons
- 506 Variant Also Negotiates
- 507 Insufficient Storage
- 508 Loop Detected
- 510 Not Extended
- 511 Network Authentication Required
1xx Informational responses
100 Continue
This response is typically used when a client sends a large request and the server wants to confirm that it has received the first part of the request before continuing. If you encounter this error, it usually means that the server is waiting for the rest of the request before it can proceed. Check your network connection and make sure that all necessary data has been sent.
2xx Success responses
200 OK
This response indicates that the request has been successfully received and processed by the server. There are no common reasons for this error, as it is generally used when everything is working as expected. If you encounter this error, double-check that your request was correct and that you have the necessary permissions to access the requested resource.
201 Created
This response indicates that the server has successfully created a new resource. If you encounter this error, make sure that the resource was created as expected and that you have the necessary permissions to access it.
204 No Content
This response indicates that the server has successfully processed the request but has nothing to send back. If you encounter this error, check that the request was correct and that you have the necessary permissions to access the requested resource.
3xx Redirection responses
301 Moved Permanently
This response is used when a resource has permanently moved to a new location. If you encounter this error, update any links or bookmarks that you have to the old location and try accessing the new location.
302 Found
This response is used when a resource has temporarily moved to a new location. If you encounter this error, try accessing the new location.
4xx Client error responses
400 Bad Request
This response is used when the server cannot understand the request due to invalid syntax or missing required parameters. If you encounter this error, double-check that your request was correctly formatted and that you have included all necessary parameters.
401 Unauthorized
This response is used when the client is not authorized to access the requested resource. If you encounter this error, double-check that you have the necessary authentication credentials to access the resource.
403 Forbidden
This response is used when the client is authenticated, but does not have the necessary permissions to access the requested resource. If you encounter this error, double-check that you have the necessary permissions to access the resource.
404 Not Found
This response is used when the requested resource could not be found on the server. If you encounter this error, double-check that you have the correct URL and that the resource actually exists on the server.
5xx Server error responses
500 Internal Server Error
This response is used when the server encounters an unexpected condition that prevents it from fulfilling the request. If you encounter this error, the problem is likely on the server side, so contact the server administrator for assistance.
503 Service Unavailable
This response is used when the server is currently unavailable due to maintenance or overload. If you encounter this error, try again later when the server may be less busy.
How to troubleshoot 500 Internal Server Errors
When troubleshooting a 500 Internal Server Error as a sysadmin, you will need to identify the root cause of the error. Here are some steps you can take to troubleshoot this type of error:
- Check server logs
The first step is to check the server logs for any error messages that may indicate the cause of the 500 error. The logs will usually be located in the /var/log directory, and the error messages may be in the Apache error log or the server log for your web server software. Look for any error messages that may indicate the source of the problem, such as syntax errors in scripts or database connectivity issues. - Check configuration files
Next, check your server's configuration files to ensure that they are properly configured. This can include checking your web server software configuration files, PHP configuration files, and any other server-side scripting language configuration files. Make sure that all the settings are correctly configured and that there are no typos or syntax errors. - Check disk space
If your server is running low on disk space, it may cause a 500 error. Check your server's disk usage to ensure that you have enough free space. If not, try freeing up some space by deleting unnecessary files.
df -h - Check server resources
If your server is running low on resources like memory or CPU, it may cause a 500 error. Check your server's resource usage to ensure that you have enough resources available to handle your web traffic. You may need to upgrade your server resources or optimize your web application to use resources more efficiently.
top - Have you just updated with new code?
If you have just updated your web app, that may be causing trouble. Check error logs, turn on debugging or more detailed error logging etc. - Have you run an update on the server?
This may cause web app some code to be deprecated (e.g. if PHP has been updated), or there may be missing dependencies (e.g. missing required PHP modules).
What causes a 503 error?
A 503 Service Unavailable error occurs when a server is temporarily unable to handle a request due to overloading or maintenance.
This error can occur for a variety of reasons, including:
- Reverse proxy communication error
If the site domain points to a reverse proxy server, which is forwarding traffic from another web server, you may get a 503 error if the web server (not the reverse proxy) is down. However, there may also be a communication error between the reverse proxy and the web server. If you are able to SSH into the webserver itself, you can run curl on localhost and check if it serves the error or the website:
Change the port number (:8080) if another port is use, and the domain name in the added headers, so that the web server serves data from the correct vhost. If curl returns the website without any errors, there is probably either a communication error between the web server and the reverse proxy server, or some other kind of problem outside the webserver itself.curl -Lvvvs http://localhost:8080 -H "X-Forwarded-Proto: https" -H "X-Forwarded-Host: www.example.org" -H "Host: www.example.org" - High traffic
When there is a sudden spike in traffic to a website or application, the server may become overloaded and unable to handle the requests. This can cause a 503 error. - Maintenance
If a server is undergoing maintenance or upgrades, it may temporarily be unable to handle requests. During this time, a 503 error may occur. - Server configuration
Incorrect server configuration or server-side software may also cause a 503 error. For example, a misconfigured server or a software bug could cause the server to crash or become unresponsive.
How to fix a 403 error
A 403 Forbidden error indicates that the user attempting to access a resource does not have the necessary permissions. Here are some steps to fix a 403 error, including checking the .htaccess file:
- Clear server cache
If there is some kind of caching, either on the web server or through an external reverse proxy service, such as e.g. CloudFlare, you could try purging the cache. - Check user permissions
Check that the user has the necessary permissions to access the resource. This may involve checking user roles and permissions in the server configuration or database. - Check file permissions
If the resource is a file, check the file permissions to ensure that the user has read or execute permissions. If the file permissions are incorrect, adjust them accordingly. - Check server configuration
Check the server configuration to ensure that it is not blocking access to the resource. This may involve checking server access rules or firewall settings. - Check .htaccess file
If the server is using an .htaccess file to control access to the resource, check that the file is not blocking access. This may involve temporarily removing or commenting out specific rules to see if they are causing the 403 error.
Lesser known HTTP response codes
There are several lesser-known HTTP response codes that are not as commonly encountered as the more well-known ones. Here are a few examples:
102 Processing
This code is used to indicate that the server is still processing the request and has not yet sent a final response.
103 Early Hints
This code is used to send preliminary informational headers before the final response is sent, allowing the client to start processing the headers while the server is still generating the response.
208 Already Reported
This code is used in WebDAV to indicate that the members of a DAV binding have already been enumerated in a preceding part of the response and are not being included again.
306 (Unused)
This code was intended to be used by clients to switch to a different proxy server, but it was never implemented in practice.
418 I'm a teapot
This code is meant to be humorous and is not intended to be taken seriously. It indicates that the server is a teapot and cannot brew coffee.
419 Authentication Timeout
This code is used to indicate that the user's authentication has expired and they need to reauthenticate to access the resource.
420 Enhance Your Calm
This code is used by some APIs to indicate that the client is making too many requests in a short period of time. The code is intended to encourage the client to "enhance their calm" and slow down their requests.
422 Unprocessable Entity
This code is used when the server understands the request but cannot process it due to semantic errors, such as missing fields or invalid values.
425 Too Early
This code is used when the server is unwilling to risk processing a request that might be replayed, and instead requires the client to wait a certain period of time before making the request again.
429 Too Many Requests
This code is used when the client has exceeded a rate limit set by the server, indicating that the client needs to slow down their requests.
431 Request Header Fields Too Large
This code is used when the size of the request headers exceeds the limit set by the server.
440 Login Timeout
This code is used to indicate that the user's session has timed out and they need to log in again to access the resource.
444 No Response
This code is used by Nginx to indicate that the server has closed the connection without sending a response to the client.
449 Retry With
This code is used by Microsoft servers to indicate that the client needs to resend the request with a different HTTP method or to a different URI.
451 Unavailable For Legal Reasons
This code is used when the server is legally required to deny access to the resource, such as due to a court order or government censorship.
506 Variant Also Negotiates
This code is used when the server has multiple representations of the requested resource and cannot provide a response that matches the client's preferences.
507 Insufficient Storage
This code is used in WebDAV to indicate that the server is out of space and cannot store the resource.
508 Loop Detected
This code is used in WebDAV to indicate that the server has detected a loop in the request chain and has stopped processing the request.
510 Not Extended
This code is used to indicate that the client needs to update their request to include additional information in order for the server to complete the request.
511 Network Authentication Required
This code is used by some proxies to indicate that the client needs to authenticate to access the network.