HTTP Status Codes and their purpose | PDF Available

HTTP Protocol Introduction

HTTP is a protocol for web-communication, there is standardisation of protocol by RFC 2616.

HTTP response status codes indicate the processing response of a specific HTTP request, eg. if it has been successfully completed or cancelled or rejected then why?

What are different type of response codes available for HTTP Request?

Responses are grouped in five classes:
– Informational responses (100-199)
– Successful responses (200-299)
– Redirects (300-399)
– Client errors (400-499)
– Server errors (500-599)

Note: If you receive a response that is not in this list, it is a non-standard response, possibly custom to the server’s software. Please check that software’s developer documentation.

Purpose of standardising codes to have general understanding and idea about the requests between different systems, so accordingly they can define their behaviour to correct request or retry or may be some other action items.

Here is the HTTP status codes cheat sheet.

Informational responses status code – 1xx (100199)

The 1xx class of status codes is informational and they indicate that a request was received and understood. It is issued as a provisional status, while the process is still undergoing. It also tells the client to wait for a final response. These messages consist of the status line and the optional header fields.

Status codeStatusDescription
100ContinueThis interim response indicates that the client should continue the request or ignore the response if the request is already finished
101Switching ProtocolsThis code is sent in response to an Upgrade request header from the client and indicates the protocol the server is switching to.
102ProcessingThis code indicates that the server has received and is processing the request, but no response is available yet.
103Early HintsThis status code is primarily intended to be used with the Link header, letting the user agent start preloading resources while the server prepares a response.

Successful responses status code – 2xx (200299)

The 2xx range of codes generally means that the request was successfully received, understood ,and accepted, while the 3xx range of codes indicates that the client must take additional action to complete the specific request. This is often used in URL redirection.

Status codeStatusDescription
200OKThe request succeeded. The result meaning of “success” depends on the HTTP method:
GET: The resource has been fetched and transmitted in the message body.
HEAD: The representation headers are included in the response without any message body.
PUT or POST: The resource describing the result of the action is transmitted in the message body.
TRACE: The message body contains the request message as received by the server.
201CreatedThis code is sent in response to an Upgrade request header from the client and indicates the protocol the server is switching to.
202AcceptedThis code indicates that the server has received and is processing the request, but no response is available yet.
203Non-Authoritative InformationThis status code is primarily intended to be used with the Link header, letting the user agent start preloading resources while the server prepares a response.
204No ContentThere is no content to send for this request, but the headers may be useful. The user agent may update its cached headers for this resource with the new ones.
205Reset ContentTells the user agent to reset the document which sent this request.
206Partial ContentThis response code is used when the Range header is sent from the client to request only part of a resource.
207Multi-StatusConveys information about multiple resources, for situations where multiple status codes might be appropriate.
208Already ReportedUsed inside a <dav:propstat> response element to avoid repeatedly enumerating the internal members of multiple bindings to the same collection.
226IM UsedThe server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance.

Redirects status code- 3xx (300-399)

The 3xx range of status codes generally indicates to the browser that it should look for the page at another URL. This other URL is specified in the Location HTTP header.

Status codeStatusDescription
300Multiple ChoicesThe request has more than one possible response. The user agent or user should choose one of them. (There is no standardized way of choosing one of the responses, but HTML links to the possibilities are recommended so the user can pick.)
301Moved PermanentlyThe URL of the requested resource has been changed permanently. The new URL is given in the response.
302FoundThis response code means that the URI of requested resource has been changed temporarily. Further changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.
303See OtherThe server sent this response to direct the client to get the requested resource at another URI with a GET request.
304Not ModifiedThis is used for caching purposes. It tells the client that the response has not been modified, so the client can continue to use the same cached version of the response.
305Use ProxyDefined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.
306Unused
This response code is no longer used; it is just reserved. It was used in a previous version of the HTTP/1.1 specification.
307Temporary RedirectThe server sends this response to direct the client to get the requested resource at another URI with same method that was used in the prior request. This has the same semantics as the 302 Found HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.
308Permanently RedirectThis means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.
Redirects status codes

Client error status code – 4xx (400-499)

The 4xx class of status code is intended for cases in which the client seems to have erred. Except when responding to a HEAD request, the server SHOULD include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition.

Status codeStatusDescription
400Bad RequestThe server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
401UnauthorizedAlthough the HTTP standard specifies “unauthorized”, semantically this response means “unauthenticated”. That is, the client must authenticate itself to get the requested response.
402Payment RequiredThis response code is reserved for future use. The initial aim for creating this code was using it for digital payment systems, however this status code is used very rarely and no standard convention exists.
403ForbiddenThe client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client’s identity is known to the server.
404Not FoundThe server can not find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web.
405Method Not AllowedThe request method is known by the server but is not supported by the target resource. For example, an API may not allow calling DELETE to remove a resource.
406Not AcceptableThis response is sent when the web server, after performing server-driven content negotiation, doesn’t find any content that conforms to the criteria given by the user agent.
407Proxy Authentication RequiredThis is similar to 401 Unauthorized but authentication is needed to be done by a proxy.
408Request TimeoutThis response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.
409ConflictThis response is sent when a request conflicts with the current state of the server.
410GoneThis response is sent when the requested content has been permanently deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for “limited-time, promotional services”. APIs should not feel compelled to indicate resources that have been deleted with this status code.
411Length RequiredServer rejected the request because the Content-Length header field is not defined and the server requires it.
412Precondition FailedThe client has indicated preconditions in its headers which the server does not meet.
413Payload Too LargeRequest entity is larger than limits defined by server. The server might close the connection or return an Retry-After header field.
414URI Too LongThe URI requested by the client is longer than the server is willing to interpret.
415Unsupported Media TypeThe media format of the requested data is not supported by the server, so the server is rejecting the request.
416Range Not SatisfiableThe range specified by the Range header field in the request cannot be fulfilled. It’s possible that the range is outside the size of the target URI’s data.
417Expectation FailedThis response code means the expectation indicated by the Expect request header field cannot be met by the server.
418418 I'm a teapotThe server refuses the attempt to brew coffee with a teapot.
421Misdirected RequestThe request was directed at a server that is not able to produce a response. This can be sent by a server that is not configured to produce responses for the combination of scheme and authority that are included in the request URI.
422Unprocessable Entity The request was well-formed but was unable to be followed due to semantic errors.
423LockedThe resource that is being accessed is locked.
424Failed DependencyThe request failed due to failure of a previous request.
425425 Too EarlyIndicates that the server is unwilling to risk processing a request that might be replayed.
426Upgrade RequiredThe server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol. The server sends an Upgrade header in a 426 response to indicate the required protocol(s).
427Precondition Required
The origin server requires the request to be conditional. This response is intended to prevent the ‘lost update’ problem, where a client GETs a resource’s state, modifies it and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.
429Too Many Requests
The user has sent too many requests in a given amount of time (“rate limiting“).
431Request Header Fields Too Large
The server is unwilling to process the request because its header fields are too large. The request may be resubmitted after reducing the size of the request header fields.
451Unavailable For Legal Reasons
The user agent requested a resource that cannot legally be provided, such as a web page censored by a government.
Client error codes

Server error responses – 5xx (500-599)

A 5xx code means the problem was caused by the server. With a 5xx code, the request can be present with no changes and you will get the requested result when the server has been fixed. With a 4xx code, typically the client or user has to fix an error before trying again, but there are some exceptions.

Status codeStatusDescription
500Bad RequestThe server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
501Not ImplementedThe request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD.
502Bad GatewayThis error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.
503Service Unavailable
The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This response should be used for temporary conditions and the Retry-After HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.
504Gateway Timeout
This error response is given when the server is acting as a gateway and cannot get a response in time.
505HTTP Version Not SupportedThe HTTP version used in the request is not supported by the server.
506Variant Also Negotiates
The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.
507Insufficient StorageThe method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request.
508Loop DetectedThe server detected an infinite loop while processing the request.
510Not ExtendedFurther extensions to the request are required for the server to fulfill it.
511Network Authentication RequiredIndicates that the client needs to authenticate to gain network access.
Internal server error status codes

Source:

Leave a Reply

Your email address will not be published. Required fields are marked *

eighteen − nine =