Complete, up‑to‑date catalog of HTTP status codes (RFC 9110 + IANA registry). Filter by category, search by code or description, and copy any status instantly.
| Status Code | Message / Title | Description & Context | Category |
|---|
The Internet Engineering Task Force (IETF) defines HTTP status codes in RFC 9110. These three-digit codes are grouped into five classes. The first digit indicates the response category: 1xx (Informational), 2xx (Success), 3xx (Redirection), 4xx (Client Error), and 5xx (Server Error). This cheat sheet enumerates every standardized code, including provisional and unofficial codes used in real-world APIs such as 418 (I'm a teapot) and 425 (Too Early).
? Quick rule of thumb:
For backend engineers, frontend developers, and API consumers, knowing the precise meaning of each status code accelerates debugging, improves error handling, and enhances API design. Using correct codes like 409 Conflict for resource versioning or 429 Too Many Requests for rate limiting makes APIs intuitive. This reference includes expert annotations (e.g., when to use 202 Accepted vs 201 Created).
When building a REST API for a payment gateway, returning 400 Bad Request for generic validation errors can be ambiguous. Instead, specialized codes like 422 Unprocessable Entity (WebDAV) clarify semantic errors. Similarly, 401 Unauthorized indicates missing authentication, while 403 Forbidden means authenticated but insufficient privileges. Using this status code cheat sheet ensures interoperability and developer satisfaction.
301 Moved Permanently for permanent redirects (search engines transfer link equity), and 302 Found or 307 Temporary Redirect for temporary moves.
Retry-After header to help clients back off gracefully.
Beyond common codes (200, 404, 500), standards include 103 Early Hints (used for link preloading), 308 Permanent Redirect (preserves request method), 451 Unavailable For Legal Reasons (censorship transparency), and 507 Insufficient Storage. This reference also covers Microsoft IIS extensions like 449 Retry With, and Cloudflare's 520–527 origin errors, giving a holistic view for modern web infrastructure.
401 Unauthorized means the client lacks valid authentication credentials; 403 Forbidden means the server understood the request but refuses to authorize it (authenticated but not allowed).
202 Accepted when the request has been accepted for processing but is not yet completed (asynchronous operations). 200 OK indicates synchronous success with a response payload.