HTTP Status Codes Cheat Sheet

Complete, up‑to‑date catalog of HTTP status codes (RFC 9110 + IANA registry). Filter by category, search by code or description, and copy any status instantly.

All Codes
1xx Informational
2xx Success
3xx Redirection
4xx Client Errors
5xx Server Errors
Total codes shown: 0 Based on IANA HTTP Status Codes Registry + RFC 9110 Last update: March 2025
Status CodeMessage / TitleDescription & ContextCategory
Privacy first: No data is sent to any server – filtering and search happen entirely in your browser.

Understanding HTTP Status Code Classes

The Internet Engineering Task Force (IETF) defines HTTP status codes in RFC 9110. These three-digit codes are grouped into five classes. The first digit indicates the response category: 1xx (Informational), 2xx (Success), 3xx (Redirection), 4xx (Client Error), and 5xx (Server Error). This cheat sheet enumerates every standardized code, including provisional and unofficial codes used in real-world APIs such as 418 (I'm a teapot) and 425 (Too Early).

? Quick rule of thumb:

  • 2xx: Everything worked as expected.
  • 3xx: Further action needed (redirects).
  • 4xx: The request contains bad syntax or cannot be fulfilled by the client.
  • 5xx: The server failed to fulfill a valid request.

Why a Structured Cheat Sheet Matters

For backend engineers, frontend developers, and API consumers, knowing the precise meaning of each status code accelerates debugging, improves error handling, and enhances API design. Using correct codes like 409 Conflict for resource versioning or 429 Too Many Requests for rate limiting makes APIs intuitive. This reference includes expert annotations (e.g., when to use 202 Accepted vs 201 Created).

Real‑World API Design: Choosing the Right 4xx

When building a REST API for a payment gateway, returning 400 Bad Request for generic validation errors can be ambiguous. Instead, specialized codes like 422 Unprocessable Entity (WebDAV) clarify semantic errors. Similarly, 401 Unauthorized indicates missing authentication, while 403 Forbidden means authenticated but insufficient privileges. Using this status code cheat sheet ensures interoperability and developer satisfaction.

Expert Tips & Best Practices

  • Idempotency & 2xx: Methods like GET, PUT, DELETE should be idempotent; returning 200 or 204 is standard.
  • 3xx & SEO impact: Use 301 Moved Permanently for permanent redirects (search engines transfer link equity), and 302 Found or 307 Temporary Redirect for temporary moves.
  • 429 Rate Limiting: Include a Retry-After header to help clients back off gracefully.
  • 508 Loop Detected (WebDAV): Rare but useful for infinite recursion prevention.

Complete Breakdown of Obscure Status Codes

Beyond common codes (200, 404, 500), standards include 103 Early Hints (used for link preloading), 308 Permanent Redirect (preserves request method), 451 Unavailable For Legal Reasons (censorship transparency), and 507 Insufficient Storage. This reference also covers Microsoft IIS extensions like 449 Retry With, and Cloudflare's 520–527 origin errors, giving a holistic view for modern web infrastructure.

Frequently Asked Questions (HTTP Status Codes)

401 Unauthorized means the client lacks valid authentication credentials; 403 Forbidden means the server understood the request but refuses to authorize it (authenticated but not allowed).

Use 202 Accepted when the request has been accepted for processing but is not yet completed (asynchronous operations). 200 OK indicates synchronous success with a response payload.

Yes, it was defined as an April Fools' joke in RFC 2324 (Hyper Text Coffee Pot Control Protocol). Many servers and frameworks implement it as a humorous Easter egg, but it is not part of the core HTTP standard.

While possible, custom codes outside the standard range (e.g., 4xx/5xx) are not recommended because clients and intermediaries may misinterpret them. Stick to registered codes or use extended information in response bodies.

The IANA maintains the official HTTP Status Codes registry at iana.org. RFC 9110 is the authoritative specification for HTTP semantics.

Authority & Expert Verification – This cheat sheet references the IANA HTTP Status Codes registry, RFC 9110 (HTTP Semantics), and RFC 7231 (obsolete but legacy). Trusted by developers for production debugging, teaching HTTP protocols, and designing robust REST services. Updated May 2026 to reflect latest draft standards (RFC 9110).