HTTP Error Codes

Below is a list of all HTTP status codes you will encounter. The specific problems and their resolution is given below in order of numeric code.

Each series of code is group and, in some cases, sub-grouped, for easier access.

1xx General

100 Continue
Server has received the request headers and the client should now send the request body. Server can check to see if the request can be accepted with the request headers alone by the client sending “Expect:100-continue” as a header in its original request. If a “100 Continue” code or a “417 Expectation Failed” code is received, it means that the request body must be sent.

101 Switching Protocols
Requester asked the server to switch protocols. Server is responding it will perform the switch.

102 Processing (WebDAV; RFC 2518)
The system prevents the client from timing out by sending the “102 Processing” code. A WebDAV request often contains many sub-requests that involve file operations – completing the request will take time. This code reports the server is processing the request.

2xx Success

A group of codes indicating the client action requests have been successfully received, accepted, understood, and processed.

200 OK
A standard response for HTTP GET and POST requests that are successful. GET requests will contain an entity corresponding to the requested resource. POST requests will contain an entity describing or containing the result of the action.

201 Created
A new resource is being created after fulfilling the request.

202 Accepted
Request accepted but not completed. Processing of the request may or may not be done conditional upon the requested being allowed.

203 Non-Authoritative Information (since HTTP/1.1)
Request successfully processed by the server but returning information may be from a different source.

204 No Content
Request successfully processed by the server but returning no content, usually used to send the result of a successful deletion.

205 Reset Content
Request successfully processed by the server but returning no content, the difference from the “204 No Content” code is the requester must reset the document view.

206 Partial Content (RFC 7233)
Client range header restriction allows only partial delivery of the resource from the server. Tools such as wget use this to allow resuming interrupted downloads or splitting of downloads into multiple streams.

207 Multi-Status (WebDAV; RFC 4918)
An XML message is the content of the message body that follows. The body can have multiple response codes within it based on the number of sub-requests made.

208 Already Reported (WebDAV; RFC 5842)
DAV URIs that have been created by BIND have already been included in a previous reply and are not being included again.

226 IM Used (RFC 3229)
Server has fulfilled resource request. Response is the result of one or more instance manipulations of the current instance.

3xx Redirection

A group of codes that requires the client to perform additional actions to complete the request, many used in URL redirection. No user interaction is required if the second request method is a GET or HEAD. Automatically redirecting a request more than 5 times usually indicates an infinite loop, and should be avoided.

300 Multiple Choices
Multiple options for the client to follow are available. The code could be used to suggest different video format options or list files with different extensions

301 Moved Permanently
Redirect current and future requests to the URL.

302 Found
Not used with most browsers, there are some Web applications and frameworks that use this code as in place of the “303 See Other.”

303 See Other (since HTTP/1.1)
Assume the server has received the data when this code is the result of a POST or PUT/DELETE. Redirect with a GET message. Otherwise, the response is found under another URI using a GET.

304 Not Modified (RFC 7232)
Retransmitting the resource not required. Resource has not been modified from the request headers “If-Modified-Since” or “If-None-Match.” A previous downloaded copy exists with the client.

305 Use Proxy (since HTTP/1.1)
Resource only available through a proxy. Proxy address present in the response. Popular clients often do not correctly handle responses from this error code for security reasons.

306 Switch Proxy
No longer used.

307 Temporary Redirect (since HTTP/1.1)
Use another URI for this request but use the original URI for future requests. Do not change the request method when reissuing the original request, that is, a POST request should be responded to with another POST request.

308 Permanent Redirect (RFC 7538)
Use another URI for this request and all future requests. Error codes 307 and 308 are similar in function but do not allow a change to the HTTP method.

4xx Client Error

This group is for presumed client errors. All status codes in this group can occur in any request method. Server should include whether the error is temporary or permanent, and an explanation of the situation. The exception to this is when responding to a HEAD request. Browsers should display any included object to the user.

400 Bad Request
Server unable to process request presumed to be a client error. Examples are invalid request message framing or deceptive request routing.

401 Unauthorized (RFC 7235)
See “403 Forbidden” for additional information. Used only when authentication is required and has not been delivered. Response must contain a “WWW-Authenticate” header field challenging the requested resource.

402 Payment Required
Reserved for future use for payment systems.

403 Forbidden
Distinguished from a “401 Unauthorized” code, while the request was valid the server refuses to respond and authenticating will not matter.

404 Not Found
Resource cannot be found but may be available later. Client can submit requests later.

405 Method Not Allowed
Request method not supported. An example is using PUT on a read-only resource.

406 Not Acceptable
Resource is unable to process the media type specified in the Accept header sent with the request because it can only generate content that is not acceptable to the Accept header.

407 Proxy Authentication Required (RFC 7235)
Proxy must receive authentication from client before proceeding.

408 Request Timeout
Server timed out. HTTP specifications state, “The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time.”

409 Conflict
Request conflict does not allow processing. An example is when multiple updates encounter an edit conflict.

410 Gone
The “404 Not Found” code is more often seen than the “410 Gone” as the resource is no longer available because it has been intentionally removed. In the case of a 410 code, the resource should be purged and the client should never request the resource again.

411 Length Required
Length of the content not specified and required for processing.

412 Precondition Failed (RFC 7232)
Requester preconditions have not been met by the server.

413 Request Entity Too Large
Server is unable to meet the request size of the request.

414 Request-URI Too Long
This is usually the result of a GET request that has too much data contained and should be converted to a POST. The URI data sent was roo long for processing by the server.

415 Unsupported Media Type
Server or resource is unable to process the requested media type.

416 Requested Range Not Satisfiable (RFC 7233)
Server cannot supply a part of the file that client is requesting.

417 Expectation Failed
Requirements of the “Expect” request header field cannot be met by the server.

418 I'm a teapot (RFC 2324)
Disregard. A 1998 April Fools joke.

419 Authentication Timeout (not in RFC 2616)
A previously valid authorization has expired. It differs from 401 Unauthorized in that a valid authorization exists as opposed to clients that are completely denied access to server resources.

420 Method Failure (Spring Framework)
Used when a method fails in the HttpStatus class of the Spring Framework.

420 Enhance Your Calm (Twitter)
Used by the Twitter Search and Trends API, version 1, which is similar to the 429 Too Many Requests code. It indicates the client is being rate limited.

421 Misdirected Request (HTTP/2)
Server that the request was directed to is not able to generate a response, as in the case of a connection reuse.

422 Un-processable Entity (WebDAV; RFC 4918)
Semantic error resulted in the request not being abled to be followed.

423 Locked (WebDAV; RFC 4918)
Locked state of a resource that is attempting to be accessed.

424 Failed Dependency (WebDAV; RFC 4918)
Current request failed because of the failure of a previous request.

426 Upgrade Required
Upgrade header field should be changed to switch to a different protocol.

428 Precondition Required (RFC 6585)
The request sent to the origin server requires a condition. Created to prevent lost updates where one or more values are lost when the client performs a GET and PUT to modify a resource’s state, but unaware that a third party has also modified the state on the server, resulting in a conflict.

429 Too Many Requests (RFC 6585)
Primarily used to control rate limits, this error occurs when too many requests are sent within a prescribed amount of time.

431 Request Header Fields Too Large (RFC 6585)
Server unable to process the request because a single or collective number of headers are too large.

Microsoft Subgroup (with one Nginx that snuck in)

440 Login Timeout (Microsoft)
A Microsoft extension code that tells you the session has expired.

444 No Response (Nginx)
Indicates the server has not returned any information to the client. Connection has been closed. Can be used to prevent malware processes.

449 Retry With (Microsoft)
A Microsoft extension code allowing the request to be tried again after a specific action has been successfully completed.

450 Blocked by Windows Parental Controls (Microsoft)
A Microsoft extension code that appears when access to a webpage is blocked due to Windows Parental Controls being in an “on” state.

451 Unavailable For Legal Reasons (Internet draft)
Used when the resource is denied access for legal reasons, such as government mandate or censorship.

451 Redirect (Microsoft)
Used if server cannot access a user’s mailbox or if a more efficient server is available when using Microsoft Exchange ActiveSync. Client should seek a more efficient server through the HTTP Autodiscovery protocol.


Nginx Sub Group

494 Request Header Too Large (Nginx)
Earlier version of code “431 Request Header Fields Too Large” used with Nginx.

495 Cert Error (Nginx)
SSL client certificate error for Nginx to distinguish it from other 4xx error codes which result in an error page redirection.

496 No Cert (Nginx)
Same as 495 Cert Error except no SSL client certificate is provided to the server.

497 HTTP to HTTPS (Nginx)
Used as an internal code to log HTTP requests that are sent to an HTTPS port to distinguish the code from other 4xx error codes which result in an error page redirection.

498 Token expired/invalid (Esri)
Expired or invalid token received by ArcGIS for Server.

499 Client Closed Request (Nginx)
Prevents server from returning a status code because the connection has been closed by the client. Used in Nginx to log that the server was still processing the request while the server was still processing.

499 Token Required (Esri)
If no token was submitted, one is required. Used in ArcGIS for Server.


5xx Server Errors

This group of error codes can be understood as server self-aware codes, where the server recognizes it has made an error or is unable to perform a request. Other than when responding to a HEAD request, server response should include a statement of the error and whether the condition is temporary or permanent. Browsers should display any included object to the user.

500 Internal Server Error
An unexpected condition was encountered and no other error message applies to the condition. A generic catch-all message.

501 Not Implemented
Server does not recognize request or cannot fulfill the requirements to respond to the request. Future availability to complete the request is implied.

502 Bad Gateway
Server received an invalid response from an upstream server when functioning as a gateway or proxy.

503 Service Unavailable
Server is unavailable due to maintenance or overload. Usually a temporary state.

504 Gateway Timeout
Similar to “502 Bad Gateway” the server did not get a response from the upstream server in a predetermined amount of time.

505 HTTP Version Not Supported
The HTTP protocol sent by the client is not supported by thee server.

506 Variant Also Negotiates (RFC 2295)
The processing of a variant when a GET or HEAD request is made results in a circular reference.

507 Insufficient Storage (WebDAV; RFC 4918)
The request cannot be completed because the space needed to store the required representation is unavailable on the server.

508 Loop Detected (WebDAV; RFC 5842)
Server identified an infinite loop while processing the request. Used in place of “208 Already Reported.”

509 Bandwidth Limit Exceeded (Apache bw/limited extension)
Unknown use.

510 Not Extended (RFC 2774)
Server requires additional information in the form of further extensions to fulfill the request.

511 Network Authentication Required (RFC 6585)
Authentication by the client required before network access is granted. Used to control network access. For example, accepting the Terms of Service agreement when using a WiFi hotspot.

598 Network read timeout error (Unknown)
Used by Microsoft HTTP proxies to send a network read timeout to a client in front of the proxy.

599 Network connect timeout error (Unknown)
Same purpose as “598 Network read timeout error” except the proxy sends a a network connect timeout signal.