What HTTP Status Codes Mean (200, 301, 404, 500 and More)
Updated 2026-07-06
Every time your browser loads a page or an app calls an API, the server replies with a three-digit status code. Most of the time you never see it, but when something breaks — a 404, a 500 — that number is the first clue. This guide teaches you to read status codes at a glance.
Read the first digit
The trick is that the first digit tells you the category, so you can understand the intent of a code you've never seen:
- 1xx — Informational: received, still processing (rare in everyday use).
- 2xx — Success: it worked.
- 3xx — Redirection: the resource is somewhere else.
- 4xx — Client error: the request was wrong (your side).
- 5xx — Server error: the request was fine, the server failed.
That 4xx-vs-5xx split is the most useful distinction when debugging: 4xx means fix the request; 5xx means the server is at fault.
The codes you'll actually meet
Success and redirects
- 200 OK — the standard “it worked” response.
- 201 Created — a new resource was created (after a POST).
- 301 Moved Permanently — this URL has permanently moved; update your links. Important for SEO.
- 302 Found — a temporary redirect; keep using the original URL.
- 304 Not Modified — your cached copy is still valid, so nothing was re-sent.
Client errors (4xx)
- 400 Bad Request — the request was malformed.
- 401 Unauthorized — you need to authenticate (log in).
- 403 Forbidden — you're authenticated but not allowed.
- 404 Not Found — the resource doesn't exist.
- 429 Too Many Requests — you're being rate-limited; slow down.
Server errors (5xx)
- 500 Internal Server Error — a generic server-side failure.
- 502 Bad Gateway — a server upstream returned a bad response.
- 503 Service Unavailable — the server is overloaded or down for maintenance.
- 504 Gateway Timeout — an upstream server didn't respond in time.
401 vs. 403: a common mix-up
These two feel similar but differ in one word. 401 Unauthorized really means “unauthenticated” — the server doesn't know who you are, so log in. 403 Forbidden means the server knows who you are and you're still not allowed. One is about identity, the other about permission.
The full list
For every registered code with its meaning — searchable and grouped by class — see our complete HTTP status codes reference. If you're debugging API responses, our guides to JWTs and URL encoding cover two other things you'll run into constantly.
More in Web & Developer
See all Web & Developer guides →Tools mentioned in this guide