What's the difference between 301 and 302 redirects?

301 is a permanent redirect (search engines update links), while 302 is temporary. Use 301 when a resource permanently moves, and 302 when the move is temporary.

When should I return 400 vs 404?

404 means the resource doesn't exist. 400 (Bad Request) means the server can't process the request due to client error (invalid syntax, missing parameters). Use 404 for missing resources.

Do I need to install anything to use HTTP Status Codes?

No installation needed. HTTP Status Codes Reference works directly in any modern web browser, Chrome, Firefox, Safari, or Edge.

Can I use this on mobile devices?

Yes, this tool works on any device with a modern browser including phones and tablets.

Does this reference cover non-standard status codes?

The reference covers all IANA-registered codes plus a handful of unregistered but widely-used codes from Cloudflare, AWS, and other vendors (e.g., 520–527, 598, 599). The 418 "I'm a teapot" joke code from RFC 2324 is also included.

Free HTTP Status Codes

Complete reference of HTTP response status codes with explanations and use cases.

HTTP Status Code Categories

1xx (Informational) · Request received, continuing process.
2xx (Success) · Request successfully received, understood, and accepted.
3xx (Redirection) · Further action needed to complete the request.
4xx (Client Error) · Request contains bad syntax or cannot be fulfilled.
5xx (Server Error) · Server failed to fulfill a valid request.

What's the difference between 301 and 302?

301 Moved Permanently tells clients the resource has permanently moved · search engines transfer ranking. 302 Found is a temporary redirect · the original URL keeps its ranking.

When should I use 401 vs 403?

401 Unauthorized means "not authenticated" · the client should provide credentials. 403 Forbidden means "authenticated but not allowed" · credentials won't help.

What does a 418 status code mean?

418 "I'm a teapot" is an April Fools' joke from RFC 2324 (Hyper Text Coffee Pot Control Protocol). It's not used in practice but is widely known in developer culture.

A Standard with Three Decades of Drift

HTTP status codes have lived through several spec generations. RFC 1945 (May 1996) standardised HTTP/1.0 with the basic 1xx–5xx categories. RFC 2616 (June 1999) shipped HTTP/1.1 and was the canonical reference for over a decade. The 7230–7235 series (June 2014) split HTTP/1.1 into multiple specs by topic. The current consolidated standard is RFC 9110 "HTTP Semantics" (June 2022), which obsoletes the 7230–7235 split and is the right citation for modern work. The full live registry of assigned codes lives at IANA's HTTP status code registry.

The Five Categories at a Glance

1xx Informational: provisional response. The request was received and the server is continuing to process it. Rare in practice; useful for protocol upgrades and the modern 103 Early Hints (which lets servers preload critical resources before the full response is ready).
2xx Success: the request was received, understood, and accepted. 200 OK is the everyday case; 201 Created for resource creation; 204 No Content for successful actions with nothing to return.
3xx Redirection: further action needed. The classic redirects (301 Moved Permanently, 302 Found, 307 Temporary Redirect, 308 Permanent Redirect) plus 304 Not Modified for cache validation.
4xx Client Error: the client did something wrong: bad syntax, missing auth, requesting something that doesn't exist. The biggest category in real-world traffic.
5xx Server Error: the server messed up. The request was valid; the server just couldn't deliver. These are the ones that wake on-call engineers up.

The "vs" Comparisons That Trip Everyone Up

401 vs 403. The single most-confused pair. 401 Unauthorized means "you haven't authenticated, try logging in" (the name is technically misleading, it's about authentication, not authorization). 403 Forbidden means "you're authenticated, but you're not allowed to do this thing", your credentials are valid but they don't grant access to this resource. A common misuse: returning 403 for unauthenticated requests when 401 with a WWW-Authenticate header is correct.

301 vs 302 vs 307 vs 308. Two axes, permanent vs temporary, and method-preservation behaviour:

Code	Permanent?	Method preserved?	SEO ranking signal
301 Moved Permanently	Yes	Historically clients changed POST → GET	Permanent, passes ranking to new URL
302 Found	No	Historically clients changed POST → GET	Temporary, original URL keeps ranking
307 Temporary Redirect	No	Strict, POST stays POST	Same as 302
308 Permanent Redirect	Yes	Strict, POST stays POST	Same as 301

If you're redirecting GET requests for SEO purposes, 301 is the conventional choice. If you're redirecting POST or PUT requests and want the method preserved, you need 307 or 308.

400 vs 422. 400 Bad Request is for syntactically malformed requests, invalid JSON, missing required headers, malformed query parameters. 422 Unprocessable Entity (originally a WebDAV code, widely adopted by REST APIs) is for syntactically valid requests with semantic problems, the JSON parses correctly, but the values fail business validation (negative quantity on an order, email already in use). Many APIs use both.

502 vs 503 vs 504. Three different upstream-failure modes:

502 Bad Gateway: the proxy / gateway received an invalid response from the upstream server.
503 Service Unavailable: the server is overloaded or under maintenance. Often paired with a Retry-After header.
504 Gateway Timeout: the upstream server didn't respond in time.

404 vs 410. 404 Not Found is "we don't know if this exists or not." 410 Gone is "this used to exist, it's permanently removed." SEO impact: Google treats 410 as a stronger signal that content is permanently unavailable and removes it from the index faster than it does for 404.

REST API Conventions

Modern REST APIs converged on a fairly consistent set of conventions for what status codes mean for which actions:

Method	Happy path	Common errors
GET	`200 OK` with body, or `304 Not Modified` if cached	`404` if resource missing, `403` if forbidden
POST (create)	`201 Created` with `Location` header pointing to new resource	`400` for malformed body, `422` for validation errors, `409` for conflicts
PUT (replace) / PATCH (update)	`200 OK` with updated body, or `204 No Content`	`404` if resource missing, `409` for version conflicts
DELETE	`204 No Content` (or `200` with deletion confirmation)	`404` if missing
Any (rate-limited)	-	`429 Too Many Requests` with `Retry-After` header
Any (auth)	-	`401` if no auth, `403` if authorised but not permitted

SEO Implications

200 OK: Google indexes the page normally.
301 Moved Permanently: Google updates the indexed URL to the new one and transfers ranking signals.
302 Found / 307 Temporary Redirect: Google keeps the original URL indexed; ranking stays with the original.
308 Permanent Redirect: Google treats it like 301: ranking transfers.
304 Not Modified: used by Googlebot for conditional requests; signals that cached content can be reused.
404 Not Found: Google removes the URL from its index after a few crawls.
410 Gone: Google removes the URL faster than for 404; the stronger "permanently gone" signal.
503 Service Unavailable with Retry-After: tells Googlebot to come back later. Use during maintenance windows; avoid using 503 for genuine errors (Google interprets sustained 503s as instructions not to crawl).
5xx sustained: Google reduces crawl rate and may eventually drop the URL from the index entirely.

Famous & Cultural Codes

418 I'm a teapot: an April Fools' joke from RFC 2324 (Hyper Text Coffee Pot Control Protocol, 1 April 1998). When the IETF proposed dropping it from the spec in 2017, the "Save 418" campaign successfully kept it on the books. Some APIs use it as a "this isn't real" marker; otherwise harmless.
451 Unavailable For Legal Reasons: RFC 7725 (2015), named after Ray Bradbury's Fahrenheit 451. Returned when content is censored by court order or government request.
Cloudflare's 520–527 series: non-standard, used by Cloudflare to indicate specific upstream-server connection failures. Common when a site behind Cloudflare has problems.
Nginx's 444 No Response: Nginx-specific, returned when the server closes the connection without sending any response.
Twitter's historical 420 Enhance Your Calm: a since-removed rate-limit code used by Twitter's earlier API; replaced by the standard 429.

Common Mistakes

Using 200 OK for errors with an error body. Returning {"error": "not found"} with a 200 status confuses every caching layer, monitoring tool, and client SDK. Use the right status code.
Returning 403 for unauthenticated requests. The right code is 401 with a WWW-Authenticate header.
Using 302 when you mean 301. If the move is permanent, search engines need the 301 to transfer ranking. 302 keeps the old URL indexed.
Using 301 or 302 for POST/PUT redirects. Historically these allowed clients to change the method to GET. 307 and 308 strictly preserve the original method.
Returning 500 when 503 is meant. If the server is overloaded or in maintenance, 503 with Retry-After is the correct signal, both for clients and for Googlebot.
Using 404 for permanently-removed pages. 410 Gone is the stronger signal and gets removed from search-engine indexes faster.
Forgetting the Location header on 201 and 3xx responses. The Location header is what tells the client where the new resource lives or where to redirect to. Without it, clients can't navigate.

Related Tools

URL Parser .htaccess Generator URL Encoder/Decoder