OnSumo Tools

HTTP Status Code Reference

This tool is a searchable reference for all HTTP status codes. Type any code (like 404, 429, or 503) and get a plain-English explanation of what it means, the common causes that produce it, what the client and server should do in response, and which RFC defines it. The tool works entirely in your browser with no server requests. It is free, requires no login, and works offline once the page loads.

Loading status code reference…

How this tool works

The HTTP status codes reference lists all IANA-registered status codes with their official names, categories, and usage notes. The five categories organize codes by meaning: 1xx informational (request in progress), 2xx success (request completed), 3xx redirection (client must take further action), 4xx client error (the request contains an error the client must fix), and 5xx server error (the server failed to fulfill a valid request). Each entry includes the RFC section that defines the code, typical browser behavior (follow redirect, display page, show error), and common real-world scenarios. The reference also covers widely deployed non-IANA codes such as 429 (Too Many Requests, now RFC 6585), Cloudflare proprietary 5xx codes, labeled as unofficial. A use-case comparison tab groups codes for quick reference: 301 vs 302 vs 307 vs 308 for redirects, 401 vs 403 for access control, 200 vs 204 for responses with and without a body. Key assumption: this is a reference tool, not a live tester. It documents what each code means, not what a specific server returns. Edge case: 301 and 302 redirects historically caused browsers to convert POST requests to GET when following the redirect. Use 307 (Temporary Redirect) or 308 (Permanent Redirect) to preserve the original HTTP method across a redirect.

Worked example

Search 404 to jump to Not Found. Search gateway to find 502 Bad Gateway. Filter 4xx to browse client errors only. A link with ?code=403 opens with 403 Forbidden highlighted.

Related tools

Frequently asked questions

  • What is the difference between 401 and 403?

    401 Unauthorized means the request lacks valid authentication credentials. The client should authenticate (log in) and retry. Despite the name \\\"Unauthorized,\\\" it really means \\\"unauthenticated.\\\" 403 Forbidden means the server understood the request and the client is authenticated, but the authenticated user does not have permission to access the resource. Retrying with the same credentials will not help. Return 401 when you do not know who the user is; return 403 when you know who they are but they do not have access.

  • What is the difference between 301 and 302?

    301 Moved Permanently means the resource has permanently moved to the URL in the Location header. Browsers and search engines cache this redirect indefinitely. 302 Found means the resource is temporarily at the URL in Location. Browsers follow the redirect but do not cache it; the next request should still go to the original URL. Use 301 when you have permanently moved a page (and want SEO juice to transfer). Use 302 for temporary redirects like maintenance pages.

  • When should I use 400 vs 422?

    400 Bad Request is the general-purpose client error for malformed requests: the server could not understand the request due to invalid syntax. 422 Unprocessable Content (formerly \\\"Unprocessable Entity\\\" in RFC 4918, updated in RFC 9110) means the syntax was correct but the semantic content was invalid. For example: a JSON body that parses correctly but contains a field value that fails business logic validation (like a negative price) should return 422. A request with malformed JSON that fails to parse should return 400.

  • What is the difference between 503 and 504?

    503 Service Unavailable means the server is temporarily unable to handle the request, typically due to overload or maintenance. The Retry-After header should indicate when to retry. 504 Gateway Timeout means a gateway or proxy (like a load balancer or reverse proxy) did not receive a timely response from an upstream server. With 503, the server itself is the problem. With 504, the server is a proxy and the problem is the upstream service behind it.

  • Why do some APIs return 200 with an error in the body instead of a 4xx or 5xx code?

    This is an API design antipattern sometimes called \\\"200 OK with error.\\\" It breaks HTTP semantics and makes it impossible for standard HTTP clients, proxies, and monitoring tools to detect errors without parsing the response body. The correct approach is to use the appropriate 4xx or 5xx code and include a structured error body (like {\\\"error\\\": \\\"validation_failed\\\", \\\"message\\\": \\\"...\\\"}) to provide detail. Always use the correct HTTP status code as the primary error signal.

  • What is the 418 I'm a Teapot status code?

    418 I'm a Teapot was defined in RFC 2324 (1998) as an April Fools' joke about the Hyper Text Coffee Pot Control Protocol (HTCPCP). It means \\\"this server is a teapot and refuses to brew coffee.\\\" It has no legitimate use in production APIs. However, it was later preserved in RFC 9110 as a reserved code to prevent it from being reassigned to something else. Some developers return it humorously for easter eggs or deliberate rejection endpoints.