HTTP status code
An HTTP status code is provided by a server in response to every HTTP request. A client such as a web browser is on the requesting side . The server uses the HTTP status code to inform the client whether the request has been processed successfully. In the event of an error, the status code provides information about where (for example, via a diversion) or how (for example with authentication ) he can obtain the desired information. The best known are the codes 404: "Not found", 403: "Missing access authorization" and 400: "Incorrect request".
The first digit of a status code represents the status class. They are specified in RFC 7231 (replaces RFC 2616 ), as well as RFC 2518 , RFC 2817 , RFC 2295 , RFC 2774 and RFC 4918 . Some belong to Distributed Authoring (WebDAV) .
In addition to the status codes standardized in RFC , some software manufacturers also use proprietary codes for specially defined status and error messages. Other software can only display these codes to the user as general unknown errors; but not a translation and instructions on how to proceed. In some cases, the servers can already infer from the circumstances surrounding the request that the associated special software is involved, and only then return the proprietary codes. Some proprietary codes are listed in this article and labeled accordingly.
List of HTTP status codes
1xx - information
The request is still being processed.
| code | message | meaning |
|---|---|---|
| 100 | Continue | The current request to the server has not yet been rejected. (Used in conjunction with the "Expect 100-continue" header field.) The client can now continue with the potentially very large request. |
| 101 | Switching Protocols | Is used when the server has received a request with the "Upgrade" header field set and agrees to switch to another protocol. This status code is used, for example, when switching from HTTP to WebSocket . |
| 102 | Processing | Used to avoid a timeout while the server is processing a time-consuming request. This is an interim response, which must be followed by a final response on the same connection without any further client requests. |
| 103 | Early hints | Used in conjunction with the "Link" header to allow resources to be preloaded while the server is preparing the final response. |
2xx - Successful operation
The request was successful, the answer can be used.
| code | message | meaning |
|---|---|---|
| 200 | OK | The request was processed successfully and the result of the request is transmitted in the response. |
| 201 | Created | The request was processed successfully. The requested resource was created before the response was sent. The "Location" header field may contain the address of the created resource. |
| 202 | Accepted | The request was accepted, but will be executed at a later time. The success of the request cannot be guaranteed. |
| 203 | Non-authoritative information | The server acts as a “transforming proxy ”, received a 200 OK response from the source and replies with a modified document from the source. |
| 204 | No content | The request was carried out successfully, but the response deliberately contains no data. |
| 205 | Reset content | The request was successfully carried out; the client should rebuild the document and reset form entries. |
| 206 | Partial content | The requested part was successfully transferred (used in connection with a "Content-Range" header field or the content type multipart / byteranges). Can inform a client about partial downloads (used by Wget , for example , to monitor the download progress or to split a download into several streams). |
| 207 | Multi-status | The response contains an XML document that contains several status codes for operations that were performed independently of one another. |
| 208 | Already Reported | WebDAV RFC 5842 - The members of a WebDAV binding were previously enumerated and are no longer present in this request. |
| 226 | IM Used | RFC 3229 - The server has fulfilled a GET request for the resource, the response is a representation of the result of one or more instance manipulations related to the current instance. |
3xx - redirect
To ensure that the request is processed successfully, further steps are required on the part of the client.
| code | message | meaning |
|---|---|---|
| 300 | Multiple Choices | The requested resource is available in different ways. The answer contains a list of the types available. The "Location" header field may contain the address of the representation preferred by the server. |
| 301 | Moved permanently | The requested resource is immediately available at the address specified in the "Location" header field (also called redirect). The old address is no longer valid. |
| 302 | Found ( Moved Temporarily ) | The requested resource is temporarily available at the address specified in the "Location" header field. The old address remains valid. The browsers usually follow with a GET, even if the original request was a POST. Is replaced in HTTP / 1.1 by the status codes 303 or 307 depending on the application. 302 redirect has come under fire due to a search engine bug called URL hijacking . |
| 303 | See Other | The response to the query can be obtained from the address given in the "Location" header field. The browser should follow with a GET, even if the original request was a POST. |
| 304 | Not modified | The content of the requested resource has not changed since the last query from the client and is therefore not transferred. See Browser Cache Version Comparison for details . |
| 305 | Use proxy | The requested resource can only be reached via a proxy. The "Location" header field contains the address of the proxy. |
| 306 | (reserved) | 306 is no longer used, but is reserved. It was used for "Switch Proxy". |
| 307 | Temporary redirect | The requested resource is temporarily available at the address specified in the "Location" header field. The old address remains valid. The browser should follow using the same method as the original request (i.e. a POST is followed by a POST). This is the main difference to 302/303. |
| 308 | Permanent redirect | The requested resource is immediately available at the address given in the "Location" header field, the old address is no longer valid. The browser should follow using the same method as the original request (i.e. a POST is followed by a POST). This is the main difference to 301. |
4xx - client error
The cause of the failure of the request is (more) the responsibility of the client.
| code | message | meaning |
|---|---|---|
| 400 | Bad request | The request message was incorrectly structured. |
| 401 | Unauthorized | The request cannot be made without valid authentication. How the authentication should be carried out is transmitted in the "WWW-Authenticate" header field of the response. |
| 402 | Payment Required | Translated: payment required. This status is reserved for future HTTP protocols. |
| 403 | Forbidden | The request was not carried out because the client was not authorized, for example because the authenticated user is not authorized or a URL configured as HTTPS was only called with HTTP. |
| 404 | Not Found | The requested resource was not found. This status code can also be used to reject a request for no further reason. Links that refer to such error pages are also referred to as dead links . |
| 405 | Method Not Allowed | The request may only be made using other HTTP methods (for example GET instead of POST). Valid methods for the relevant resource are transmitted in the "Allow" header field of the response. |
| 406 | Not acceptable | The requested resource is not available in the desired form. Valid "Content-Type" values can be transmitted in the response. |
| 407 | Proxy Authentication Required | Analogous to status code 401, the client must first be authenticated against the proxy used. How the authentication is to be carried out is transmitted in the "Proxy-Authenticate" header field of the response. |
| 408 | Request timeout | A complete request from the client was not received within the time allowed by the server. |
| 409 | Conflict | The request was made under incorrect assumptions. In the case of a PUT request, this can be due to a change in the resource by a third party in the meantime, for example. |
| 410 | Gone | The requested resource is no longer available and has been permanently removed. |
| 411 | Length required | The request cannot be processed without a "Content-Length" header field. |
| 412 | Precondition Failed | A requirement transferred in the request, for example in the form of an "If-Match" header field, did not apply. |
| 413 | Payload Too Large | The request was too big to be processed by the server. A "Retry-After" header field in the response can indicate to the client that the request could possibly be processed at a later time. |
| 414 | URI Too Long | The request URL was too long. The cause is often an endless loop of redirects. |
| 415 | Unsupported Media Type | The content of the request was sent with an invalid or prohibited media type. |
| 416 | Range Not Satisfiable | The requested part of a resource was invalid or is not available on the server. |
| 417 | Expectation Failed | Used in conjunction with an "Expect" header field. The behavior of the server required in the "Expect" header field cannot be fulfilled. |
| 421 | Misdirected request | The request was sent to a server that is unable to send a response. Introduced in HTTP / 2 . |
| 422 | Unprocessable Entity | Used if the return of status code 415 or 400 would not be justified, but processing of the request is refused, for example due to semantic errors. |
| 423 | Locked | The requested resource is currently locked. |
| 424 | Failed Dependency | The request could not be carried out because it requires the success of another request. |
| 425 | Too early | The server asks the client to resend the request because the TLS connection has not yet been fully established. This is to prevent a replay attack . |
| 426 | Upgrade required | The server requires the client to repeat the request using a different protocol. One use case is switching to HTTP with Transport Layer Security. |
| 428 | Precondition Required | Not all prerequisites were met for the request. This status code is intended to prevent problems caused by race conditions by manipulating or deleting only if the client requests this on the basis of a current resource (for example, by supplying a current ETag header ). |
| 429 | Too many requests | The client sent too many requests in a given period of time. |
| 431 | Request Header Fields Too Large | The maximum length of a header field or the entire header has been exceeded. |
| 451 | Unavailable For Legal Reasons | This status code is intended to indicate that the requested resource is not available due to legal regulations (copyright restrictions, censorship, etc., possibly limited to a certain country).
It was submitted to the IETF by Google employee Tim Bray in June 2012 and has been accepted since December 17, 2015. Bray suggested the number 451, referring to Ray Bradbury's novel Fahrenheit 451 , and added thanks to the author. |
| Examples of other codes not listed in the Hypertext Transfer Protocol (HTTP) Status Code Registry as of July 2020 : | ||
| 418 | I'm a teapot | This code is to be understood as an April Fool's joke by the IETF . Within a joking protocol for making coffee, the Hyper Text Coffee Pot Control Protocol , it indicates that a teapot was mistakenly used instead of a coffee pot . This joke status code can be found on some websites, although it is neither part of HTTP nor is it defined in the Status Code Registry . It is to be listed as "reserved" in the future. |
| 420 | Policy Not Fulfilled | In W3C PEP (Working Draft 21 November 1997) is proposed that code to tell that a condition was not met. |
| 444 | No response | Used in nginx logs to indicate that the server did not send any information back to the client and closed the connection. |
| 449 | The request should be retried after doing the appropriate action | Used in responses from Microsoft Exchange Server . |
| 499 | Client Closed Request | A non-standard status code introduced by nginx in case a client closes the connection while nginx is processing the request. |
5xx - server error
Not to be clearly differentiated from so-called client errors. However, the cause of the failure of the request is more the responsibility of the server.
| code | message | meaning |
|---|---|---|
| 500 | Internal server error | This is a "collective status code" for unexpected server errors. |
| 501 | Not implemented | The functionality to process the request is not provided by this server. The cause is, for example, an unknown or unsupported HTTP method. |
| 502 | Bad gateway | The server could not fulfill its function as gateway or proxy because it received an invalid response. |
| 503 | Service Unavailable | The server is temporarily unavailable, for example due to overload or maintenance work. A "Retry-After" header field in the response can inform the client of a point in time when the request could possibly be processed. |
| 504 | Gateway timeout | The server could not fulfill its function as a gateway or proxy because it did not receive a response from the servers or services it was using within a specified period of time. |
| 505 | HTTP version not supported | The HTTP version used (meaning the number in front of the point) is not supported or rejected by the server. |
| 506 | Variant Also Negotiates | The content agreement of the request results in a circular reference . |
| 507 | Insufficient storage | The request could not be processed because the server does not currently have enough storage space. |
| 508 | Loop Detected | The operation was not performed because the execution would have looped forever. Defined in the binding extension for WebDAV according to RFC 5842 , because bindings can create cyclic paths to WebDAV resources. |
| 509 | Bandwidth Limit Exceeded | The request was rejected because otherwise the available bandwidth would be exceeded (unofficial expansion of some servers). |
| 510 | Not Extended | The request does not contain all the information that the requested server extension necessarily expects. |
| 511 | Network Authentication Required | The client must first authenticate to gain access to the network. |
9xx - Proprietary errors
Some software manufacturers use the range from 900 for proprietary status codes. This range of numbers was never mentioned in the RFC documents and is obviously beyond the standardized codes. This makes it easy to identify as a special case.
See also
Web links
- Hypertext Transfer Protocol (HTTP) Status Code Registry on the IANA website
- Microsoft Internet Information Server Status Codes and Sub-Codes at support.microsoft.com
- Adobe Flash status code definitions (ie 408) ( Memento January 30, 2010 on the Internet Archive ) on the Adobe Inc. website .
- apache-status-code-headers at askapache.com
- Roy Fielding, Julian Reschke: Section 6.3.4 - Response Status Codes . RFC 7231 - Hypertext Transfer Protocol (HTTP / 1.1), IETF , June 2014
Individual evidence
- ↑ RFC 2616 - Hypertext Transfer Protocol - HTTP / 1.1
- ↑ RFC 2518
- ↑ RFC 8297
- ^ Roy Fielding, Julian Reschke: 6.3.4 - Semantics and Content . RFC 7231 - Hypertext Transfer Protocol (HTTP / 1.1), June 2014
- ^ Roy Fielding, Julian Reschke: 5.7.2 - Transformations . RFC 7230 - Message Syntax and Routing , June 2014
- ^ RFC 1945
- ^ Julian Reschke: RFC 7538 - The Hypertext Transfer Protocol Status Code 308 (Permanent Redirect), IETF , April 2015.
- ↑ a b c d RFC 4918 HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)
- ↑ RFC 8470
- ↑ RFC 7231 . Hypertext Transfer Protocol (HTTP / 1.1): Semantics and Content. Section 6.5.15.
- ↑ RFC 2817 . Upgrading to TLS within HTTP / 1.1.
- ↑ a b c d RFC 6585 Additional HTTP Status Codes
- ↑ A New HTTP Status Code for Legally-restricted Resources
- ↑ tools.ietf.org
- ↑ datatracker.ietf.org
- ↑ Appendix A
- ↑ a b iana.org
- ↑ Error 418 I'm a Teapot . It started in 1998, described in the RFC 2324 of 1998.
- ↑ Reserving the 418 HTTP Status Code draft-nottingham-thanks-larry-00
- ↑ w3.org W3C PEP (Working Draft November 21, 1997)
- ↑ Microsoft Open Specifications Support Team Blog on MSDN . Retrieved March 2, 2016
- ↑ RFC 2295
- ↑ RFC 2774
-
↑ For example, the following Windows CMD command returns Code 999:
curl -kI https://www.linkedin.com/company/brainwaregroup/