| HTTP status code | Status code meaning |
|---|
| 100 | The client should continue sending requests. This provisional response is used to inform the client that part of its request has been received by the server and has not yet been rejected. The client SHOULD continue sending the remainder of the request, or ignore this response if the request has already been completed. The server must send a final response to the client after the request is completed. |
| 101 | The server has understood the client's request and will notify the client through the Upgrade message header to use a different protocol to complete the request. After sending the last blank line of this response, the server will switch to the protocols defined in the Upgrade header. Such measures should only be taken when switching to a new protocol is more beneficial. For example, switching to a new HTTP version has advantages over an older version, or switching to a real-time and synchronous protocol for delivering resources that take advantage of such features. |
| 102 | A status code extended by WebDAV (RFC 2518) indicating that processing will continue. |
| 200 | The request was successful and the response headers or data body expected by the request will be returned with this response. |
| 201 | The request has been fulfilled, a new resource has been created based on the request's needs, and its URI has been returned with the Location header. If the required resources cannot be created in time, '202 Accepted' should be returned. |
| 202 | The server accepted the request but has not yet processed it. Just as it may be denied, the request may or may not ultimately be executed. In the case of asynchronous operations, there is no more convenient way than sending this status code. The purpose of returning a 202 status code response is to allow the server to accept requests from other processes (such as a batch-based operation that is only performed once a day) without having to keep the client connected to the server until the batch operation is completed. A response that accepts request processing and returns a 202 status code should contain some information in the returned entity indicating the current status of the processing, as well as a pointer to a processing status monitor or status prediction so that the user can estimate whether the operation has been completed. |
| 203 | The server has successfully processed the request, but the returned entity header metainformation is not a definite set valid on the original server, but a copy from a local or third party. The current information may be a subset or a superset of the original version. For example, containing metadata for a resource may cause the origin server to know the super information about the metadata. Using this status code is not required and is only appropriate if the response would have returned 200 OK without this status code. |
| 204 | The server successfully processed the request but does not need to return any entity content and wants to return updated meta information. The response may return new or updated metainformation in the form of entity headers. These headers, if present, should correspond to the requested variables. If the client is a browser, the user's browser SHOULD retain the page for which the request was made without any changes to the document view, even if new or updated metainformation should be applied to the user's browser activity according to the specification Documents in view. Since a 204 response is prohibited from containing any message body, it always ends with the first empty line after the message header. |
| 205 | The server successfully processed the request and returned nothing. But unlike a 204 response, a response returning this status code requires the requester to reset the document view. This response is mainly used to reset the form immediately after accepting user input so that the user can easily start another input. Like the 204 response, this response is prohibited from containing any message body and ends with the first blank line after the message header. |
| 206 | The server has successfully processed part of the GET request. HTTP download tools like FlashGet or Thunder use this type of response to resume interrupted downloads or break a large document into multiple download segments for simultaneous downloading. The request must include a Range header to indicate the range of content the client expects, and may include an If-Range as a request condition. The response must include the following header fields: Content-Range is used to indicate the range of content returned in this response; if it is a multi-part download with Content-Type multipart/byteranges, each multipart part should contain Content-Range The domain is used to indicate the content scope of this paragraph. If a Content-Length is included in the response, its value must match the actual number of bytes in the content range it returns. Date ETag and/or Content-Location, if the same request should have returned a 200 response. Expires, Cache-Control, and/or Vary, if its value may be different from the value corresponding to other previous responses to the same variable. If this response request uses If-Range strong cache verification, then this response should not contain other entity headers; if this response request uses If-Range weak cache verification, then this response is prohibited from containing other entity headers; this avoids Resolves inconsistencies between cached entity content and updated entity header information. Otherwise, this response should contain all entity header fields that should be returned in a 200 response. If the ETag or Last-Modified headers do not match exactly, the client cache should not combine the content returned by the 206 response with any previously cached content. Any cache that does not support Range and Content-Range headers is prohibited from caching content returned by a 206 response. |
| 207 | The status code extended by WebDAV (RFC 2518) means that the subsequent message body will be an XML message and may contain a series of independent response codes depending on the number of previous subrequests. |
| 300 | The requested resource has a series of optional responses, each with its own specific address and browser driver negotiation information. The user or browser can choose a preferred address for redirection. Unless this is a HEAD request, the response should include an entity with a list of resource attributes and addresses from which the user or browser can choose the most appropriate redirect address. The format of this entity is determined by the format defined by Content-Type. The browser may automatically make the most appropriate choice based on the format of the response and the browser's own capabilities. Of course, the RFC 2616 specification does not specify how such automatic selection should be performed. If the server itself already has a preferred feedback choice, the URI of this feedback should be specified in Location; the browser may use this Location value as the address for automatic redirection. Additionally, this response is cacheable unless otherwise specified. |
| 301 | The requested resource has been permanently moved to a new location, and any future references to this resource should use one of several URIs returned with this response. If possible, clients with link editing capabilities should automatically modify the requested address to the address returned from the server. Unless otherwise specified, this response is also cacheable. The new permanent URI should be returned in the Location field of the response. Unless this is a HEAD request, the response entity should contain a hyperlink to the new URI and a brief description. If this is not a GET or HEAD request, the browser prohibits automatic redirection unless confirmed by the user, because the conditions of the request may change accordingly. Note: For some browsers using the HTTP/1.0 protocol, when the POST request they send gets a 301 response, the subsequent redirect request will become a GET method. |
| 302 | The requested resource now temporarily responds to requests from a different URI. Because such redirects are temporary, the client should continue to send future requests to the original address. This response is cacheable only if specified in Cache-Control or Expires. The new temporary URI should be returned in the Location field of the response. Unless this is a HEAD request, the response entity should contain a hyperlink to the new URI and a brief description. If this is not a GET or HEAD request, the browser prohibits automatic redirection unless confirmed by the user, because the conditions of the request may change accordingly. Note: Although the RFC 1945 and RFC 2068 specifications do not allow the client to change the request method when redirecting, many existing browsers regard the 302 response as a 303 response, and use the GET method to access the URI specified in the Location, regardless of The method of the original request. Status codes 303 and 307 were added to clarify what response the server expects from the client. |
| 303 | The response to the current request can be found at another URI, and the client should use GET to access that resource. This method exists primarily to allow script-activated POST request output to be redirected to a new resource. This new URI is not a replacement reference to the original resource. At the same time, 303 responses are prohibited from being cached. Of course, the second request (redirect) might be cached. The new URI should be returned in the Location field of the response. Unless this is a HEAD request, the response entity should contain a hyperlink to the new URI and a brief description. Note: Many pre-HTTP/1.1 browsers do not correctly understand the 303 status. If you need to consider interaction with these browsers, the 302 status code should be sufficient, because most browsers handle 302 responses exactly the way the above specification requires clients to handle 303 responses. |
| 304 | If the client sends a conditional GET request and the request is allowed, but the content of the document has not changed (since the last access or according to the conditions of the request), the server should return this status code. A 304 response is prohibited from including a message body, so it always ends with the first blank line after the message header. The response MUST contain the following header information: Date, unless the server does not have a clock. If servers without clocks also comply with these rules, then proxy servers and clients can add the Date field to the received response headers themselves (as specified in RFC 2068), and the caching mechanism will work normally. ETag and/or Content-Location, if the same request should have returned a 200 response. Expires, Cache-Control, and/or Vary, if its value may be different from the value corresponding to other previous responses to the same variable. If this response request uses strong cache verification, then this response should not contain other entity headers; otherwise (for example, a conditional GET request uses weak cache verification), this response is prohibited from containing other entity headers; this avoids Resolves inconsistencies between cached entity content and updated entity header information. If a 304 response indicates that an entity is not currently cached, the caching system must ignore the response and repeat the request without the restriction. If a 304 response is received that requires an update to a cache entry, the cache system must update the entire entry to reflect the values of all fields that were updated in the response. |
| 305 | The requested resource must be accessed through the specified proxy. The URI information of the specified proxy will be given in the Location field. The recipient needs to repeatedly send a separate request to access the corresponding resources through this proxy. Only the origin server can establish a 305 response. NOTE: RFC 2068 does not specify that a 305 response is intended to redirect a single request and can only be established by the origin server. Ignoring these restrictions can lead to serious safety consequences. |
| 306 | In the latest version of the specification, the 306 status code is no longer used. |
| 307 | The requested resource now temporarily responds to requests from a different URI. Because such redirects are temporary, the client should continue to send future requests to the original address. This response is cacheable only if specified in Cache-Control or Expires. The new temporary URI should be returned in the Location field of the response. Unless this is a HEAD request, the response entity should contain a hyperlink to the new URI and a brief description. Because some browsers cannot recognize the 307 response, the above necessary information needs to be added so that users can understand and make access requests to the new URI. If this is not a GET or HEAD request, the browser prohibits automatic redirection unless confirmed by the user, because the conditions of the request may change accordingly. |
| 400 | 1. The semantics are incorrect and the current request cannot be understood by the server. The client should not resubmit this request unless modified. 2. The request parameters are incorrect. |
| 401 | The current request requires user authentication. The response MUST include a WWW-Authenticate header appropriate to the requested resource that asks for user information. The client can repeatedly submit a request containing the appropriate Authorization header information. If the current request already contains Authorization certificates, the 401 response indicates that the server verification has rejected those certificates. If the 401 response contains the same authentication query as the previous response, and the browser has attempted authentication at least once, the browser should display the entity information contained in the response to the user, because this entity information may contain relevant diagnostic information . See RFC 2617. |
| 402 | This status code is reserved for possible future needs. |
| 403 | The server has understood the request, but refused to execute it. Unlike a 401 response, authentication does not provide any help, and the request should not be resubmitted. If this is not a HEAD request and the server wants to be able to explain why the request cannot be executed, then the reason for the rejection should be described in the entity. Of course, the server can also return a 404 response if it does not want the client to obtain any information. |
| 404 | The request failed. The requested resource was not found on the server. There is no information to tell the user whether the condition is temporary or permanent. If the server knows the situation, it should use the 410 status code to inform that the old resource is permanently unavailable due to some internal configuration mechanism problems, and there is no jump address. The 404 status code is widely used when the server does not want to reveal why the request was rejected or no other suitable response is available. |
| 405 | The request method specified in the request line cannot be used to request the corresponding resource. The response must return an Allow header information to indicate the list of request methods that the current resource can accept. Since the PUT and DELETE methods will write resources on the server, most web servers do not support or do not allow the above request methods under the default configuration, and a 405 error will be returned for such requests. |
| 406 | The content characteristics of the requested resource do not satisfy the conditions in the request header, so the response entity cannot be generated. Unless this is a HEAD request, the response should return an entity containing a list of entity attributes and addresses from which the user or browser can choose the most appropriate. The format of the entity is determined by the media type defined in the Content-Type header. The browser can make its own best choice based on the format and its capabilities. However, the specification does not define any criteria for making such automatic selections. |
| 407 | Similar to a 401 response, except the client must authenticate with the proxy server. The proxy server must return a Proxy-Authenticate for identity query. The client can return a Proxy-Authorization header for verification. See RFC 2617. |
| 408 | Request timed out. The client did not complete sending a request within the time the server was prepared to wait. The client can resubmit this request at any time without making any changes. |
| 409 | The request cannot be completed due to a conflict with the current state of the requested resource. This code should only be used if the user is believed to be able to resolve the conflict and resubmit a new request. The response should contain enough information for the user to discover the source of the conflict. Conflicts usually occur in the processing of PUT requests. For example, in an environment using version checking, if the version information attached to a modification request for a specific resource submitted by a PUT conflicts with a previous (third-party) request, then the server should return a 409 error at this time. Inform the user that the request cannot be completed. At this time, the response entity is likely to contain a difference comparison between the two conflicting versions, so that the user can resubmit the new version after merging. |
| 410 | The requested resource is no longer available on the server and does not have any known forwarding address. Such a situation should be considered permanent. If possible, clients with link editing capabilities should remove all references to this address with the user's permission. If the server does not know or cannot determine whether the condition is permanent, then the 404 status code should be used. Unless otherwise noted, this response is cacheable. The purpose of the 410 response is mainly to help website administrators maintain the website, notify users that the resource is no longer available, and the server owner hopes that all remote connections pointing to this resource will also be deleted. This type of incident is common among limited-time, value-added services. Similarly, the 410 response is also used to notify the client that resources originally belonging to an individual are no longer available on the current server site. Of course, it's entirely up to the server owner whether all permanently unavailable resources need to be marked '410 Gone', and how long they need to keep this mark. |
| 411 | The server refuses to accept the request without the Content-Length header defined. After adding a valid Content-Length header indicating the length of the request message body, the client can submit the request again. |
| 412 | The server failed to meet one or more of the prerequisites given in the request's header fields when validating them. This status code allows the client to set preconditions in the request metainformation (request header field data) when retrieving the resource, thereby preventing the request method from being applied to the resource other than what it expects. |
| 413 | The server is refusing to process the current request because the request submitted entity data that is larger than the server is willing or able to handle. In this case, the server can close the connection to prevent the client from continuing to send this request. If the situation is temporary, the server should return a Retry-After response header to inform the client how long it can try again. |
| 414 | The requested URI is longer than the server can interpret, so the server refuses to service the request. This is relatively rare. Common situations include: form submission that should use the POST method becomes the GET method, resulting in the query string (Query String) being too long. Redirect URI "black hole", for example, each redirection uses the old URI as part of the new URI, causing the URI to be too long after several redirections. The client is trying to attack the server by exploiting a security vulnerability that exists in some servers. This type of server uses a fixed-length buffer to read or operate the requested URI. When the parameters after GET exceed a certain value, a buffer overflow may occur, causing arbitrary code to be executed [1]. Servers without such vulnerabilities should return a 414 status code. |
| 415 | For the currently requested method and requested resource, the entity submitted in the request is not in a format supported by the server, so the request is rejected. |
| 416 | If the request contains the Range request header, and any data range specified in the Range does not coincide with the available range of the current resource, and the If-Range request header is not defined in the request, the server should return a 416 status code. If Range uses a byte range, then this situation means that the first byte position of all data ranges specified in the request exceeds the length of the current resource. The server should also include a Content-Range entity header to indicate the length of the current resource while returning the 416 status code. This response is also prohibited from using multipart/byteranges as its Content-Type. |
| 417 | The expected content specified in the request header Expect cannot be satisfied by the server, or the server is a proxy server and it has clear evidence that the content of Expect cannot be satisfied on the next node in the current route. |
| 421 | The number of connections to the server from the current client's IP address exceeds the maximum allowed range of the server. Usually, the IP address here refers to the client address seen from the server (such as the user's gateway or proxy server address). In this case, the connection count may involve more than one end user. |
| 422 | The number of connections to the server from the current client's IP address exceeds the maximum allowed range of the server. Usually, the IP address here refers to the client address seen from the server (such as the user's gateway or proxy server address). In this case, the connection count may involve more than one end user. |
| 422 | The request is well-formatted, but cannot be responded to due to semantic errors. (RFC 4918 WebDAV) 423 LockedThe current resource is locked. (RFC 4918 WebDAV) |
| 424 | The current request failed due to an error in a previous request, such as PROPPATCH. (RFC 4918 WebDAV) |
| 425 | Defined in the WebDav Advanced Collections draft, but does not appear in the "WebDAV Sequence Collection Protocol" (RFC 3658). |
| 426 | Clients should switch to TLS/1.0. (RFC 2817) |
| 449 | Extended by Microsoft, indicates that requests should be retried after performing appropriate actions. |
| 500 | The server encountered an unexpected condition that prevented it from completing processing of the request. Generally speaking, this problem will occur when there is an error in the server's program code. |
| 501 | The server does not support a feature required by the current request. When the server does not recognize the requested method and cannot support its request for any resource. |
| 502 | A server working as a gateway or proxy received an invalid response from an upstream server while trying to perform a request. |
| 503 | Due to temporary server maintenance or overload, the server is currently unable to process requests. This condition is temporary and will be restored after a period of time. If the delay time can be expected, the response can include a Retry-After header to indicate the delay time. If this Retry-After message is not given, the client SHOULD handle it the same way it handles a 500 response. Note: The presence of the 503 status code does not mean that the server must use it when it is overloaded. Some servers simply wish to deny connections from clients. |
| 504 | When a server working as a gateway or proxy attempts to execute a request, it fails to receive a timely response from the upstream server (the server identified by the URI, such as HTTP, FTP, LDAP) or the auxiliary server (such as DNS). Note: Some proxy servers will return a 400 or 500 error when the DNS query times out. |
| 505 | The server does not support, or refuses to support, the HTTP version used in the request. This implies that the server is unable or unwilling to use the same version as the client. The response should contain an entity describing why the version is not supported and what protocols the server supports. |
| 506 | Extended by the Transparent Content Negotiation Protocol (RFC 2295), indicates that the server has an internal configuration error: the requested negotiation argument resource is configured to use itself in transparent content negotiation and is therefore not an appropriate focus in a negotiation process. |
| 507 | The server cannot store the content necessary to complete the request. This condition is considered temporary. WebDAV (RFC 4918) |
| 509 | The server has reached its bandwidth limit. This is not an official status code, but is still widely used. |
| 510 | The strategies required to obtain resources are not yet satisfied. (RFC 2774) |