A Break Down of HTTP Status Codes
A reference guide for the most relevant HTTP status codes and ones most frequently used by developers.
Join the DZone community and get the full member experience.
Join For FreeIntroduction
HTTP which stands for Hypertext Transfer Protocol helps to indicate if a response is successful or not. Status codes are guided by section 10 of RFC 2616. Most of the time, the users do not see the codes returned from the browser, but they are returned every time the browser interacts with the server.
Status codes can help provide a better user experience for the audience using an application, in terms of displaying the right error message and success message.
There are five standard groups Status codes are divided into and they can be identified by the first digit of the code.
These status codes are up to 80 in number, but we will be discussing the ones that are most relevant and used by developers when creating an application.
Informational Response (100–199)
100 (Continue)
At this level, the client should continue with the request. It is an indication that everything is going smooth so far and the request has not yet been rejected by the server.
If the request has however been completed, then the response should be ignored.
101 (Switching Protocol)
At this stage, the HTTP response code indicates that the server is switching protocol as requested by a client. The server then makes an upgrade in the response header to indicate that the protocol has been switched.
103 (Early Hints)
This response status code is mainly used to return some response headers before the server returns an HTTP message.
Successful Response (200–299)
200 (OK)
The HTTP 200 status code indicates that the response has succeeded. That is, the communication between the client and the server has run smoothly without any bug.
The response gotten will depend on the request method used. This is summarized below:
- GET — The resource data has been fetched.
- HEAD — The headers are in the message body but without the resource data.
- POST — The response will contain the result of the data transmitted to the body.
- OPTIONS — A representation of the response option.
- TRACE — The message body contains the request as received by the server.
201 (Created)
This represents the fact that the request has not only succeeded, but a resource has also been created. This status code usually comes with a POST request, since it describes the resource that is being sent to the server.
202 (Accepted)
This means a client has requested to create something on the server, then the request made is accepted, but is not yet completed because it is still undergoing some processing.
The made request may or may not be acted upon, as it may be disallowed during the processing.
203 (Non-Authoritative Information)
This indicates a successful request, but the entity-header has been modified from that of the origin server. It allows the proxy to send a warning to recipients when a change has been applied.
The use of this status code is not required and is only needed when the response would be anything other than 200 (OK).
204 (No Content)
This means the sent request was received, but there’s no additional data to send in the response payload. The PUT method is mostly used for a 204 response and it is cacheable by default.
205 (Reset Content)
Here the request is processed successfully, however, the response tells the user to reset the document view, so the request returns to the original state which it was received from the server.
Redirects (300–399)
300 (Multiple Choice)
This shows a multitude of options or resources a user can choose from and each option or resource can be identified uniquely.
This response code is rarely used as there’s no generally accepted way of choosing a specific response.
301 (Moved Permanently)
Here all future requests made to the resource should be redirected to a specified URL. It can be used to redirect from a page that is no longer in existence.
However, it is recommended to use this request only for GET or HEAD methods as it contains some bugs and not all user-agents align with it. This type of response is cacheable by default.
302 (Found) Previously[Moved Temporarily]
This response is similar to the 301 HTTP status code. The difference here is that the resource requested has been temporarily moved to a specified header.
302 has however been superseded by 303 and 307. Just like in the 301 HTTP response code, it is recommended to use this request only for GET or HEAD methods as not all user-agents align with it.
303 (See Other)
This HTTP status code indicates that the response for this request is being redirected to another URI. This status code applies to any HTTP method.
304 (Not Modified)
Here, there is no need to resend a requested resource since the user-agent already has a cached copy of the last resource. The aim is to minimize data transfer since the user-agent already has a copy of the most recent update.
307 (Temporary Redirect)
In this situation, the response code indicates that the requested resource has been temporarily moved to another URI. It is expected of the client to continue using the original URI to make a request.
Here the request method is guaranteed not to be changed during redirection, unlike the 302 HTTP status code.
308 (Permanent Redirect)
In this case, the requested resource has been assigned a new permanent URI which allows requests to run smoothly. The request method does not change during redirection, unlike the 301 HTTP status code which can be altered.
Client Error Responses (400–499)
400 (Bad Request)
This indicates that the request received cannot be processed by the server due to an error that could be due to the wrong syntax. The server expects some form of modifications to be made when the next request is received, else the same error persists.
401 (Unauthorized)
In this case, authorization is required to gain access to a received response. This HTTP status code is similar to 403 (Forbidden). Here, however, the request is expected to have valid credentials for it to be accepted.
403 (Forbidden)
This HTTP status code means the user-client has a valid data but is refused access by the server. Making repeated attempts will not yield any successful response as the user, as the user is not allowed to any rights to that particular resource.
404 (Not Found)
This means the requested resource cannot be found by the server. This could be a result of a temporary glitch and the resource could be available if another request is made in the future. Mostly, links that lead to 404 are usually called broken links.
405 (Method Not Allowed)
This means that a requested method is not supported for the requested resource, even when it is recognized by the server. The resource may be expecting a GET or POST method, but if it receives a DELETE or PUT method, the request made will be rejected as 405.
410 (Gone)
As the name implies, this HTTP status code indicates that the requested resource is not available anymore. Unlike the 404 status code, the results of this response are permanent. This response is cacheable by default.
418 — (I’m a Teapot)
This is probably everyone’s favorite response code. It was defined in 1998 and is not expected to be defined by any HTTP server. It implies that the server has refused to brew coffee because it is permanently a teapot.
429 (Too Many Requests)
Here the user-client has made too many requests within a given time frame. It is, however, possible, that the request header may indicate a response of how long a client should wait before retrying the request.
It’s mainly used for rate limiting strategies, which is meant for security purposes.
Server Error Responses(500–599)
500 (Internal Server Error)
Here it means a particular request experienced an unexpected condition that made it unable to complete the request. The user is not expected to see this HTTP status code on the web page.
501 ( Not Implemented )
This HTTP status code indicates that the server does not support or have the requirements needed to complete a particular request. It means the server the user-client is trying to access needs to be fixed.
502 ( Bad Gateway )
This indicates that the server while acting as a proxy, received an invalid response from the server while making the request.
503 ( Service Unavailable )
This HTTP status code indicates a temporary state of affairs. It means the request made to the server cannot currently handle the action, this could mean due to maintenance or that the server is overloaded.
504 ( Gateway Timeout )
This status code indicates that the server was acting as a proxy, did not send the request at the expected time frame. The fix to this is expected to come from the server.
Unofficial Codes by Different Platforms
218 — ( This is fine )
This is mainly used in Apache Web Severs.
419 ( Page Expired )
This is used by the Laravel Framework when a CSRF Token is expired or sometimes missing.
420 ( Enhance Your Calm )
This is used by version 1 of the Twitter search trends API. It is similar to what 429 status code does.
430 ( Request Header Fields Too Large )
This s used by Shopify when there are too many URL requests within a certain time frame.
450 ( Blocked by Windows Parental Controls )
This used by Microsoft to indicate when parental control is turned on and blocking access to a requested resource.
526 ( Invalid SSL Certificate )
This is used by Cloudflare and Cloud Foundry’s Gorouter to indicate failure to validate the SSL/TLS certificate.
Deprecated
305 ( Use Proxy )
This HTTP response code should no longer be used due to security reasons, although it will still work.
306 ( unused )
This HTTP status is no longer used, it was used in the previous version of the HTTP/1.1 specification.
Conclusion
Http response code plays a vital role for both the developers and users of an application. It gives a clear understanding and direction on the current status of things on a web page. Also, it helps with search engine optimization and digital marketing.
Published at DZone with permission of deji adesoga. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments