directory search
Guides Access control CORS Authentication Browser detection using the user agent Caching Caching FAQ Compression Conditional requests Connection management in HTTP 1.x Content negotiation Content negotiation: List of default Accept values Cookies CSP Messages Overview Protocol upgrade mechanism Proxy servers and tunneling Proxy servers and tunneling: Proxy Auto-Configuration (PAC) file Public Key Pinning Range requests Redirections Resources and specifications Resources and URIs Response codes Server-Side Access Control Session Guides: Basics Basics of HTTP Choosing between www and non-www URLs Data URIs Evolution of HTTP Identifying resources on the Web MIME Types MIME types: Complete list of MIME types CSP Content-Security-Policy Content-Security-Policy-Report-Only CSP: base-uri CSP: block-all-mixed-content CSP: child-src CSP: connect-src CSP: default-src CSP: font-src CSP: form-action CSP: frame-ancestors CSP: frame-src CSP: img-src CSP: manifest-src CSP: media-src CSP: object-src CSP: plugin-types CSP: referrer CSP: report-uri CSP: require-sri-for CSP: sandbox CSP: script-src CSP: style-src CSP: upgrade-insecure-requests CSP: worker-src Headers Accept Accept-Charset Accept-Encoding Accept-Language Accept-Ranges Access-Control-Allow-Credentials Access-Control-Allow-Headers Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Expose-Headers Access-Control-Max-Age Access-Control-Request-Headers Access-Control-Request-Method Age Allow Authorization Cache-Control Connection Content-Disposition Content-Encoding Content-Language Content-Length Content-Location Content-Range Content-Type Cookie Cookie2 Date DNT ETag Expect Expires Forwarded From Headers Host If-Match If-Modified-Since If-None-Match If-Range If-Unmodified-Since Keep-Alive Large-Allocation Last-Modified Location Origin Pragma Proxy-Authenticate Proxy-Authorization Public-Key-Pins Public-Key-Pins-Report-Only Range Referer Referrer-Policy Retry-After Server Set-Cookie Set-Cookie2 SourceMap Strict-Transport-Security TE Tk Trailer Transfer-Encoding Upgrade-Insecure-Requests User-Agent User-Agent: Firefox Vary Via Warning WWW-Authenticate X-Content-Type-Options X-DNS-Prefetch-Control X-Forwarded-For X-Forwarded-Host X-Forwarded-Proto X-Frame-Options X-XSS-Protection Methods CONNECT DELETE GET HEAD Methods OPTIONS PATCH POST PUT Status 100 Continue 101 Switching Protocols 200 OK 201 Created 202 Accepted 203 Non-Authoritative Information 204 No Content 205 Reset Content 206 Partial Content 300 Multiple Choices 301 Moved Permanently 302 Found 303 See Other 304 Not Modified 307 Temporary Redirect 308 Permanent Redirect 400 Bad Request 401 Unauthorized 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not Acceptable 407 Proxy Authentication Required 408 Request Timeout 409 Conflict 410 Gone 411 Length Required 412 Precondition Failed 413 Payload Too Large 414 URI Too Long 415 Unsupported Media Type 416 Range Not Satisfiable 417 Expectation Failed 426 Upgrade Required 428 Precondition Required 429 Too Many Requests 431 Request Header Fields Too Large 451 Unavailable For Legal Reasons 500 Internal Server Error 501 Not Implemented 502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout 505 HTTP Version Not Supported 511 Network Authentication Required Status
characters

HTTP 响应状态代码指示特定的 HTTP 请求是否已成功完成。响应分为五类:信息响应,成功响应,重定向,客户端错误和服务器错误。状态码由 RFC 2616 的第10部分定义。

信息回应

100 Continue这个临时响应表明,到目前为止,所有事情都可以确定,并且客户端应该继续请求或者在请求已经完成时忽略它。101 Switching Protocol此代码是为了响应Upgrade客户端的请求标头而发送的,并指示服务器也正在切换的协议。102 Processing(WebDAV)此代码表示服务器已接收并正在处理该请求,但尚未提供任何响应。

成功的回应

200 OK该请求已成功。成功的意义取决于 HTTP 方法:

GET:资源已被提取并在消息体中传输。

HEAD:实体头部位于消息体中。

POST:描述操作结果的资源在消息主体中传输。

TRACE:消息正文包含服务器接收到的请求消息201 Created请求已成功并且由于此请求已创建新资源。这通常是在PUT请求后发送的响应。202 Accepted该请求已收到,但尚未执行。它是非承诺的,这意味着HTTP中没有办法稍后发送指示处理请求结果的异步响应。它适用于其他进程或服务器处理请求或批处理的情况。203 Non-Authoritative Information此响应代码意味着返回的元信息集不是从原始服务器准确设置的,而是从本地或第三方副本收集的。除了这种情况外,应该优先选择200 OK响应而不是此响应。204 No Content没有要发送此请求的内容,但标题可能很有用。用户代理可以用新的更新它的这个资源的缓存标题。205 Reset Content此响应代码在完成请求以告知发送此请求的用户代理重置文档视图后发送。206 Partial Content使用此响应代码是因为客户端发送的范围标题将分隔下载到多个流中。207 Multi-Status(WebDAV)在多个状态代码可能适用的情况下,多状态响应传达有关多个资源的信息。208 Multi-Status(WebDAV)在DAV:propstat响应元素中使用,以避免重复枚举多个绑定的内部成员到同一个集合。226 IM Used(HTTP Delta编码)服务器已经完成了对资源的GET请求,并且响应是应用于当前实例的一个或多个实例操作结果的表示。

重定向消息

300 Multiple ChoiceThe request has more than one possible responses. User-agent or user should choose one of them. There is no standardized way to choose one of the responses.301 Moved PermanentlyThis response code means that URI of requested resource has been changed. Probably, new URI would be given in the response.302 FoundThis response code means that URI of requested resource has been changed temporarily. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.303 See OtherServer sent this response to directing client to get requested resource to another URI with an GET request.304 Not ModifiedThis is used for caching purposes. It is telling to client that response has not been modified. So, client can continue to use same cached version of response.305 Use ProxyWas defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.306 unusedThis response code is no longer used, it is just reserved currently. It was used in a previous version of the HTTP 1.1 specification.307 Temporary RedirectServer sent this response to directing client to get requested resource to another URI with same method that used prior request. This has the same semantic than the 302 Found HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.308 Permanent RedirectThis means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.

Client error responses

400 Bad RequestThis response means that server could not understand the request due to invalid syntax.401 UnauthorizedAlthough the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response.402 Payment RequiredThis response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems however this is not used currently.403 ForbiddenThe client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client's identity is known to the server.404 Not FoundThe server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web.405 Method Not AllowedThe request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code.406 Not AcceptableThis response is sent when the web server, after performing server-driven content negotiation, doesn't find any content following the criteria given by the user agent.407 Proxy Authentication RequiredThis is similar to 401 but authentication is needed to be done by a proxy.408 Request TimeoutThis response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.409 ConflictThis response is sent when a request conflicts with the current state of the server.410 GoneThis response would be sent when the requested content has been permenantly deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for "limited-time, promotional services". APIs should not feel compelled to indicate resources that have been deleted with this status code.411 Length RequiredServer rejected the request because the Content-Length header field is not defined and the server requires it.412 Precondition FailedThe client has indicated preconditions in its headers which the server does not meet.413 Payload Too LargeRequest entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field.414 URI Too LongThe URI requested by the client is longer than the server is willing to interpret.415 Unsupported Media TypeThe media format of the requested data is not supported by the server, so the server is rejecting the request.416 Requested Range Not SatisfiableThe range specified by the Range header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.417 Expectation FailedThis response code means the expectation indicated by the Expect request header field can't be met by the server.418 I'm a teapotThe server refuses the attempt to brew coffee with a teapot.421 Misdirected RequestThe request was directed at a server that is not able to produce a response. This can be sent by a server that is not configured to produce responses for the combination of scheme and authority that are included in the request URI.422 Unprocessable Entity (WebDAV)The request was well-formed but was unable to be followed due to semantic errors.423 Locked (WebDAV)The resource that is being accessed is locked.424 Failed Dependency (WebDAV)The request failed due to failure of a previous request.426 Upgrade RequiredThe server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol. The server sends an Upgrade header in a 426 response to indicate the required protocol(s).428 Precondition RequiredThe origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.429 Too Many RequestsThe user has sent too many requests in a given amount of time ("rate limiting").431 Request Header Fields Too LargeThe server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.451 Unavailable For Legal ReasonsThe user requests an illegal resource, such as a web page censored by a government.

Server error responses

500 Internal Server ErrorThe server has encountered a situation it doesn't know how to handle.501 Not ImplementedThe request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD.502 Bad GatewayThis error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.503 Service UnavailableThe server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the Retry-After: HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.504 Gateway TimeoutThis error response is given when the server is acting as a gateway and cannot get a response in time.505 HTTP Version Not SupportedThe HTTP version used in the request is not supported by the server.506 Variant Also NegotiatesThe server has an internal configuration error: transparent content negotiation for the request results in a circular reference.507 Insufficient StorageThe server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.508 Loop Detected (WebDAV)The server detected an infinite loop while processing the request.510 Not ExtendedFurther extensions to the request are required for the server to fulfill it.511 Network Authentication RequiredThe 511 status code indicates that the client needs to authenticate to gain network access.

See also

  • List of HTTP status codes on Wikipedia

  • IANA official registry of HTTP status codes

Edit this page on MDN

 © 2005–2017 Mozilla Developer Network and individual contributors.

Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

Previous article: Next article: