HTTP Status Code
HTTP status codes are the short responses a web server sends back to tell your browser what happened. 200 means “everything is fine, here is your page.” 404 means “I cannot find what you asked for.” 500 means “something broke on my end.” They are grouped by their first digit: 2xx is success, 3xx is “go look somewhere else,” 4xx is “you made a mistake,” and 5xx is “I made a mistake.”
HTTP status codes are three-digit integers in the response line of an HTTP response, defined in RFC 9110. They indicate the result of the server’s attempt to process the request.
Status code classes:
| Class | Range | Meaning |
|---|---|---|
| 1xx | 100-199 | Informational (request received, continuing) |
| 2xx | 200-299 | Success (request accepted and processed) |
| 3xx | 300-399 | Redirection (further action needed) |
| 4xx | 400-499 | Client error (bad request from the caller) |
| 5xx | 500-599 | Server error (server failed to fulfill a valid request) |
Essential status codes:
| Code | Name | Meaning |
|---|---|---|
| 200 | OK | Request succeeded |
| 201 | Created | Resource created (POST success) |
| 204 | No Content | Success, no body (DELETE success) |
| 301 | Moved Permanently | Resource permanently at new URL (SEO redirect) |
| 302 | Found | Temporary redirect |
| 304 | Not Modified | Cached version is still valid (ETag/If-Modified-Since) |
| 400 | Bad Request | Malformed request (missing field, bad JSON) |
| 401 | Unauthorized | Authentication required or invalid |
| 403 | Forbidden | Authenticated but not authorized for this resource |
| 404 | Not Found | Resource does not exist |
| 405 | Method Not Allowed | HTTP method not supported (POST to a GET-only endpoint) |
| 409 | Conflict | Request conflicts with current state (duplicate resource) |
| 429 | Too Many Requests | Rate limit exceeded |
| 500 | Internal Server Error | Unhandled server exception |
| 502 | Bad Gateway | Reverse proxy received invalid response from upstream |
| 503 | Service Unavailable | Server overloaded or in maintenance |
| 504 | Gateway Timeout | Reverse proxy timed out waiting for upstream |
Status codes in practice
# Check status code of a URL
$ curl -sI https://bytesnation.com/ | head -1
HTTP/2 200
# Follow redirects and show each hop
$ curl -sIL https://bytesnation.com/blog | grep -E "HTTP|Location"
HTTP/2 301
Location: https://bytesnation.com/blog/
HTTP/2 200
# Test a 404
$ curl -sI https://bytesnation.com/nonexistent | head -1
HTTP/2 404
# Monitor for non-200 responses in nginx logs
$ awk '$9 >= 400 {print $9, $7}' /var/log/nginx/access.log | \
sort | uniq -c | sort -rn | head -10
142 404 /favicon.ico
38 403 /admin/
12 500 /api/submit
# Check rate limiting
$ curl -sI https://api.example.com/v1/users | grep -i ratelimit
X-RateLimit-Remaining: 0
Retry-After: 60
# Status: 429 Too Many RequestsStatus codes are the first thing engineers check when debugging web issues. “Is it a 4xx or a 5xx?” immediately narrows the problem to client-side or server-side. 502 Bad Gateway from a reverse proxy (Nginx, Cloudflare) means the backend is down or unresponsive. 429 Too Many Requests means you are hitting rate limits (back off and retry with exponential backoff). Monitoring dashboards track 5xx error rates as a key reliability metric; an SLO of 99.9% uptime means no more than ~8.7 hours of 5xx responses per year. Custom error pages for 404 and 500 improve user experience. In API design, returning the correct status code (201 for creation, 409 for conflicts, 422 for validation errors) makes APIs self-documenting and easier for consumers to handle programmatically.