HTTP Status Codes
This web page is created from HTTP fame code facts found at ietf.Org and Wikipedia. Click at the class heading or the popularity code link to study extra.
This elegance of popularity code shows a provisional reaction, consisting only of the Status-Line and elective headers, and is terminated through an empty line. There are no required headers for this magnificence of fame code. Since HTTP/1.0 did not outline any 1xx status codes, servers MUST NOT ship a 1xx reaction to an HTTP/1.Zero client except below experimental situations.
A patron MUST be organized to just accept one or greater 1xx repute responses previous to a regular reaction, even though the consumer does now not assume a 100 (Continue) status message. Unexpected 1xx popularity responses MAY be disregarded by means of a user agent.
Proxies MUST forward 1xx responses, unless the connection between the proxy and its purchaser has been closed, or except the proxy itself asked the technology of the 1xx response. (For instance, if a proxy adds a “Expect: one hundred-continue” area while it forwards a request, then it want now not ahead the corresponding 100 (Continue) response(s).)
Request acquired, continuing technique.
This magnificence of reputation code shows a provisional reaction, consisting handiest of the Status-Line and non-obligatory headers, and is terminated by an empty line. Since HTTP/1.Zero did no longer define any 1xx popularity codes, servers ought to not send a 1xx response to an HTTP/1.0 patron besides below experimental situations.
The customer SHOULD preserve with its request. This intervening time reaction is used to inform the client that the preliminary a part of the request has been obtained and has now not but been rejected by using the server. The purchaser SHOULD continue by means of sending the the rest of the request or, if the request has already been completed, forget about this reaction. The server MUST ship a final response after the request has been completed. See section eight.2.3 for special discussion of the use and dealing with of this repute code.
This approach that the server has received the request headers, and that the consumer should proceed to ship the request frame (within the case of a request for which a body wishes to be despatched; for example, a POST request). If the request body is big, sending it to a server whilst a request has already been rejected based upon inappropriate headers is inefficient. To have a server test if the request might be popular based totally at the request’s headers on my own, a consumer should ship Expect: 100-retain as a header in its initial request and test if a one hundred Continue fame code is received in reaction earlier than persevering with (or acquire 417 Expectation Failed and no longer maintain).
One hundred and one Switching Protocols
The server is familiar with and is inclined to conform with the patron’s request, thru the Upgrade message header area (segment 14.Forty two), for a change in the utility protocol being used in this connection. The server will switch protocols to the ones defined with the aid of the reaction’s Upgrade header discipline without delay after the empty line which terminates the one hundred and one reaction.
The protocol SHOULD be switched handiest whilst it is nice to achieve this. For example, switching to a more moderen model of HTTP is superb over older variations, and switching to a real-time, synchronous protocol is probably positive whilst handing over sources that use such functions.
This means the requester has requested the server to replace protocols and the server is acknowledging that it will do so.
102 Processing (WebDAV)
The 102 (Processing) reputation code is an period in-between reaction used to inform the patron that the server has popular the whole request, but has not yet completed it. This fame code SHOULD handiest be sent when the server has an inexpensive expectation that the request will take enormous time to finish. As steerage, if a technique is taking longer than 20 seconds (an inexpensive, however arbitrary value) to procedure the server SHOULD return a 102 (Processing) response. The server MUST ship a very last reaction after the request has been completed.
Methods can probably take an extended time period to system, particularly methods that guide the Depth header. In such instances the purchaser can also time-out the relationship whilst watching for a response. To prevent this the server may additionally go back a 102 (Processing) popularity code to signify to the customer that the server remains processing the method.
As a WebDAV request may additionally contain many sub-requests involving document operations, it can take a long term to complete the request. This code indicates that the server has received and is processing the request, but no response is available yet. This prevents the patron from timing out and assuming the request turned into misplaced.
This class of popularity code suggests that the purchaser’s request was successfully acquired, understood, and customary.
This elegance of fame codes indicates the action requested by using the purchaser became received, understood, normal and processed efficiently.
The request has succeeded. The data back with the response is dependent on the method used in the request, for example:
GET an entity corresponding to the requested useful resource is sent in the reaction;
HEAD the entity-header fields similar to the requested useful resource are sent in the response without any message-body;
POST an entity describing or containing the end result of the movement;
TRACE an entity containing the request message as acquired with the aid of the quit server.
Standard response for a success HTTP requests. The actual reaction will depend upon the request technique used. In a GET request, the reaction will contain an entity similar to the asked resource. In a POST request the response will contain an entity describing or containing the end result of the action.
General popularity code. Most not unusual code used to indicate fulfillment.
The request has been fulfilled and resulted in a brand new useful resource being created. The newly created resource may be referenced through the URI(s) lower back in the entity of the reaction, with the most unique URI for the resource given by means of a Location header discipline. The reaction SHOULD encompass an entity containing a list of resource characteristics and location(s) from which the consumer or user agent can pick the only maximum suitable. The entity format is special by means of the media kind given inside the Content-Type header field. The origin server MUST create the aid before returning the 201 fame code. If the action can’t be finished immediately, the server SHOULD reply with 202 (Accepted) response as a substitute.
A 201 reaction MAY include an ETag response header field indicating the cutting-edge fee of the entity tag for the asked variation simply created, see phase 14.19.
The request has been fulfilled and ended in a brand new useful resource being created.
Successful creation passed off (through both POST or PUT). Set the Location header to comprise a link to the newly-created resource (on POST). Response frame content material may or may not be present.
The request has been accepted for processing, but the processing has no longer been finished. The request may or might not sooner or later be acted upon, as it might be disallowed whilst processing definitely takes vicinity. There is not any facility for re-sending a standing code from an asynchronous operation together with this.
The 202 response is intentionally non-committal. Its reason is to permit a server to accept a request for some different manner (perhaps a batch-orientated method this is most effective run as soon as consistent with day) with out requiring that the user agent’s connection to the server persist till the procedure is completed. The entity again with this response SHOULD consist of an illustration of the request’s present day repute and either a pointer to a standing reveal or some estimate of while the user can anticipate the request to be fulfilled.
The request has been typical for processing, however the processing has not been finished. The request might or won’t finally be acted upon, as it might be disallowed when processing honestly takes area.
203 Non-Authoritative Information
The lower back metainformation in the entity-header isn’t always the definitive set as to be had from the beginning server, however is gathered from a nearby or a third-celebration reproduction. The set presented MAY be a subset or superset of the authentic model. For instance, along with neighborhood annotation statistics approximately the resource might result in a superset of the metainformation known with the aid of the starting place server. Use of this response code isn’t always required and is only suitable when the response could in any other case be two hundred (OK).
The server efficaciously processed the request, however is returning statistics that can be from any other supply.
Not present in HTTP/1.0: available due to the fact that HTTP/1.1
204 No Content
The server has fulfilled the request but does now not need to return an entity-body, and may need to go back updated metainformation. The reaction MAY consist of new or updated metainformation inside the form of entity-headers, which if gift SHOULD be associated with the asked variant.
If the consumer is a consumer agent, it SHOULD NOT exchange its document view from that which precipitated the request to be despatched. This reaction is primarily supposed to allow input for actions to take area without inflicting a trade to the user agent’s lively file view, even though any new or up to date metainformation SHOULD be implemented to the document currently within the user agent’s energetic view.
The 204 response MUST NOT include a message-frame, and for that reason is always terminated by means of the first empty line after the header fields.
The server efficiently processed the request, but isn’t returning any content material.
Status whilst wrapped responses (e.G. JSEND) are not used and not anything is within the body (e.G. DELETE).
205 Reset Content
The server has fulfilled the request and the consumer agent SHOULD reset the file view which caused the request to be despatched. This response is basically supposed to permit input for moves to take location through user enter, observed with the aid of a clearing of the shape wherein the input is given so that the user can effortlessly provoke some other input action. The response MUST NOT consist of an entity.
The server effectively processed the request, however is not returning any content material. Unlike a 204 reaction, this response calls for that the requester reset the document view.
206 Partial Content
The server has fulfilled the partial GET request for the aid. The request MUST have covered a Range header area (section 14.35) indicating the preferred variety, and MAY have included an If-Range header area (section 14.27) to make the request conditional.
The response MUST consist of the following header fields:
Either a Content-Range header area (segment 14.Sixteen) indicating the variety blanketed with this response, or a multipart/byteranges Content-Type inclusive of Content-Range fields for every component. If a Content-Length header discipline is gift in the response, its price MUST match the actual range of OCTETs transmitted in the message-frame.
ETag and/or Content-Location, if the header might have been despatched in a 200 reaction to the equal request
Expires, Cache-Control, and/or Vary, if the sector-value might vary from that despatched in any preceding response for the equal version
If the 206 response is the end result of an If-Range request that used a sturdy cache validator (see section thirteen.3.Three), the reaction SHOULD NOT consist of other entity-headers. If the reaction is the result of an If-Range request that used a vulnerable validator, the response MUST NOT consist of different entity-headers; this prevents inconsistencies among cached entity-our bodies and updated headers. Otherwise, the response MUST consist of all of the entity-headers that would had been returned with a 2 hundred (OK) response to the same request.
A cache MUST NOT integrate a 206 response with different previously cached content if the ETag or Last-Modified headers do not suit exactly, see thirteen.5.4.
A cache that doesn’t guide the Range and Content-Range headers MUST NOT cache 206 (Partial) responses.
The server is turning in simplest a part of the resource because of a range header sent by using the patron. The variety header is used by tools like wget to permit resuming of interrupted downloads, or break up a download into a couple of simultaneous streams.
207 Multi-Status (WebDAV)
The 207 (Multi-Status) status code gives reputation for more than one impartial operations (see segment 11 for greater statistics).
The message frame that follows is an XML message and may include a number of separate reaction codes, depending on what number of sub-requests were made.
208 Already Reported (WebDAV)
The 208 (Already Reported) status code may be used internal a DAV: propstat reaction detail to avoid enumerating the inner individuals of multiple bindings to the same series again and again. For every binding to a group inside the request’s scope, best one might be suggested with a 200 repute, at the same time as subsequent DAV:response elements for all other bindings will use the 208 reputation, and no DAV:reaction factors for their descendants are included.
The members of a DAV binding have already been enumerated in a preceding respond to this request, and are not being covered once more.
226 IM Used
The server has fulfilled a GET request for the aid, and the reaction is a illustration of the end result of one or extra example-manipulations applied to the contemporary example. The real modern example might not be available except by combining this response with other preceding or future responses, as suitable for the specific example-manipulation(s). If so, the headers of the ensuing instance are the result of combining the headers from the repute-226 reaction and the other times, following the regulations in phase 13.5.Three of the HTTP/1.1 specification.
The request MUST have protected an A-IM header discipline list at the least one example-manipulation. The reaction MUST consist of an Etag header field giving the entity tag of the contemporary example.
A response obtained with a status code of 226 MAY be saved by way of a cache and utilized in reply to a next request, subject to the HTTP expiration mechanism and any Cache-Control headers, and to the necessities in phase 10.6.
A response acquired with a standing code of 226 MAY be used by a cache, together with a cache access for the base example, to create a cache access for the modern-day instance.
The server has fulfilled a GET request for the useful resource, and the response is a illustration of the end result of 1 or extra example-manipulations implemented to the cutting-edge instance.
This elegance of status code suggests that similarly movement desires to be taken by the user agent for you to fulfill the request. The movement required MAY be done by using the user agent with out interplay with the user if and simplest if the approach used within the 2d request is GET or HEAD. A customer SHOULD come across countless redirection loops, considering the fact that such loops generate network site visitors for each redirection.
Note: previous versions of this specification advocated a maximum of 5 redirections. Content developers need to be aware that there might be clients that enforce such a set dilemma.
The patron should take additional action to complete the request.
This magnificence of repute code suggests that in addition motion needs to be taken via the person agent so that you can fulfil the request. The action required may be performed via the consumer agent without interaction with the person if and only if the technique used in the 2nd request is GET or HEAD. A user agent have to now not robotically redirect a request extra than 5 instances, when you consider that such redirections commonly suggest an countless loop.
300 Multiple Choices
The asked aid corresponds to anyone of a fixed of representations, every with its very own specific location, and agent- pushed negotiation information (section 12) is being supplied so that the person (or user agent) can pick out a preferred representation and redirect its request to that place.
Unless it became a HEAD request, the response SHOULD encompass an entity containing a list of resource traits and area(s) from which the person or person agent can pick the only most appropriate. The entity format is exact by using the media type given in the Content- Type header field. Depending upon the format and the abilities of the user agent, selection of the most suitable preference MAY be done mechanically. However, this specification does now not outline any wellknown for such automated choice.
If the server has a preferred desire of representation, it SHOULD encompass the unique URI for that illustration inside the Location area; user sellers MAY use the Location field fee for computerized redirection. This reaction is cacheable unless indicated otherwise.
Indicates more than one options for the resource that the purchaser may additionally follow. It, as an example, will be used to give exclusive layout options for video, list files with one of a kind extensions, or phrase sense disambiguation.
301 Moved Permanently
The requested aid has been assigned a new everlasting URI and any destiny references to this aid SHOULD use one of the returned URIs. Clients with hyperlink enhancing abilties need to robotically re-hyperlink references to the Request-URI to at least one or more of the brand new references returned by the server, wherein viable. This response is cacheable except indicated in any other case.
The new everlasting URI SHOULD take delivery of via the Location area within the response. Unless the request approach turned into HEAD, the entity of the reaction SHOULD comprise a short hypertext be aware with a hyperlink to the brand new URI(s).
If the 301 fame code is acquired in response to a request apart from GET or HEAD, the person agent MUST NOT routinely redirect the request except it can be confirmed by way of the person, considering the fact that this could trade the situations beneath which the request became issued.
Note: When robotically redirecting a POST request after receiving a 301 popularity code, a few existing HTTP/1.Zero user dealers will erroneously exchange it right into a GET request.
This and all future requests need to be directed to the given URI.
The requested aid is living temporarily under a unique URI. Since the redirection is probably altered sometimes, the consumer SHOULD maintain to use the Request-URI for future requests. This response is only cacheable if indicated by way of a Cache-Control or Expires header field.
The brief URI SHOULD be given by way of the Location area within the response. Unless the request approach was HEAD, the entity of the response SHOULD contain a quick hypertext word with a hyperlink to the brand new URI(s).
If the 302 reputation code is received in reaction to a request aside from GET or HEAD, the consumer agent MUST NOT automatically redirect the request until it is able to be confirmed via the user, in view that this might change the situations under which the request become issued.
Note: RFC 1945 and RFC 2068 specify that the consumer isn’t allowed to exchange the technique on the redirected request. However, most current consumer agent implementations treat 302 as if it have been a 303 reaction, appearing a GET on the Location field-fee irrespective of the unique request technique. The reputation codes 303 and 307 were delivered for servers that want to make unambiguously clean which kind of response is expected of the purchaser.
This is an example of industry practice contradicting the same old. The HTTP/1.0 specification (RFC 1945) required the client to perform a brief redirect (the original describing phrase become “Moved Temporarily”), but famous browsers applied 302 with the functionality of a 303 See Other. Therefore, HTTP/1.1 introduced repute codes 303 and 307 to differentiate among the two behaviours. However, a few Web programs and frameworks use the 302 repute code as if it were the 303.
303 See Other
The response to the request can be discovered underneath a special URI and SHOULD be retrieved the usage of a GET approach on that aid. This technique exists often to allow the output of a POST-activated script to redirect the consumer agent to a particular aid. The new URI isn’t a substitute reference for the initially requested aid. The 303 reaction MUST NOT be cached, but the response to the second one (redirected) request is probably cacheable.
The one-of-a-kind URI SHOULD take delivery of by the Location area inside the reaction. Unless the request method was HEAD, the entity of the reaction SHOULD incorporate a short hypertext note with a hyperlink to the new URI(s).
Note: Many pre-HTTP/1.1 consumer retailers do no longer understand the 303 reputation. When interoperability with such clients is a difficulty, the 302 status code may be used instead, on the grounds that most user retailers react to a 302 reaction as defined right here for 303.
The reaction to the request may be observed underneath every other URI using a GET technique. When acquired in response to a POST (or PUT/DELETE), it have to be assumed that the server has acquired the facts and the redirect must be issued with a separate GET message.
304 Not Modified
If the purchaser has completed a conditional GET request and access is permitted, however the report has now not been modified, the server SHOULD respond with this popularity code. The 304 response MUST NOT include a message-body, and as a consequence is always terminated via the first empty line after the header fields.
The response MUST include the subsequent header fields:
Date, until its omission is needed by way of section 14.18.1
If a clockless beginning server obeys these regulations, and proxies and clients upload their personal Date to any reaction obtained with out one (as already designated by way of [RFC 2068], phase 14.19), caches will perform successfully.
ETag and/or Content-Location, if the header would have been despatched in a 2 hundred response to the identical request
Expires, Cache-Control, and/or Vary, if the sector-price might fluctuate from that despatched in any previous reaction for the same variation
If the conditional GET used a sturdy cache validator (see segment 13.Three.Three), the response SHOULD NOT encompass other entity-headers. Otherwise (i.E., the conditional GET used a weak validator), the response MUST NOT encompass other entity-headers; this prevents inconsistencies among cached entity-bodies and up to date headers.
If a 304 response indicates an entity now not currently cached, then the cache MUST push aside the reaction and repeat the request without the conditional.
If a cache makes use of a received 304 reaction to update a cache access, the cache MUST update the entry to reflect any new field values given inside the response.
Indicates the resource has now not been modified for the reason that last requested. Typically, the HTTP purchaser offers a header just like the If-Modified-Since header to provide a time against which to compare. Using this protects bandwidth and reprocessing on each the server and purchaser, as only the header statistics need to be despatched and received in contrast to the entirety of the page being re-processed by way of the server, then sent once more the use of extra bandwidth of the server and consumer.
Used for conditional GET calls to reduce band-width usage. If used, have to set the Date, Content-Location, ETag headers to what they might had been on a ordinary GET call. There ought to be no body at the reaction.
The 306 status code become used in a preceding model of the specification, is no longer used, and the code is reserved.
No longer used. Originally supposed “Subsequent requests must use the specified proxy.”
307 Temporary Redirect
The asked aid is living quickly underneath a special URI. Since the redirection MAY be altered every so often, the consumer SHOULD continue to apply the Request-URI for future requests. This reaction is simplest cacheable if indicated via a Cache-Control or Expires header area.
The transient URI SHOULD be given with the aid of the Location field inside the reaction. Unless the request method became HEAD, the entity of the reaction SHOULD incorporate a short hypertext note with a hyperlink to the brand new URI(s) , on account that many pre-HTTP/1.1 person dealers do now not understand the 307 repute. Therefore, the word SHOULD contain the records essential for a person to copy the original request on the new URI.
If the 307 popularity code is acquired in response to a request apart from GET or HEAD, the person agent MUST NOT routinely redirect the request unless it may be confirmed with the aid of the person, when you consider that this might alternate the conditions beneath which the request changed into issued.
In this example, the request need to be repeated with every other URI; however, destiny requests can nonetheless use the original URI. In evaluation to 302, the request approach must not be changed when reissuing the authentic request. For example, a POST request need to be repeated the usage of some other POST request.
308 Permanent Redirect (experimental)
The request, and all destiny requests need to be repeated the usage of every other URI. 307 and 308 (as proposed) parallel the behaviours of 302 and 301, but do not require the HTTP approach to exchange. So, for instance, submitting a shape to a completely redirected aid may additionally keep smoothly.
4xx Client Error
The 4xx elegance of status code is intended for instances wherein the customer appears to have erred. Except whilst responding to a HEAD request, the server SHOULD consist of an entity containing an explanation of the mistake state of affairs, and whether it’s far a brief or everlasting situation. These repute codes are applicable to any request method. User agents SHOULD display any protected entity to the person.
If the patron is sending facts, a server implementation using TCP SHOULD be careful to ensure that the purchaser acknowledges receipt of the packet(s) containing the response, earlier than the server closes the input connection. If the customer continues sending facts to the server after the near, the server’s TCP stack will send a reset packet to the client, which can also erase the purchaser’s unacknowledged enter buffers earlier than they can be study and interpreted by way of the HTTP utility.
The 4xx class of repute code is meant for cases in which the customer seems to have erred. Except when responding to a HEAD request, the server should consist of an entity containing an evidence of the mistake scenario, and whether it’s miles a temporary or everlasting circumstance. These status codes are applicable to any request technique. User agents have to display any covered entity to the user.
Four hundred Bad Request
The request could not be understood by using the server because of malformed syntax. The purchaser SHOULD NOT repeat the request with out changes.
The request cannot be fulfilled due to bad syntax.
General mistakes when pleasant the request might reason an invalid state. Domain validation mistakes, lacking records, etc. Are some examples.
The request calls for person authentication. The reaction MUST consist of a WWW-Authenticate header field (phase 14.47) containing a venture applicable to the asked aid. The client MAY repeat the request with a suitable Authorization header subject (section 14.8). If the request already blanketed Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response incorporates the same assignment as the prior reaction, and the user agent has already tried authentication as a minimum as soon as, then the user SHOULD be offered the entity that become given in the reaction, considering that entity might include relevant diagnostic data. HTTP get admission to authentication is explained in “HTTP Authentication: Basic and Digest Access Authentication”.
Similar to 403 Forbidden, but specially to be used whilst authentication is possible however has failed or not yet been supplied. The reaction ought to include a WWW-Authenticate header subject containing a task applicable to the requested useful resource. See Basic get right of entry to authentication and Digest access authentication.
Error code response for lacking or invalid authentication token.
402 Payment Required
This code is reserved for destiny use.
Reserved for destiny use. The authentic goal changed into that this code is probably used as part of some shape of virtual coins or micropayment scheme, but that has now not passed off, and this code isn’t commonly used. As an example of its use, however, Apple’s MobileMe service generates a 402 blunders (“httpStatusCode:402” within the Mac OS X Console log) if the MobileMe account is antisocial.
The server understood the request, but is refusing to satisfy it. Authorization will not assist and the request SHOULD NOT be repeated. If the request method became now not HEAD and the server desires to make public why the request has now not been fulfilled, it SHOULD describe the cause for the refusal within the entity. If the server does no longer desire to make this statistics to be had to the consumer, the popularity code 404 (Not Found) can be used as an alternative.
The request was a prison request, however the server is refusing to respond to it. Unlike a 401 Unauthorized reaction, authenticating will make no distinction.
Error code for consumer now not legal to carry out the operation or the aid is unavailable for a few cause (e.G. Time constraints, etc.).
404 Not Found
The server has now not discovered whatever matching the Request-URI. No indication is given of whether the situation is transient or permanent. The 410 (Gone) reputation code SHOULD be used if the server knows, thru a few internally configurable mechanism, that an old aid is completely unavailable and has no forwarding cope with. This status code is normally used when the server does not wish to reveal precisely why the request has been refused, or whilst no other response is applicable.
The requested aid couldn’t be determined however may be to be had again within the future. Subsequent requests through the patron are permissible.
Used while the requested resource isn’t always observed, whether or not it doesn’t exist or if there was a 401 or 403 that, for safety motives, the service desires to mask.
405 Method Not Allowed
The method certain inside the Request-Line is not allowed for the resource recognized by way of the Request-URI. The response MUST encompass an Allow header containing a list of valid techniques for the requested resource.
A request was manufactured from a aid using a request method now not supported by means of that useful resource; for example, the use of GET on a form which calls for statistics to be presented through POST, or the usage of PUT on a read-most effective resource.
406 Not Acceptable
The useful resource identified via the request is best capable of producing reaction entities which have content material characteristics now not ideal in keeping with the take delivery of headers despatched in the request.
Unless it was a HEAD request, the response SHOULD encompass an entity containing a list of to be had entity traits and region(s) from which the consumer or consumer agent can choose the only maximum suitable. The entity layout is distinct through the media type given inside the Content-Type header area. Depending upon the layout and the abilties of the consumer agent, choice of the most suitable preference MAY be achieved automatically. However, this specification does now not define any wellknown for such automated choice.
Note: HTTP/1.1 servers are allowed to return responses which aren’t acceptable in step with the be given headers sent in the request. In a few instances, this will even be prime to sending a 406 response. User retailers are recommended to inspect the headers of an incoming reaction to determine if it’s far perfect.
If the reaction may be unacceptable, a person agent SHOULD quickly forestall receipt of greater statistics and question the user for a choice on in addition movements.
The requested useful resource is simplest able to generating content now not proper consistent with the Accept headers despatched inside the request.
407 Proxy Authentication Required
This code is similar to 401 (Unauthorized), however suggests that the patron must first authenticate itself with the proxy. The proxy MUST go back a Proxy-Authenticate header discipline (segment 14.33) containing a undertaking relevant to the proxy for the asked resource. The patron MAY repeat the request with a suitable Proxy-Authorization header field (section 14.34). HTTP get entry to authentication is defined in “HTTP Authentication: Basic and Digest Access Authentication”.
The customer need to first authenticate itself with the proxy.
408 Request Timeout
The client did no longer produce a request in the time that the server turned into prepared to wait. The purchaser MAY repeat the request without modifications at any later time.
The server timed out anticipating the request. According to W3 HTTP specs: “The patron did now not produce a request within the time that the server become organized to attend. The purchaser MAY repeat the request without modifications at any later time.”
The request couldn’t be completed because of a warfare with the current country of the aid. This code is handiest allowed in situations in which it’s miles predicted that the consumer might be capable of solve the conflict and resubmit the request. The reaction frame SHOULD encompass sufficient information for the user to understand the supply of the conflict. Ideally, the reaction entity could include enough information for the consumer or person agent to restoration the trouble; however, that may not be feasible and isn’t always required.
Conflicts are maximum in all likelihood to arise in response to a PUT request. For example, if versioning had been getting used and the entity being PUT protected changes to a resource which battle with the ones made via an in advance (0.33-birthday celebration) request, the server may use the 409 response to suggest that it can not complete the request. In this case, the reaction entity would possibly contain a listing of the variations between the 2 variations in a layout described by the response Content-Type.
Indicates that the request couldn’t be processed because of battle within the request, consisting of an edit war.
Whenever a aid conflict might be caused by enjoyable the request. Duplicate entries and deleting root objects whilst cascade-delete is not supported are more than one examples.
The requested aid is now not available at the server and no forwarding cope with is thought. This condition is anticipated to be considered permanent. Clients with link enhancing talents SHOULD delete references to the Request-URI after person approval. If the server does no longer know, or has no facility to determine, whether or not or not the condition is everlasting, the reputation code 404 (Not Found) SHOULD be used alternatively. This reaction is cacheable except indicated in any other case.
The 410 response is mostly supposed to help the venture of internet maintenance via notifying the recipient that the aid is deliberately unavailable and that the server owners choice that far off links to that aid be removed. Such an occasion is not unusual for limited-time, promotional offerings and for resources belonging to individuals not working on the server’s website. It isn’t always vital to mark all completely unavailable sources as “gone” or to maintain the mark for any period of time — this is left to the discretion of the server owner.
Indicates that the useful resource requested is not available and could no longer be to be had once more. This must be used while a resource has been intentionally removed and the aid have to be purged. Upon receiving a 410 popularity code, the consumer ought to no longer request the aid again in the destiny. Clients consisting of engines like google ought to remove the resource from their indices. Most use instances do not require customers and serps to purge the resource, and a “404 Not Found” may be used as a substitute.
411 Length Required
The server refuses to accept the request with out a described Content- Length. The consumer MAY repeat the request if it provides a legitimate Content-Length header discipline containing the period of the message-frame in the request message.
The request did not specify the period of its content material, that is required by way of the asked resource.
412 Precondition Failed
The precondition given in a single or greater of the request-header fields evaluated to false whilst it became tested on the server. This reaction code allows the customer to place preconditions on the modern aid metainformation (header field records) and therefore prevent the asked technique from being carried out to a useful resource aside from the one meant.
The server does no longer meet one of the preconditions that the requester placed on the request.
413 Request Entity Too Large
The server is refusing to procedure a request because the request entity is greater than the server is inclined or able to method. The server MAY close the relationship to save you the consumer from persevering with the request.
If the situation is brief, the server SHOULD include a Retry- After header field to signify that it’s miles temporary and after what time the customer MAY attempt once more.
The request is larger than the server is willing or able to process.
414 Request-URI Too Long
The server is refusing to carrier the request because the Request-URI is longer than the server is willing to interpret. This rare circumstance is most effective possibly to arise whilst a consumer has improperly transformed a POST request to a GET request with long query records, when the patron has descended right into a URI “black hollow” of redirection (e.G., a redirected URI prefix that points to a suffix of itself), or while the server is beneath attack by using a patron trying to exploit protection holes found in some servers using constant-period buffers for studying or manipulating the Request-URI.
The URI provided turned into too long for the server to procedure.
415 Unsupported Media Type
The server is refusing to carrier the request due to the fact the entity of the request is in a format no longer supported by way of the asked useful resource for the asked approach.
The request entity has a media kind which the server or useful resource does now not help. For instance, the purchaser uploads an picture as photograph/svg+xml, but the server calls for that images use a special format.
416 Requested Range Not Satisfiable
A server SHOULD return a response with this popularity code if a request protected a Range request-header field (section 14.35), and not one of the range-specifier values in this discipline overlap the contemporary quantity of the chosen aid, and the request did now not include an If-Range request-header discipline. (For byte-levels, because of this the primary- byte-pos of all the byte-range-spec values have been greater than the modern-day period of the selected aid.)
When this repute code is again for a byte-variety request, the response SHOULD encompass a Content-Range entity-header area specifying the modern-day duration of the selected resource (see phase 14.16). This reaction MUST NOT use the multipart/byteranges content material- type.
The purchaser has asked for a portion of the record, but the server cannot supply that element. For instance, if the purchaser asked for part of the file that lies past the give up of the report.
417 Expectation Failed
The expectation given in an Expect request-header subject (see segment 14.20) could not be met by means of this server, or, if the server is a proxy, the server has unambiguous evidence that the request couldn’t be met by using the subsequent-hop server.
The server can’t meet the necessities of the Expect request-header discipline.
418 I’m a teapot (RFC 2324)
This code become defined in 1998 as one of the traditional IETF April Fools’ jokes, in RFC 2324, Hyper Text Coffee Pot Control Protocol, and is not predicted to be implemented by actual HTTP servers. However, known implementations do exist. An Nginx HTTP server uses this code to simulate goto-like behaviour in its configuration.
420 Enhance Your Calm (Twitter)
Returned by the Twitter Search and Trends API when the client is being rate limited. The text is a quote from ‘Demolition Man’ and the ‘420’ code is likely a reference to this range’s affiliation with marijuana. Other offerings can also desire to put in force the 429 Too Many Requests reaction code rather.
422 Unprocessable Entity (WebDAV)
The 422 (Unprocessable Entity) reputation code means the server understands the content type of the request entity (therefore a 415(Unsupported Media Type) status code is beside the point), and the syntax of the request entity is accurate (as a result a 400 (Bad Request) repute code is beside the point) but turned into unable to technique the contained commands. For instance, this mistake situation may additionally arise if an XML request frame includes properly-shaped (i.E., syntactically correct), however semantically erroneous, XML commands.
The request changed into nicely-fashioned but changed into unable to be observed due to semantic mistakes.
423 Locked (WebDAV)
The 423 (Locked) repute code way the source or destination aid of a technique is locked. This response SHOULD comprise the ideal precondition or postcondition code, along with ‘lock-token-submitted’ or ‘no-conflicting-lock’.
The useful resource this is being accessed is locked.
424 Failed Dependency (WebDAV)
The 424 (Failed Dependency) repute code method that the approach couldn’t be carried out at the resource because the asked motion depended on any other action and that movement failed. For instance, if a command in a PROPPATCH approach fails, then, at minimal, the relaxation of the commands can even fail with 424 (Failed Dependency).
The request failed because of failure of a previous request (e.G. A PROPPATCH).
425 Reserved for WebDAV
Slein, J., Whitehead, E.J., et al., “WebDAV Advanced Collections Protocol”, Work In Progress.
Defined in drafts of “WebDAV Advanced Collections Protocol”, however not present in “Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol”.
(WebDAV) Ordered Collections Protocol”.
426 Upgrade Required
Reliable, interoperable negotiation of Upgrade capabilities requires an unambiguous failure signal. The 426 Upgrade Required reputation code permits a server to definitively country the correct protocol extensions a given resource must be served with.
The client ought to switch to a extraordinary protocol together with TLS/1.Zero.
428 Precondition Required
The 428 reputation code shows that the foundation server requires the request to be conditional.
Its typical use is to keep away from the “misplaced replace” trouble, in which a patron GETs a useful resource’s country, modifies it, and PUTs it returned to the server, whilst in the meantime a 3rd birthday party has modified the state at the server, leading to a battle. By requiring requests to be conditional, the server can assure that clients are running with an appropriate copies.
Responses using this repute code SHOULD give an explanation for the way to resubmit the request effectively.
The 428 repute code is optionally available; clients can not rely on its use to save you “misplaced replace” conflicts.
The foundation server requires the request to be conditional. Intended to save you “the “lost update” hassle, in which a consumer GETs a resource’s nation, modifies it, and PUTs it back to the server, while in the meantime a 3rd birthday celebration has changed the country at the server, main to a battle.
429 Too Many Requests
The 429 status code indicates that the user has sent too many requests in a given quantity of time (“fee limiting”).
The response representations SHOULD consist of info explaining the condition, and MAY consist of a Retry-After header indicating how long to attend before making a new request.
When a server is underneath assault or simply receiving a very big quantity of requests from a unmarried party, responding to each with a 429 fame code will devour assets.
Therefore, servers aren’t required to use the 429 popularity code; whilst restricting aid utilization, it may be more appropriate to simply drop connections, or take other steps.
The consumer has sent too many requests in a given amount of time. Intended to be used with rate limiting schemes.
431 Request Header Fields Too Large
The 431 repute code suggests that the server is unwilling to procedure the request due to the fact its header fields are too massive. The request MAY be resubmitted after decreasing the scale of the request header fields.
It can be used both whilst the set of request header fields in total are too big, and when a single header discipline is at fault. In the latter case, the reaction representation SHOULD specify which header discipline was too large.
Servers aren’t required to use the 431 fame code; when below attack, it could be extra appropriate to simply drop connections, or take other steps.
The server is unwilling to procedure the request because either an individual header discipline, or all of the header fields collectively, are too large.
444 No Response (Nginx)
An Nginx HTTP server extension. The server returns no information to the customer and closes the connection (useful as a deterrent for malware).
449 Retry With (Microsoft)
A Microsoft extension. The request should be retried after acting the perfect motion.
450 Blocked by means of Windows Parental Controls (Microsoft)
A Microsoft extension. This blunders is given whilst Windows Parental Controls are turned on and are blocking off get entry to to the given website.
451 Unavailable For Legal Reasons
Intended to be used while resource access is denied for legal motives, e.G. Censorship or authorities-mandated blocked get right of entry to. A connection with the 1953 dystopian novel Fahrenheit 451, where books are outlawed, and the autoignition temperature of paper, 451°F.
499 Client Closed Request (Nginx)
An Nginx HTTP server extension. This code is delivered to log the case when the connection is closed by using client while HTTP server is processing its request, making server not able to send the HTTP header again.
5xx Server Error
Response reputation codes starting with the digit “5” imply cases in which the server is conscious that it has erred or is incapable of performing the request. Except when responding to a HEAD request, the server SHOULD consist of an entity containing an explanation of the error situation, and whether it’s far a temporary or everlasting condition. User dealers SHOULD display any included entity to the user. These reaction codes are relevant to any request technique.
The server did not satisfy an apparently valid request.
Response repute codes starting with the digit “5” imply cases wherein the server is conscious that it has encountered an blunders or is otherwise incapable of appearing the request. Except while responding to a HEAD request, the server ought to encompass an entity containing an explanation of the error situation, and suggest whether or not it’s far a temporary or permanent situation. Likewise, person sellers have to display any included entity to the consumer. These response codes are relevant to any request approach.
500 Internal Server Error
The server encountered an sudden situation which avoided it from fulfilling the request.
A ordinary error message, given while no more specific message is appropriate.
The fashionable seize-all errors when the server-aspect throws an exception.
501 Not Implemented
The server does not assist the capability required to satisfy the request. This is the suitable reaction while the server does not recognize the request technique and isn’t able to assisting it for any resource.
The server both does not recognise the request method, or it lacks the capability to fulfill the request.
502 Bad Gateway
The server, at the same time as appearing as a gateway or proxy, received an invalid reaction from the upstream server it accessed in attempting to fulfill the request.
The server changed into acting as a gateway or proxy and obtained an invalid response from the upstream server.
503 Service Unavailable
The server is currently not able to deal with the request because of a transient overloading or maintenance of the server. The implication is that that is a brief circumstance so that it will be alleviated after a few postpone. If regarded, the length of the postpone MAY be indicated in a Retry-After header. If no Retry-After is given, the client SHOULD cope with the reaction as it would for a 500 response.
Note: The lifestyles of the 503 repute code does not mean that a server have to use it while turning into overloaded. Some servers may also wish to honestly refuse the connection.
The server is presently unavailable (due to the fact it’s far overloaded or down for upkeep). Generally, that is a temporary kingdom.
504 Gateway Timeout
The server, even as acting as a gateway or proxy, did no longer receive a timely reaction from the upstream server designated by using the URI (e.G. HTTP, FTP, LDAP) or some other auxiliary server (e.G. DNS) it had to access in attempting to finish the request.
Note: Note to implementors: a few deployed proxies are recognised to go back 400 or 500 when DNS lookups time out.
The server was acting as a gateway or proxy and did not obtain a timely reaction from the upstream server.
505 HTTP Version Not Supported
The server does now not help, or refuses to support, the HTTP protocol model that turned into used within the request message. The server is indicating that it is unable or unwilling to finish the request the use of the same primary version because the purchaser, as defined in phase three.1, apart from with this error message. The reaction SHOULD include an entity describing why that version isn’t always supported and what other protocols are supported with the aid of that server.
The server does not support the HTTP protocol model used within the request.
506 Variant Also Negotiates (Experimental)
The 506 status code suggests that the server has an internal configuration errors: the chosen variant useful resource is configured to interact in transparent content material negotiation itself, and is therefore no longer a right cease point within the negotiation manner.
Transparent content material negotiation for the request effects in a round reference.
507 Insufficient Storage (WebDAV)
The 507 (Insufficient Storage) popularity code method the technique couldn’t be executed on the useful resource due to the fact the server is unable to save the representation had to correctly whole the request. This situation is considered to be transient. If the request that acquired this repute code turned into the end result of a consumer action, the request MUST NOT be repeated till it’s miles asked via a separate consumer motion.
The server is unable to store the representation wished to finish the request.
508 Loop Detected (WebDAV)
The 508 (Loop Detected) fame code shows that the server terminated an operation as it encountered an infinite loop whilst processing a request with “Depth: infinity”. This repute shows that the complete operation failed.
The server detected an endless loop at the same time as processing the request (sent in lieu of 208).
509 Bandwidth Limit Exceeded (Apache)
This repute code, while used by many servers, isn’t laid out in any RFCs.
510 Not Extended
The policy for gaining access to the resource has now not been met within the request. The server must ship lower back all the facts vital for the consumer to problem an prolonged request. It is outside the scope of this specification to specify how the extensions inform the customer.
If the 510 reaction includes statistics approximately extensions that had been no longer gift in the initial request then the client MAY repeat the request if it has motive to agree with it may fulfill the extension coverage by way of modifying the request in keeping with the data supplied within the 510 response. Otherwise the patron MAY gift any entity included within the 510 reaction to the person, considering that entity may also encompass applicable diagnostic records.
Further extensions to the request are required for the server to fulfill it.
511 Network Authentication Required
The 511 repute code shows that the customer wishes to authenticate to advantage network access.
The reaction representation SHOULD contain a hyperlink to a useful resource that allows the consumer to publish credentials (e.G. With a HTML shape).
Note that the 511 reaction SHOULD NOT incorporate a task or the login interface itself, due to the fact browsers might show the login interface as being associated with the initially requested URL, which may additionally cause confusion.
The 511 status SHOULD NOT be generated by means of beginning servers; it’s miles intended to be used by using intercepting proxies which might be interposed as a way of controlling get admission to to the network.
Responses with the 511 reputation code MUST NOT be stored through a cache.
The 511 repute code is designed to mitigate issues as a result of “captive portals” to software program (specially non-browser marketers) that is looking forward to a reaction from the server that a request was made to, not the intervening community infrastructure. It isn’t always supposed to endorsed deployment of captive portals, simplest to limit the damage because of them.
A community operator wishing to require some authentication, reputation of terms or different user interaction earlier than granting get entry to normally does so by using identifing customers who’ve no longer finished so (“unknown customers”) using their MAC addresses.
Unknown clients then have all site visitors blocked, except for that on TCP port eighty, that’s despatched to a HTTP server (the “login server”) devoted to “logging in” unknown clients, and of route site visitors to the login server itself.
In commonplace use, a response carrying the 511 fame code will no longer come from the beginning server indicated in the request’s URL. This affords many security problems; e.G., an attacking intermediary may be putting cookies into the original domain’s name space, can be observing cookies or HTTP authentication credentials sent from the consumer agent, and so on.
However, those risks aren’t precise to the 511 fame code; in other words, a captive portal that isn’t the use of this status code introduces the same issues.
Also, notice that captive portals the use of this repute code on an SSL or TLS connection (generally, port 443) will generate a certificate errors on the purchaser.
The purchaser desires to authenticate to gain community access. Intended for use by means of intercepting proxies used to govern get right of entry to to the network (e.G., “captive portals” used to require settlement to Terms of Service earlier than granting full Internet access through a Wi-Fi hotspot).
598 Network examine timeout error
This status code is not specified in any RFCs, but is used by a few HTTP proxies to sign a network read timeout in the back of the proxy to a client in the front of the proxy.
599 Network join timeout error
This popularity code isn’t always laid out in any RFCs, however is utilized by a few HTTP proxies to sign a network join timeout behind the proxy to a patron in the front of the proxy.