The five families
HTTP status codes are grouped by their first digit:
- 1xx — Informational: Request received, continuing process. Rarely seen in practice.
- 2xx — Success: The request was successfully received, understood, and accepted.
- 3xx — Redirection: Further action needed to complete the request.
- 4xx — Client error: The request contained bad syntax or cannot be fulfilled.
- 5xx — Server error: The server failed to fulfill a valid request.
2xx — Success codes
| Code | Name | When it's used |
|---|---|---|
| 200 | OK | Standard success — GET and POST responses |
| 201 | Created | POST created a new resource (e.g., new user, new post) |
| 204 | No Content | Success but no response body — DELETE, some PUTs |
| 206 | Partial Content | Range request — video streaming, resumable downloads |
3xx — Redirects (and why 301 vs 302 matters)
| Code | Name | SEO/behavior |
|---|---|---|
| 301 | Moved Permanently | Google transfers most link equity. Browser caches the redirect. |
| 302 | Found (Temporary) | Google keeps original URL indexed. Link equity not transferred. |
| 307 | Temporary Redirect | Like 302 but preserves HTTP method (POST stays POST) |
| 308 | Permanent Redirect | Like 301 but preserves HTTP method |
The 301 vs 302 SEO rule:Use 301 when you've permanently moved a URL — Google will update its index and transfer PageRank. Use 302 for temporary redirects (A/B tests, maintenance pages, login redirects). Using 302 when you mean 301 causes Google to keep indexing the old URL indefinitely.
The 301 browser cache problem: 301s are cached aggressively by browsers. If you redirect A → B using 301 and later need A to go somewhere else, users who visited before will see the cached old redirect until they clear their cache. Use 302 during testing; switch to 301 when permanent.
4xx — Client errors
| Code | Name | When it occurs |
|---|---|---|
| 400 | Bad Request | Malformed request syntax — bad JSON body, missing required field |
| 401 | Unauthorized | Not authenticated — no token or invalid token |
| 403 | Forbidden | Authenticated but not authorized — wrong role, wrong permissions |
| 404 | Not Found | Resource doesn't exist at this URL |
| 405 | Method Not Allowed | POST to a GET-only endpoint |
| 409 | Conflict | Resource conflict — duplicate email, version mismatch |
| 410 | Gone | Resource permanently deleted — tells Google to deindex faster |
| 422 | Unprocessable Entity | Request is syntactically valid but semantically invalid |
| 429 | Too Many Requests | Rate limit exceeded — API throttling |
401 vs 403:401 means "you need to log in." 403 means "you are logged in but not allowed." Returning 403 for unauthenticated users reveals that a resource exists — some APIs return 404 for security-sensitive resources even when the issue is authentication.
404 vs 410 for SEO:404 tells Google "this page isn't found — try again later." 410 tells Google "this page is permanently gone — remove it from the index." If you delete a URL permanently, 410 accelerates deindexing compared to 404.
5xx — Server errors
| Code | Name | Typical cause |
|---|---|---|
| 500 | Internal Server Error | Unhandled exception — check server logs |
| 502 | Bad Gateway | Reverse proxy got invalid response from upstream |
| 503 | Service Unavailable | Server overloaded or down for maintenance |
| 504 | Gateway Timeout | Upstream server didn't respond in time |
502 vs 504:Both involve a reverse proxy (nginx, Cloudflare) failing to communicate with an upstream service. 502 means the upstream returned something invalid; 504 means it didn't respond at all (timeout). Both are usually caused by the upstream service crashing or being overloaded — not the proxy itself.
Debugging with JSON in API responses
Most REST APIs include a JSON body with error details alongside the status code. Format any API JSON error response for readability with the free JSON formatter — paste the response body and instantly see the error structure.
Related tools
- Free JSON Formatter — format API error responses for debugging
- Free SSL Checker — check if HTTPS certificate issues are causing connection errors
Written by Achraf A., founder of TheFreeAITools.