What's the difference between 401 and 403?

401 means 'you're not authenticated, here's how to authenticate' (WWW-Authenticate header required). 403 means 'you are authenticated but not allowed' — re-authenticating won't help.

Should I use 302 or 307 for a redirect?

Use 307 when you want the HTTP method preserved (POST stays POST). 302 historically converts POST to GET in many clients. For new APIs, 307 / 308 are clearer.

What's 418 'I'm a teapot'?

An RFC-2324 Easter egg. Sometimes used playfully when a server wants to politely refuse, but never assigned to anything by major frameworks.

Where do the 5xx Cloudflare codes come from?

Cloudflare returns 520-527 to distinguish CDN-vs-origin failures. They're not RFC-defined but ubiquitous in production traces if you're on CF.

What's the difference between 401 and 403?

401 means 'you're not authenticated, here's how to authenticate' (WWW-Authenticate header required). 403 means 'you are authenticated but not allowed' — re-authenticating won't help.

Should I use 302 or 307 for a redirect?

Use 307 when you want the HTTP method preserved (POST stays POST). 302 historically converts POST to GET in many clients. For new APIs, 307 / 308 are clearer.

What's 418 'I'm a teapot'?

An RFC-2324 Easter egg. Sometimes used playfully when a server wants to politely refuse, but never assigned to anything by major frameworks.

Where do the 5xx Cloudflare codes come from?

Cloudflare returns 520-527 to distinguish CDN-vs-origin failures. They're not RFC-defined but ubiquitous in production traces if you're on CF.

HTTP Status Lookup

Search HTTP status codes by number, name, or behaviour — RFC 9110 + Cloudflare extensions.

50 of 50

100ContinueRFC 9110 §15.2.1
Initial part of a request received; client should continue or be ignored if complete.
101Switching ProtocolsRFC 9110 §15.2.2
Server is switching to the protocol the client asked for (typically WebSockets).
103Early HintsRFC 8297
Preliminary headers (often Link: rel=preload) before the final response.
200OKRFC 9110 §15.3.1
Standard success response.
201CreatedRFC 9110 §15.3.2
Resource created — typically returned with a Location header.
202AcceptedRFC 9110 §15.3.3
Request accepted for processing but not yet complete.
204No ContentRFC 9110 §15.3.5
Success with no body (e.g. DELETE that worked).
206Partial ContentRFC 9110 §15.3.7
Range request succeeded; only part of the resource returned.
301Moved PermanentlyRFC 9110 §15.4.2
Resource has moved; update links. Method may switch to GET.
302FoundRFC 9110 §15.4.3
Temporary redirect; clients historically convert to GET (use 307 to avoid that).
303See OtherRFC 9110 §15.4.4
Redirect to a different URI; always use GET to follow.
304Not ModifiedRFC 9110 §15.4.5
Cached copy is fresh; client should use it. Response has no body.
307Temporary RedirectRFC 9110 §15.4.8
Temporary redirect; method is preserved (POST stays POST).
308Permanent RedirectRFC 9110 §15.4.9
Permanent redirect; method is preserved (POST stays POST).
400Bad RequestRFC 9110 §15.5.1
Malformed request; client should fix it before retrying.
401UnauthorizedRFC 9110 §15.5.2
Authentication required or failed. WWW-Authenticate header should be present.
402Payment RequiredRFC 9110 §15.5.3
Reserved by the spec; used by some APIs to signal billing/quota issues.
403ForbiddenRFC 9110 §15.5.4
Authenticated but not allowed; don't retry without changing credentials.
404Not FoundRFC 9110 §15.5.5
Resource doesn't exist (or server refuses to confirm it does).
405Method Not AllowedRFC 9110 §15.5.6
Method known but not allowed on this resource. Allow header lists what is.
406Not AcceptableRFC 9110 §15.5.7
Server can't produce a response matching the Accept headers.
408Request TimeoutRFC 9110 §15.5.9
Client took too long to send the request.
409ConflictRFC 9110 §15.5.10
Request conflicts with current state (e.g. version mismatch on PUT).
410GoneRFC 9110 §15.5.11
Resource was permanently removed; tells crawlers to drop the URL.
411Length RequiredRFC 9110 §15.5.12
Server requires Content-Length on the request.
412Precondition FailedRFC 9110 §15.5.13
If-Match / If-Unmodified-Since check failed.
413Content Too LargeRFC 9110 §15.5.14
Request body exceeds the server's limit.
415Unsupported Media TypeRFC 9110 §15.5.16
Content-Type isn't one the server can process.
418I'm a teapotRFC 2324
Easter egg — used playfully when a server wants to refuse to brew coffee.
422Unprocessable ContentRFC 9110 §15.5.21
Syntax OK but semantically invalid (e.g. validation errors).
425Too EarlyRFC 8470
Server unwilling to process a request that might be replayed.
426Upgrade RequiredRFC 9110 §15.5.22
Client must upgrade to a different protocol (TLS, HTTP/2, etc.).
428Precondition RequiredRFC 6585
Server requires conditional request headers (If-Match etc.).
429Too Many RequestsRFC 6585
Rate limited; respect Retry-After if present.
431Request Header Fields Too LargeRFC 6585
Total header size exceeds the server's limit.
451Unavailable For Legal ReasonsRFC 7725
Resource blocked due to legal demand (e.g. DMCA, regional block).
500Internal Server ErrorRFC 9110 §15.6.1
Generic server failure; client retry won't help without server-side fix.
501Not ImplementedRFC 9110 §15.6.2
Server doesn't support the request method.
502Bad GatewayRFC 9110 §15.6.3
Upstream server returned an invalid response.
503Service UnavailableRFC 9110 §15.6.4
Server temporarily down (overloaded, maintenance). Retry after Retry-After.
504Gateway TimeoutRFC 9110 §15.6.5
Upstream didn't respond in time.
505HTTP Version Not SupportedRFC 9110 §15.6.6
Server doesn't speak the HTTP version the client used.
511Network Authentication RequiredRFC 6585
Captive portal; client must authenticate to gain network access.
520Web Server Returned an Unknown Error
Cloudflare-specific: origin returned an unexpected response.
521Web Server Is Down
Cloudflare-specific: origin refused the connection.
522Connection Timed Out
Cloudflare-specific: TCP handshake to origin failed.
523Origin Is Unreachable
Cloudflare-specific: DNS or network route to origin failed.
524A Timeout Occurred
Cloudflare-specific: origin took >100 s to respond.
525SSL Handshake Failed
Cloudflare-specific: TLS handshake to origin failed.
526Invalid SSL Certificate
Cloudflare-specific: origin presented an invalid TLS cert.

What this tool does

Look up HTTP status codes by number, name, or behaviour. Covers RFC 9110 plus common Cloudflare 5xx extensions. Each entry links to the relevant RFC and includes a one-line note on when you’d see it.

How to use it

Type a code (404), a name (not found), or a behaviour (rate limited). The list filters live.

Limits and edge cases

Covers the common codes developers actually see. Doesn’t include every obscure WebDAV / extension code.
Cloudflare-specific 520-527 entries are included because they show up in production traces; they’re not part of any RFC.
Numeric search matches both exact (404) and prefix (4 = all 4xx).

Frequently asked questions

What's the difference between 401 and 403?: 401 means 'you're not authenticated, here's how to authenticate' (WWW-Authenticate header required). 403 means 'you are authenticated but not allowed' — re-authenticating won't help.
Should I use 302 or 307 for a redirect?: Use 307 when you want the HTTP method preserved (POST stays POST). 302 historically converts POST to GET in many clients. For new APIs, 307 / 308 are clearer.
What's 418 'I'm a teapot'?: An RFC-2324 Easter egg. Sometimes used playfully when a server wants to politely refuse, but never assigned to anything by major frameworks.
Where do the 5xx Cloudflare codes come from?: Cloudflare returns 520-527 to distinguish CDN-vs-origin failures. They're not RFC-defined but ubiquitous in production traces if you're on CF.