Complete HTTP status code reference with descriptions. Search all 1xx, 2xx, 3xx, 4xx, and 5xx status codes with explanations
A quick reference for every HTTP status code. Look up any code from 100 to 599, see what it means, when servers return it, and how to handle it in your application.
Related reading
Initializing in your browser…
Visual Content Security Policy builder. Create CSP headers to protect against XSS and code injection attacks
Generate Subresource Integrity (SRI) hashes for scripts and stylesheets. Protect against CDN compromise and tampering
Calculate IPv4 and IPv6 subnet details including network address, broadcast, host range, netmask, and wildcard mask
Your API returns a 422 and a teammate insists "that is not a real status code." You want the authoritative meaning and when to use it.
Looked up
422
Reference entry
422 Unprocessable Entity (RFC 4918) Class: 4xx, Client Error The request was well-formed but failed semantic validation (e.g. valid JSON, but "email" is missing or malformed). Retry without changes: No, fix the payload first.
422 is a real, registered status from the WebDAV spec that REST APIs widely reuse for validation failures, distinct from 400 (malformed syntax the server could not parse) and 409 (a state conflict). Knowing the class (4xx = caller must change something, 5xx = server problem) tells you immediately whether retrying the identical request can ever succeed.
A quick reference for every HTTP status code. Look up any code from 100 to 599, see what it means, when servers return it, and how to handle it in your application.
This is a static, offline reference covering 62 HTTP status codes spread across the five RFC classes: 4 informational (1xx), 10 success (2xx), 8 redirection (3xx), 29 client-error (4xx), and 11 server-error (5xx). The 4xx class is by far the largest because it carries the most operationally distinct codes, including ones that are easy to confuse: 401 Unauthorized (authentication is still possible) versus 403 Forbidden (the client's identity is known and access is still denied), 400 Bad Request (malformed syntax) versus 422 Unprocessable Entity (syntactically valid but semantically wrong), and 429 Too Many Requests for rate limiting. The list also includes the curiosities and newer additions that bare cheat-sheets often drop: 418 I'm a teapot (the RFC 2324 April Fools' code), 451 Unavailable For Legal Reasons, 103 Early Hints, and 425 Too Early.
The redirection group is where the editorial detail matters most. The reference distinguishes 301 Moved Permanently and 302 Found from 307 Temporary Redirect and 308 Permanent Redirect, where the 307/308 pair preserves the original request method and body rather than letting clients downgrade a POST to a GET. It also covers 303 See Other (used to send the client to fetch a result at a different URI) and 304 Not Modified (the caching response that signals the cached copy is still valid), and it flags 305 Use Proxy as deprecated. The 5xx class similarly separates the classic gateway-triage triad: 502 Bad Gateway (invalid response from upstream), 503 Service Unavailable (overload or maintenance), and 504 Gateway Timeout (upstream did not respond in time).
Functionally the tool is a filterable lookup rather than a network client: it sends no requests and contains the entire dataset inline. A single search box matches your query against the numeric code, the name, and the description simultaneously (case-insensitive substring matching, so typing '429', 'teapot', or 'rate limiting' all surface the relevant entry), and a row of category buttons filters to one class at a time while showing live counts per class. Each result row is click-to-expand to reveal the full description plus a deep link to the matching MDN documentation page (developer.mozilla.org/.../Status/<code>), and a copy button puts just the numeric code on the clipboard. The active search text and selected category are encoded into the URL via useUrlStates and exposed through a Share button, so a filtered view such as 'all 3xx codes' can be linked directly.
401 means the request lacks valid authentication credentials. 403 means the server understood who you are but you're not allowed to access the resource.
Use 404 when a resource is not found but might exist later. 410 signals the resource existed once but has been permanently removed.
This runs as client-side JavaScript. Keys, tokens, payloads, and other inputs never leave your device.