HTTP Status Codes: 1xx–5xx Explained + Debugging Guide
Open DevTools, see 404 — you know it's not found. 500 — server blew up. But what's 418? What's the difference between 502 and 504? Why is 422 better than 400 for REST APIs? HTTP status codes are the universal language of the web. This guide covers all five categories, common debugging steps, and best practices. Bookmark the DevToolbox HTTP Status Code Reference for quick lookups.
📌 Key Takeaways
- HTTP Status Codes: 1xx–5xx Explained + Debugging G is widely used by developers
- Based on RFC standards and real-world experience
- Free online tools, runs locally, no data upload
- FAQ section at the bottom answers common questions
📌 Key Takeaways
- HTTP Status Codes: 1xx–5xx Explained + Debugging G is widely used by developers
- Based on RFC standards and real-world experience
- Free online tools, runs locally, no data upload
- FAQ section at the bottom answers common questions
1. Five Categories at a Glance
| Category | Range | Meaning |
|---|---|---|
| 1xx Informational | 100–199 | Request received, continuing |
| 2xx Success | 200–299 | Request succeeded |
| 3xx Redirection | 300–399 | Further action needed |
| 4xx Client Error | 400–499 | Client request is wrong |
| 5xx Server Error | 500–599 | Server failed |
2. 2xx Success — Top 4
- 200 OK: Everything worked
- 201 Created: Resource created (use after POST)
- 204 No Content: Success with no response body (use after DELETE)
- 206 Partial Content: Partial response (range requests / resume downloads)
3. 3xx Redirection — 3 Key Ones
- 301 Moved Permanently: Permanent redirect (SEO weight transfers)
- 302 Found: Temporary redirect (legacy; prefer 307)
- 304 Not Modified: Cache hit (client already has the latest version)
- 307 Temporary Redirect: Temporary redirect preserving HTTP method
4. 4xx Client Error — 8 Essential Codes
- 400 Bad Request: Malformed request syntax
- 401 Unauthorized: Not authenticated (login required)
- 403 Forbidden: Authenticated but no permission
- 404 Not Found: Resource doesn't exist
- 405 Method Not Allowed: HTTP method not supported
- 409 Conflict: Resource conflict (duplicate, version mismatch)
- 422 Unprocessable Entity: Valid syntax, invalid semantics (preferred for REST API validation)
- 429 Too Many Requests: Rate limited
422 vs 400: 400 means "I can't parse your request" (malformed JSON). 422 means "I understood you, but what you're asking for doesn't make sense" (email format is wrong). Prefer 422 for business rule validation in REST APIs.
5. 5xx Server Error — Debugging Guide
- 500 Internal Server Error: Application code exception → check app logs
- 502 Bad Gateway: Upstream unresponsive → nginx can't reach backend
- 503 Service Unavailable: Temporarily down (overload / maintenance)
- 504 Gateway Timeout: Upstream too slow → backend timed out
502 vs 504 — how to tell them apart:
- 502: nginx can't connect to backend at all (port not open / process dead / firewall). Check:
netstat -tlnp | grep <port> - 504: connected but timed out (slow DB query / infinite loop / remote API hanging). Check:
tail -f /var/log/nginx/error.log+ app logs
6. Three Fun Easter-Egg Status Codes
- 418 I'm a teapot: 1998 April Fools' RFC — server refuses to brew coffee
- 451 Unavailable For Legal Reasons: Blocked by law (DMCA takedowns, country-level bans)
- 511 Network Authentication Required: Captive portal (public Wi-Fi login page)
7. REST API Design Cheat Sheet
- GET single:
200/404 - GET list:
200(always 200, empty list in body) - POST create:
201(success) /422(validation failure) - PUT/PATCH update:
200/404/422 - DELETE:
204/404 - Not logged in:
401 - No permission:
403
8. Summary
Memorize the 15 most common codes + understand the 502/504 debugging flow, and you'll save yourself hours of debugging. Keep the DevToolbox HTTP Status Codes Reference bookmarked — searchable, copyable, always available.
Related: HTTP Status Codes · Regex Tester · JSON Formatter