Skip to main content
lab.golamrabbani.org

HTTP Status Code Lookup

Look up any HTTP status code — meaning, category, RFC reference, and when to use it.

Written by Golam Rabbani, Founder & Lead Engineer

Enter a 3-digit code (e.g. 404) or a keyword (e.g. not found, redirect)

How to use this http status code lookup

  1. Type a 3-digit status code (e.g. 404) or a keyword (e.g. not found, redirect) into the "Status code or name" field.
  2. Press Lookup to run the search.
  3. Read the result card for the category badge, RFC reference, and "When to use" note.
  4. For keyword searches, up to 10 matching codes are shown — scan the list to find the right one.
  5. Press "Copy top result" to copy the top match to your clipboard, or Reset to clear the form.

About this http status code lookup

The HTTP status code lookup tool lets you search a built-in reference table by exact code number or by name keyword, and returns the category, RFC citation, and a practical "when to use" note for each match.

HTTP status codes are grouped into five families by their first digit. 1xx codes are informational — the server is acknowledging progress. 2xx codes signal success: the request was received, understood, and processed. 3xx codes redirect the client to a different URL, either permanently or temporarily. 4xx codes indicate a client error — something the caller needs to fix before retrying. 5xx codes indicate a server error — the request was valid but the server failed to fulfil it. The 4xx/5xx split matters in practice: a 4xx tells the API consumer to change their request, while a 5xx tells the operator to fix the server.

Two pairs of codes are often confused. For redirects: 301 (Moved Permanently) and 302 (Found) both allow the browser to switch to GET on the new URL, while 307 (Temporary Redirect) and 308 (Permanent Redirect) preserve the original HTTP method — use 307/308 when the redirect target must receive a POST or PUT. For access control: 401 Unauthorized means credentials are missing or invalid and re-authenticating may help; 403 Forbidden means the server understood who you are but is still refusing access. A worked example: an API that receives a POST with valid JSON syntax but a missing required field should return 422 Unprocessable Content (RFC 9110 §15.5.21) rather than 400 Bad Request — 400 signals a malformed request, 422 signals that the request parsed correctly but failed semantic validation.

All lookups run locally against the built-in table; no data leaves your browser.

FAQ

What is the difference between HTTP status codes 301 and 302?
301 Moved Permanently tells browsers and search-engine crawlers to update the stored URL to the new location. 302 Found is a temporary redirect; the original URL stays canonical and should not be replaced. Neither code guarantees the HTTP method is preserved on the redirected request — use 308 or 307 respectively if you need the method to stay as POST or PUT.
What is the difference between 401 Unauthorized and 403 Forbidden?
401 means authentication is required but was not provided or failed — sending valid credentials may succeed. 403 means the server knows who the caller is (or does not care) but is explicitly refusing access; re-authenticating will not help. Return 401 when the caller has not logged in; return 403 when a logged-in caller lacks permission.
What does 422 Unprocessable Content mean and when should I use it?
422 means the request body was syntactically valid (JSON parsed without error) but contained semantic errors such as a missing required field or a value that fails domain validation. It is the correct choice when the payload is well-formed but logically wrong — in contrast to 400 Bad Request, which signals that the request itself was malformed or unparseable.
When should an API return 409 Conflict?
409 signals that the request cannot be completed because it conflicts with the current state of the resource — for example, a PUT that would overwrite a newer version, a POST that would create a duplicate unique record, or a state-machine transition that is not valid from the resource's current state. The response body should describe what the conflict is so the client can resolve it.
What does 429 Too Many Requests tell the client?
429 means the client has exceeded a rate limit within a given time window. The server should include a Retry-After header indicating when the client is permitted to try again, and optionally an X-RateLimit-Limit / X-RateLimit-Remaining header pair. The client must back off; retrying immediately will keep triggering the same response.
Why does HTTP status code 418 exist?
418 I'm a Teapot originates from RFC 2324, the Hyper Text Coffee Pot Control Protocol, published on 1 April 1998 as an April Fools' joke. The spec states that a teapot should refuse to brew coffee. The code was never removed from the IANA registry and is sometimes used in production as an Easter egg or to deliberately reject requests that should never be fulfilled.