Download this whitepaper now and get a new one every month!
We love digital
Call 0845 485 1219
We love digital - Call and say hello - Mon - Fri, 9am - 5pm
by Chris Simmance on 11th February 2013
Over the life of a website you will be (if you manage it that is) presented with Server Response Codes or ‘HTTP Status Codes’ in regard to a lot of different elements of your site’s functionality and maintenance needs. Quite often these are the largely well-known codes such as 404 errors and 301′s, but there are a whole world of other response codes that you may be presented with when you work on a site.
Rather than get confused and panic, this Blog post will hopefully explain each code’s meaning and save you time in finding out what to do (if anything) with them.
Some of these are completely internal to the server and client or are out of date so you are very unlikely to see them, but in the interest of being thorough I have included them all.
Below is a handy table that you can use to navigate to the code you need to know about a little faster;
1xx Informational Codes
100 continue server code basically means ‘Business as usual’. Essentially it relates to the fact that the request being made by the user is good and that the server is to continue with the request. This is only a temporary response code while the user waits for the final response code from the server, which occurs once the last data packet is sent.
When might this be used? – This is an internal code and sometimes it doesn’t even get generated if the user has already received some data from the server already. It’s kind of like saying that to the server that the connection is good and the door is open. Send in the data but don’t forget to close the door when you are done (with the final response code).
This is one of the simplest of the server error codes and it means the user has made a request to switch the type of protocols used on the web server and the server has agreed to do so.
When might this be used? – When switching to a new HTTP version from an older style protocol to a newer style that may be cleaner or have newer features. This is only done if it is in the best interest for the protocol to do so. i.e. an upgraded HTTP version is available.
As a WebDAV (Transfer Protocol) request may contain not just one request but lots of sub-requests involving file operations and it may take a long time to complete the request.
When might this be used? – This code is generated to indicate to the user that the server has received and is processing the request, but no response is available yet as it is taking time due to the nature of the request. This means that the client doesn’t time out automatically because it won’t assume the request was lost and that it should expect data soon.
This class of status codes indicates the action requested by the client was received, understood, accepted and processed successfully – job done!
This code is probably the most widely used and known, conversely, it is probably the least seen due to its very nature. It basically means that the exchange between the user and the server is complete and everything went as it should.
When might this be used? – Ideally all the time!
The request has been fulfilled and resulted in a new resource being created. For example, a request from the user has resulted in the creation of a new resource, like a new page. The origin server must create the resource before sending the 201 code. If the resource cannot be generated at that time then the server should show a 202 (accepted) code instead.
The request has been accepted for processing, but the processing has not been completed for whatever reason. The request may or may not eventually be acted upon depending on whether it is disallowed when processing actually takes place.
When might this be used? – When the server cannot complete the request at the time it is made. The response is intentionally non-committal as it is simply used to stop the user from persisting with the request for a 201 code when the server cannot complete the action there and then.
The server successfully processed the request, but is returning information that may be from a third party source rather than the original server. It is pretty much identical to a 200 code in nature, but indicated the source is not from the requested server.
When might this be used? – This code may be used in place of 200 when the sender has a reason to believe that the information in the response’s entity headers is different from what the origin server would send.
Not ideal. This code is a response sent by the server to say that the request was received and understood but there is no data to send back to the user. This is mainly to allow for scripts without changing the document at the same time. This code must not contain a message body and is included in the first empty line of code after the header fields.
When might this be used? – The code is primarily given to allow for input or actions to take place without causing changes to the user agent’s active view, although any new information should be applied to the document currently in view.
The server successfully processed the request, but is not returning any content. Unlike a 204 response, this response requires that the requester reset the document view.
When might this be used? – This is usually seen when a user completes a form and the server sends a request to the browser to clear the form. It is similar to a 204 code but asks the user to reset the document view after completion, for example clearing an HTML form after submission.
The server is delivering only part of the resource due to a range header sent by the client. This is usually used by advanced caching tools when the user only requests part of or a small section of content on a page and the server responds by showing only that selection.
When might this be used? – This code is usually given as a result of an If-Range request that is used in a strong cache validator. The request is also required to include the range header area, which is used to set the parameters for what content is displayed.
The message body that follows is an XML message and can contain a number of separate response codes, depending on how many sub-requests were made.
This class of status code indicates that further action needs to be taken by the user agent to complete the request. The action may be carried out by the user or may include a different request to the server.
Very basically, this code tells the user that the resource has been moved and the server responds with a list of alternate location options where the user agent can select the most appropriate resource.
When might this be used? – Typically this might be seen when the server thinks that the URL provided by the user (i.e. the browser) is not specific enough and further selection needs to be made from additional choices. This usually happens where a URL is requested that is for a high level directory where a user must select the specific file to access.
This is a hugely common and widely used request. It means that requests for that resource and all future requests should be directed to the new given URI.
When might this be used? – When a page no longer exists or a link provided from a third party is ‘broken’ or incomplete. The 301 response tells the user that the given resource is moved to the stated source (usually handled in the .htaccess file on apache servers).
This code essentially tells the user that the location of the resource that was requested has been temporarily moved to a new location and the 302 response should include the new location the user should request.
When might this be used? – This has quite a few uses, many of which are not what the code was originally intended for. It was originally intended as a primary way of creating a temporary redirect; however there are other ethical and unethical uses for these codes.
This code indicates to the user that the requested resource can be found at a URL other than the one requested. It doesn’t mean that anything has been moved necessarily it is just specifying the address where the response should be requested.
When might this be used? – This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource.
This code means that the user has requested a document/resource only if it has been modified since the last cache date of the document stored by the user.
When might this be used? – If the response from the server says that the documents’ If-Modified-Since or If-Match is the same as that of the cached copy that the user has a cached version of there is no need to re-send the resource and thus a 304 Not modified code is used.
This code tells the user that access to the requested resource is only available through a proxy which is specified in the response.
When might this be used? – This code is often presented in relation to security considerations that govern access to the requested URL resources.
306 Switch Proxy
This code originally meant “Subsequent requests should use the specified proxy” but is no longer used and is reserved.
This code is returned when a resource is temporarily available at a different URL which is also returned. There is little difference between this and a 302 code other than that this code was created as a less ambiguous version of the 302.
When might this be used? – In much the same ways as he 302 code and the user should continue to request the original URL for future requests or until a new response code is applied.
4xx Client Error
The 4xx class of status code is intended for cases in which the client seems to have made a mistake or the location never existed/no longer exists but is yet to have a 3xx code applied. These status codes are applicable to any request method.
The request cannot be fulfilled due to bad syntax.
When might this be used? – When the user requests information but in doing so disobeys the rules regarding the hypertext transfer protocol. The request should not be repeated without modification to the syntax.
This code is in relation to a request for a resource that requires user authentication. A 401 response indicates that the authorisation had been refused for the credentials that the user provided.
When might this be used? – When the user makes a server request using the wrong credentials (username and/or password)
Reserved for future use. However the original intention was that this code might be used as part of some form of digital cash or micropayment scheme, but that has not happened, and this code is not usually used.
When might this be used? – Apple’s old MobileMe service generated a 402 error if the MobileMe account was misusing the service. In addition, YouTube uses this status if a particular IP address has made excessive requests, and requires the person to enter a CAPTCHA.
The user is attempting to request a resource that it does not have access to and authentication will not change this.
When might this be used? – Basically, if the user’s request is valid but the server doesn’t allow access to the resource for some reason. Usually because the resource is not meant for public access.
We all know what these are right? This means that the resource requested cannot be found but may be accessible in the future. Subsequent requests by the client are permissible; however in most cases a 3xx code is applied to redirect the resource to the present the user with an alternate location or resource.
When might this be used? – Quite often when a page is removed or a link to an old page is left without a 3xx redirect. Usually in this case a custom page is generated through the server error handling code that will show the user a standard 404 error page.
The method by which you are making your resource request is not allowed. E.g. Using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource.
When might this be used? – 405 errors are presented in relation to particular objects on a web site that is requested, for example the request line on a script is different to that of the user request that is asking to use the script.
The requested resource is only able to generate content that is not acceptable to that of the Accept headers in the request itself. The browser can indicate to the server the data characteristics that the data will accept from the server.
When might this be used? – If the file format of the resource requested is not in a format that the user is capable of understanding. We are talking about coding language here not French!
Similar to a 401 code, a 407 code means that the client must first authenticate itself with the proxy. To do this and pass authentication the proxy must return a Proxy-Authenticate header field that meets the challenge presented by the server.
When might this be used? – When the server thinks that the data request from the client was correct but access to the resource is only available through a proxy server authentication. Typically a log in challenge on a proxy server first.
The server timed out waiting for the request from the user that failed to respond in the time allowed by the server.
When might this be used? – According to W3 HTTP specifications: “The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time.”
Indicates that the request could not be processed because of conflict in the request, such as an edit conflict.
When might this be used? – You may receive this code when uploading a file to a web server that is older than the one already there causing a conflict in version control.
Indicates that the resource requested is no longer available and will not be available again either through deletion or access removal. The user should not make a request for this location again.
When might this be used? – If a resource is no longer available at the server and no forwarding address is known and the server does not know or is unable to tell if the 404 code should be used.
The request did not specify the length of its content, which is required by the requested resource.
When might this be used? – The browser did not define the requested content’s length in the request header. The server won’t accept a request without a valid Content-Length header field.
The server does not meet one of the preconditions that the requester put on the request. In other words; one or more of the request headers responded with a ‘false’ attribute.
When might this be used? – If the header request that is making a valid request of the resource that specific request is not acceptable for that specific resource.
A 413 code is presented when the request that was sent to the server is larger than the server is willing or able to process.
When might this be used? – When using the POST method on a form the content is larger than the server can process due to constraints either physically or by design.
This code it given by a server when the URL requested by the user is longer than the server is bale to process.
When might this be used? – When a POST request is converted to a GET request. A POST request allows for unlimited amounts of data to be sent by tagging it to the request itself; however if this request were to be converted into a GET request then the request allows the form data to be appended to the URL, which can make it longer than is accepted.
A 415 response is sent to indicate that a server has noticed that part of the request was made in an unsupported format that the server is expecting based on requested resource.
When might this be used? – When the request didn’t specify any media types that the resource or server supports. For example, the user requests an image with a file extension that the server doesn’t support. The server knows what is being asked for but it doesn’t understand the format that it is being asked to provide the resource.
This response code is presented to the user when a request for a portion of the resource is requested when that portion cannot be supplied.
When might this be used? – When the server is asked for the XXX – YYY bytes of a resource but the resource is smaller than that of the request.
The server cannot meet the requirements of the Expect request-header field.
When might this be used? – Quite self-explanatory; One of the request headers sent to the server, the ‘Expect’ header indicated an expectation that the server could not meet.
This code was defined in 1998 as one of the traditional IETF April Fools’ jokes, in RFC 2324, Hyper Text Coffee Pot Control Protocol, and is not expected to be implemented by actual HTTP servers.
When might this be used? – For a nerdy laugh almost 15 years ago.
The request was well-formed but was unable to be followed due to semantic errors.
When might this be used? – This error condition may occur if an XML request body contains well-formed (i.e., syntactically correct), but semantically erroneous, XML instructions.
The resource that is being accessed is locked. The lock must be released or proper identification given before the resource can be accessed.
When might this be used? – When the resource is exactly that. Locked. Usually for security.
Indicates the method was not executed on a particular resource within its scope because some part of the method’s execution failed causing the entire method to be aborted.
This code is presented when a resource is defined in drafts of “WebDAV Advanced Collections Protocol”, but not present in “Web Distributed Authoring and Versioning Ordered Collections Protocol”.
This code will be reported to the user when it should switch to a different, newer protocol.
When might this be used? – Usually when a browser is using older protocols than that of the server handling the requests.
The origin server requires the request to be conditional. Intended to prevent “the ‘lost update’ problem, where a client GETs a resource’s state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.”
When might this be used? – By requiring requests to be conditional, the server can ensure that clients are working with the correct copies. If they aren’t, the user will receive a 428 code.
This is a response set by the server in an attempt to limit request rates.
When might this be used? – When the user has sent too many requests in a given amount of time this code is reported.
431 Request Header Fields Too Large
The server is unwilling to process the request because either an individual header field, or all the header fields collectively, are too large.
When might this be used? – Basically, when the request header from the user is larger than the server is able or willing to handle. The request may be resubmitted after reducing the size of the request header fields.
Used in Nginx logs to indicate that the server has returned no information to the client and closed the connection.
When might this be used? – Usually used as a deterrent to malware.
449 Retry With (Microsoft)
A Microsoft extension that states a request should be retried after performing the appropriate action.
When might this be used? – This code is often generated when a set of parameters are not appropriate to the action requested. Usually in a custom application or basic search engine.
A Microsoft extension. This error is given when Windows Parental Controls are turned on and are blocking access to the given webpage.
When might this be used? – When parents (who know about this feature) use parental control and access id being requested to a blocked resource. Bad kids!
“A New HTTP Status Code for Legally-restricted Resources” .Intended to be used when resource access is denied for legal reasons, e.g. censorship or government-mandated blocked access.
5xx Server Error
The server failed to fulfil an apparently valid request.
These server responses are often shown when the user makes a request that the server is incapable of completing for whatever reason. The server should include a message for the browser to display to the user, showing the code and explaining whether or not the error is temporary or permanent.
A 500 Error message is a generic error message that is given when no more specific message is suitable.
When might this be used? – When a resource or link is created on the server (like a calendar resource in a booking system) that technically doesn’t exist as a link or an accessible resource yet appears as a link to the user.
The server either does not understand the request method, or it doesn’t have the ability to complete the request.
When might this be used? – You may see this when the server doesn’t support the normal request protocols such as GET, OPTIONS, HEAD and POST etc.
A 502 response is shown when the server was acting as a gateway or proxy and received an invalid response from the upstream server.
When might this be used? – Usually when the upstream server and the proxy/gateway do not agree on the protocols in the request and as a result generate an error when exchanging data.
The server is currently unavailable because it is overloaded or down for maintenance. Generally, this is a temporary state.
When might this be used? – When a site is experiencing a high level of demand that its servers cannot handle.
When exchanging data with a proxy/gateway server the gateway fails to respond to a request in the pre-defined timeframe.
When might this be used? – When using a proxy/gateway server to exchange data and the two servers are waiting for responses.
The server does not support the HTTP protocol version used in the request.
When might this be used? – Exactly as it says above! When the HTTP protocol is older than the server likes and no longer supports.
This indicates that the server has an internal configuration issue and a transparent content negotiation for the request that has no end point.
When might this be used? – When the server is not set up correctly to handle the request and a negotiation loop ensues.
The server is unable to store the data from the user needed to complete the request fully.
When might this be used? – When the server is already at capacity and the user makes a request for a resource that the server has stored. The issue is that the server does not have the storage to store the data that is sent in the request to then send the requested resource.
This status code, while used by many servers, is not specified in any RFCs and requires the correct implementation on apache servers.
When might this be used? – When the correct extension is implemented to an apache server and bandwidth set by the ISP is soon to be exceeded. There are different threshold settings to chose from.
Further extensions to the request are required for the server to complete the request.
When might this be used? – When the server requires more information from the request than is given.
The user needs authentication to gain network access. Intended for use by intercepting proxies that control access to the network.
When might this be used? – When the user is required to agree to Terms of Service before granting full Internet access via a Wi-Fi hotspot or third party network.
Loads aren’t there! I hope this list is a useful resource to you all and if I have missed any off (I think there are one or two that are completely useless or so out of date that I don’t know of them) please feel free to add them in the comments section below. Please share this post with your colleagues as it might help them too!