HTTP Status Codes

Quick reference for all HTTP status codes — Standard (RFC), Cloudflare, Nginx, and more.

Quick Lookup CLI

# Install (requires jq)
git clone git@github-0xphuong:0xphuong/http-status-codes.git
cd http-status-codes
sudo ln -s $(pwd)/hsc /usr/local/bin/hsc

# Usage
hsc 404          # lookup by code
hsc timeout      # search by keyword
hsc cloudflare   # list all Cloudflare codes
hsc 5xx          # list a category
hsc list         # list all codes

Requires: jq — brew install jq or apt install jq

---

1xx — Informational

Code	Name	Description
100	Continue	Server received headers; client should proceed with the body
101	Switching Protocols	Server is switching protocols (e.g. HTTP → WebSocket)
102	Processing	Server received and is processing; no response yet (WebDAV)
103	Early Hints	Preload hints while server prepares the final response

---

2xx — Success

Code	Name	Description
200	OK	Request succeeded
201	Created	Request succeeded; new resource created
202	Accepted	Request accepted; processing not yet complete
203	Non-Authoritative Information	Response modified by a transforming proxy
204	No Content	Request succeeded; no content in response
205	Reset Content	Request succeeded; client should reset the document view
206	Partial Content	Partial resource returned (range request)
207	Multi-Status	Status for multiple operations (WebDAV)
208	Already Reported	DAV binding members already enumerated (WebDAV)
226	IM Used	Response is the result of instance-manipulations

---

3xx — Redirection

Code	Name	Description
300	Multiple Choices	Multiple options for the resource
301	Moved Permanently	URL permanently changed; update bookmarks
302	Found	Temporary redirect; method may change
303	See Other	Redirect to different URL using GET
304	Not Modified	Cached version is still valid
305	Use Proxy	⚠️ Deprecated. Must use proxy
307	Temporary Redirect	Temporary redirect; method and body must not change
308	Permanent Redirect	Permanent redirect; method and body must not change

---

4xx — Client Errors

Code	Name	Source	Description
400	Bad Request	RFC 9110	Invalid syntax in the request
401	Unauthorized	RFC 9110	Authentication required
402	Payment Required	RFC 9110	Reserved; used by some APIs for quota/billing
403	Forbidden	RFC 9110	Client has no permission
404	Not Found	RFC 9110	Resource not found
405	Method Not Allowed	RFC 9110	HTTP method not allowed for this resource
406	Not Acceptable	RFC 9110	Cannot produce response matching Accept headers
407	Proxy Authentication Required	RFC 9110	Must authenticate with proxy
408	Request Timeout	RFC 9110	Server timed out waiting for the request
409	Conflict	RFC 9110	Request conflicts with current state
410	Gone	RFC 9110	Resource permanently deleted
411	Length Required	RFC 9110	Content-Length header required
412	Precondition Failed	RFC 9110	Conditional request failed
413	Content Too Large	RFC 9110	Request body exceeds server limit
414	URI Too Long	RFC 9110	URI is too long
415	Unsupported Media Type	RFC 9110	Media format not supported
416	Range Not Satisfiable	RFC 9110	Range header cannot be fulfilled
417	Expectation Failed	RFC 9110	Expect header cannot be met
418	I'm a Teapot	RFC 2324	🫖 April Fools. Server refuses to brew coffee
421	Misdirected Request	RFC 9110	Request sent to wrong server
422	Unprocessable Content	RFC 9110	Well-formed but semantic errors (WebDAV)
423	Locked	RFC 4918	Resource is locked (WebDAV)
424	Failed Dependency	RFC 4918	Previous request it depended on failed (WebDAV)
425	Too Early	RFC 8470	Server won't risk processing a replay-able request
426	Upgrade Required	RFC 9110	Client must switch protocol (e.g. TLS)
428	Precondition Required	RFC 6585	Request must be conditional
429	Too Many Requests	RFC 6585	Rate limit exceeded
431	Request Header Fields Too Large	RFC 6585	Header fields too large
444	No Response	Nginx	Nginx closed connection without sending a response (bot blocking)
449	Retry With	Microsoft	Retry after performing action (IIS)
451	Unavailable For Legal Reasons	RFC 7725	Blocked by legal demand (DMCA, government)
494	Request Header Too Large	Nginx	Request header too large
495	SSL Certificate Error	Nginx	Client certificate error
496	SSL Certificate Required	Nginx	Client did not provide certificate
497	HTTP Sent to HTTPS Port	Nginx	Plain HTTP sent to HTTPS port
499	Client Closed Request	Nginx	Client closed the connection before server responded

---

5xx — Server Errors

Code	Name	Source	Description
500	Internal Server Error	RFC 9110	Unexpected server error
501	Not Implemented	RFC 9110	Server does not support the functionality
502	Bad Gateway	RFC 9110	Invalid response from upstream server
503	Service Unavailable	RFC 9110	Server overloaded or down for maintenance
504	Gateway Timeout	RFC 9110	Upstream server did not respond in time
505	HTTP Version Not Supported	RFC 9110	HTTP version not supported
506	Variant Also Negotiates	RFC 2295	Circular reference in content negotiation
507	Insufficient Storage	RFC 4918	Not enough storage (WebDAV)
508	Loop Detected	RFC 5842	Infinite loop detected (WebDAV)
509	Bandwidth Limit Exceeded	Apache	Bandwidth limit exceeded
510	Not Extended	RFC 2774	Further extensions required
511	Network Authentication Required	RFC 6585	Captive portal — network login required

---

Cloudflare-specific (52x–53x)

Cloudflare errors occur between Cloudflare and your origin server. The client request reached Cloudflare fine.

Code	Name	Typical Cause	Fix
520	Web Server Returns Unknown Error	Origin crashed or returned garbage	Check origin error logs
521	Web Server Is Down	Origin refused connection	Check origin is running, firewall allows Cloudflare IPs
522	Connection Timed Out	TCP handshake to origin timed out	Check origin is reachable from Cloudflare IPs
523	Origin Is Unreachable	DNS failure or origin offline	Check DNS, check origin server is up
524	A Timeout Occurred	Origin connected but no HTTP response within 100s	Optimize slow queries, increase timeout
525	SSL Handshake Failed	SSL negotiation failed with origin	Check SSL cert on origin, ensure TLS version compatibility
526	Invalid SSL Certificate	Origin SSL cert invalid or self-signed	Install valid cert on origin or use "Full" SSL mode
527	Railgun Error	⚠️ Deprecated Railgun connection issue	Railgun is discontinued
530	Site is Frozen / 1xxx	Account suspended or internal Cloudflare error	Check Cloudflare dashboard for 1xxx sub-error code

Cloudflare 1xxx error codes (inside 530 responses)

Code	Meaning
1000	DNS resolution error
1001	DNS resolution failed
1002	Restricted or DNS points to prohibited IP
1003	Access denied — Direct IP access not allowed
1004	Host not configured to serve web traffic
1010	Owner of this resource has banned your IP
1011	Owner of this resource has banned your IP (hotlinking)
1012	Access denied
1013	HTTP hostname and TLS SNI hostname mismatch
1016	Origin DNS error
1018	Cannot find requested host
1020	Access denied (WAF rule)

---

Quick cheatsheet — Diagnose by code

You see	Likely cause
400	Malformed request — check request body/headers
401	Missing/invalid auth token
403	Wrong permissions — check IAM/ACL/firewall
404	Wrong URL, resource deleted, or route not defined
408 / 499	Client too slow or dropped — check network/proxy timeout
413	Body too large — check nginx client_max_body_size
429	Rate limited — implement backoff/retry
499	Client (browser/CLI) gave up — increase timeout
500	App crashed — check application logs
502	App not running or crashed — check upstream/reverse proxy
503	App overloaded or deploying — check health checks
504	App too slow — check DB queries, external calls
520	Cloudflare → origin: garbage response
521	Cloudflare → origin: connection refused
522	Cloudflare → origin: TCP timeout
523	Cloudflare → origin: DNS/routing failure
524	Cloudflare → origin: HTTP timeout (>100s)
525/526	Cloudflare → origin: SSL issue

---

Data

Machine-readable data available at data/codes.json.

# Get all 5xx codes as JSON
jq '[to_entries[] | select(.value.category == "5xx") | .value]' data/codes.json

# Get all Cloudflare codes
jq '[to_entries[] | select(.value.source == "Cloudflare") | .value]' data/codes.json