VibeGear
Inspectors

HTTP status codes

Every status code, what it means, when you’ll see it.

Install for Chrome →All features

Tools → Inspect → HTTP status reference · 7-day free trial · Premium $9.99 / yr

Try it now·runs locally · nothing uploaded
49 of 49 status codes
  • 100ContinueInformational
    Initial request received, continue with the body.
    The client sent Expect: 100-continue and the server is OK to proceed.
  • 101Switching ProtocolsInformational
    Server is switching to the protocol the client requested via Upgrade.
    Most commonly seen for WebSocket upgrades.
  • 102ProcessingInformational
    Server has received and is processing — no answer yet (WebDAV).
    Rarely seen outside WebDAV. RFC 2518.
  • 103Early HintsInformational
    Preliminary hints (often Link headers) before the final response.
    Lets browsers preconnect / preload before the real headers arrive.
  • 200OKSuccess
    The request succeeded.
    Default success. Body has the result for GET; depends on method otherwise.
  • 201CreatedSuccess
    A new resource was created.
    Common for POST that creates. Location header should point to it.
  • 202AcceptedSuccess
    Request accepted, processing happens asynchronously.
    Use for queued jobs. Body usually has a status URL or job ID.
  • 204No ContentSuccess
    Success, but the body is empty.
    Common for DELETE or PUT where the client already has the new state.
  • 205Reset ContentSuccess
    Success — client should reset the form / view.
    Niche. Used by browsers to clear forms.
  • 206Partial ContentSuccess
    Range request succeeded; this is part of the resource.
    Server returns Content-Range. Used for resumable downloads, video seeking.
  • 301Moved PermanentlyRedirection
    The resource has a new permanent URL.
    Update bookmarks, search engines, links. Client may switch GET → POST. Use 308 if you want to keep the method.
  • 302FoundRedirection
    Temporary redirect — original URL still authoritative.
    Most clients turn POST into GET when following. Use 307 to keep the method.
  • 303See OtherRedirection
    Follow with GET, regardless of original method.
    Classic POST-redirect-GET pattern after form submission.
  • 304Not ModifiedRedirection
    Cached copy is still good.
    Returned when If-None-Match (ETag) or If-Modified-Since matches.
  • 307Temporary RedirectRedirection
    Like 302 but the method is preserved.
    POST stays POST. Safer than 302 for non-GET requests.
  • 308Permanent RedirectRedirection
    Like 301 but the method is preserved.
    Permanent + method-preserving. Newer code; use this over 301 when you want POST to stay POST.
  • 400Bad RequestClient error
    Server can’t parse / accept the request as sent.
    Malformed JSON, missing required field, invalid query — your bug. Check request body and headers.
  • 401UnauthorizedClient error
    You need to authenticate.
    Misnamed — "401 Unauthenticated" would be accurate. Means: no/bad credentials. WWW-Authenticate header tells you how.
  • 402Payment RequiredClient error
    Reserved for future use; sometimes used for "trial expired".
    Stripe and a few SaaS APIs use it. Not standardized.
  • 403ForbiddenClient error
    Authenticated, but not allowed to do this.
    Different from 401 — credentials were accepted, the action isn’t. Check permissions / role.
  • 404Not FoundClient error
    No resource at this URL.
    Could be a wrong path, a deleted record, or — sneakily — server "hide" of a 403.
  • 405Method Not AllowedClient error
    URL exists, but not for this HTTP method.
    E.g. DELETE on a read-only endpoint. Allow header lists what works.
  • 406Not AcceptableClient error
    Server can’t produce a response in the format you asked for.
    Your Accept header doesn’t match anything the server can serve.
  • 408Request TimeoutClient error
    Server gave up waiting for the client to finish sending.
    Slow upload, idle keep-alive. Retry might work.
  • 409ConflictClient error
    Request conflicts with current resource state.
    Common for unique-constraint violations, optimistic-locking failures, duplicate IDs.
  • 410GoneClient error
    Permanently removed — and the server says so deliberately.
    Stronger than 404. Used to deprecate endpoints.
  • 411Length RequiredClient error
    Send Content-Length.
    Some servers refuse chunked uploads on certain endpoints.
  • 412Precondition FailedClient error
    A header precondition (If-Match, If-Unmodified-Since) didn’t match.
    Used by APIs that implement optimistic concurrency via ETags.
  • 413Payload Too LargeClient error
    Request body exceeded the server’s limit.
    Often surfaces as nginx’s "client_max_body_size" being too low.
  • 414URI Too LongClient error
    URL too long to process.
    Usually means too many query params. Switch to POST with a body.
  • 415Unsupported Media TypeClient error
    Server can’t handle this Content-Type.
    Often: you sent text/plain when application/json was expected, or vice versa.
  • 416Range Not SatisfiableClient error
    Your byte range is outside the resource.
    Asked for bytes=1000-2000 on a 500-byte file.
  • 418I’m a teapotClient error
    A coffee-pot HTTP joke from RFC 2324, kept alive by frameworks for fun.
    Not for real apps. Some teams use it as "do not call this endpoint, it’s deprecated".
  • 422Unprocessable EntityClient error
    Body parsed fine but the data is semantically invalid.
    Standard for validation errors on JSON APIs (Rails and Laravel default to this).
  • 425Too EarlyClient error
    Server isn’t willing to process a replayed early-data request.
    TLS 1.3 0-RTT replay protection. Almost never seen at the application layer.
  • 426Upgrade RequiredClient error
    Switch to a different protocol (often a newer TLS version).
    Server sets Upgrade header to tell you what to switch to.
  • 428Precondition RequiredClient error
    Server requires a precondition header (If-Match) you didn’t send.
    Prevents the "lost update" problem on PUT.
  • 429Too Many RequestsClient error
    Rate limit exceeded. Slow down.
    Look for Retry-After header (seconds or HTTP date). Most APIs return this.
  • 431Request Header Fields Too LargeClient error
    Headers are too big.
    Cookie monster, runaway proxies, or oversized auth tokens.
  • 451Unavailable For Legal ReasonsClient error
    Geofenced / DMCA / court-ordered block.
    Number is a 451 reference. Apple Music returns this for region-locked content.
  • 500Internal Server ErrorServer error
    Generic "something blew up on the server".
    The catch-all for unhandled exceptions. Check server logs.
  • 501Not ImplementedServer error
    Server doesn’t know how to handle the method.
    E.g. PATCH on a server that only does GET / POST.
  • 502Bad GatewayServer error
    Upstream returned garbage.
    Reverse proxy got an invalid response from your app server. Often: the app crashed.
  • 503Service UnavailableServer error
    Down for maintenance / overloaded.
    Retry-After tells you when to come back. Cloudflare uses this for rate limiting too.
  • 504Gateway TimeoutServer error
    Upstream took too long.
    Reverse proxy timed out waiting for your app. Look at long-running queries / external API calls.
  • 505HTTP Version Not SupportedServer error
    Server doesn’t support the HTTP version in the request.
    Almost never seen — clients use 1.1 / 2 / 3 which all servers handle.
  • 507Insufficient StorageServer error
    Server is out of disk for this operation (WebDAV).
    Niche outside file-server APIs.
  • 508Loop DetectedServer error
    Infinite loop in WebDAV processing.
    Niche.
  • 511Network Authentication RequiredServer error
    Captive portal is blocking you.
    Hotel / airport WiFi sign-in pages return this.
Want this and 50 more tools at one keyboard shortcut, with collections and persistence?Install free trial →
Premium

Built for the things AI can’t fake

This tool runs free, right here. The extension adds three things a web widget can’t:

Start 7-day trial
★ Flagship

Playground

JS / TS scratchpad — sandboxed and instrumented.

Paste real code, hit Run. Console + network monitor + watch expressions all in one panel.

  • ·Real ES modules · top-level await
  • ·URL imports — esm.sh & friends
  • ·Live fetch monitor (every call)
  • ·Watch expressions in your scope
  • ·10s sandbox timeout · zero CORS pain

HTTP client

Postman-style request runner.

Save collections, share variables, hit any API. Includes GraphQL with introspection, OpenAPI / cURL import.

  • ·Bearer / Basic / API-key auth
  • ·GraphQL · introspection
  • ·OpenAPI 3.x · cURL import
  • ·Copy as fetch / axios / Python

Realtime (WS + SSE)

Stream-protocol tester — what Postman doesn’t do well.

WebSocket + Server-Sent Events with custom auth headers, auto-reconnect, JSON pretty-print.

  • ·wss:// + ws:// + subprotocols
  • ·SSE via fetch — Authorization works
  • ·Auto-reconnect with backoff
  • ·Send composer · ⌘ + Enter

What it does

A reference of every HTTP status code that matters in real applications, with a one-line summary and a "what causes this and what do I do about it" note. Searchable, filterable.

Why use VibeGear's http status codes

Related tools

User-Agent parser

Paste a UA, see browser / OS / device / bot.

HTTP client

Premium

Test any API — methods, headers, auth, body, all in one tab.

Premium

One install. Every tool above.

7 days free, then VibeGear Premium is $9.99 / €9.99 per year. Everything runs locally.

Install & start trial →