When a browser sends a request to a web server, a response is generated and sent back that consists of a status line, some response headers, a blank line, and the document. A minimal example might look like this:
The status line consists of the HTTP version, an integer that is interpreted as a status code, and a very short message corresponding to the status code. The ‘Content-Type’ header specifies the MIME type of the document that follows. Other response headers are usually optional.
Servlets can perform a variety of tasks by manipulating the status line and the response headers. For example, they can forward the user to other sites; indicate that the attached document is an image, or PDF file; inform the user that a password is required to access the document; and so forth.
Not all responses contain a document. Responses to HEAD requests should never include a document, and there are a variety of status codes that essentially indicate failure, and either don't include a document or only include a short “error message document”.
The most commonly used status codes are 200, 404 and 302.
There five types of status codes, neatly arranged in five blocks of one hundred for easy recognition and with an eye on future expansion as not all slots are filled yet:
The possible HTTP status codes are listed with their associated messages, along with a short description and the version of HTTP in which each status code was introduced. The messages may be sorted alphabetically by clicking their column header, and optionally set to .
| Code | Message | Description | Version |
|---|---|---|---|
| 100 | Continue | Continue with partial request. | 1.1 |
| 101 | Switching Protocols | Server will comply with Upgrade header and change to
different protocol. | 1.1 |
| 200 | OK | Everything's fine; document follows for GET and
POST requests. This is the default at well maintained servers. | 1.0 |
| 201 | Created | Server created a document; the Location header indicates its URL. | 1.0 |
| 202 | Accepted | Request is being acted upon, but processing is not completed. | 1.0 |
| 203 | Non-Authoritative Information | Document is being returned normally, but some of the response headers might be incorrect since a document copy is being used. | 1.1 |
| 204 | No Content | No new document; browser should continue to display previous document.
This is a useful if the user periodically reloads a page and you
can determine that the previous page is already up to date. However,
this does not work for pages that are automatically reloaded via
the Refresh response header or the equivalent
<meta http-equiv="Refresh" ...> header, since returning
this status code stops future reloading. JavaScript-based
automatic reloading could still work in such a case, though. | 1.0 |
| 205 | Reset Content | No new document, but browser should reset the document view, clearing cgi form fields etc. | 1.1 |
| 206 | Partial Content | Client sent a partial request with a Range header, and server
has fulfilled it. | 1.1 |
| 300 | Multiple Choices | Document requested can be found several places; they 'll be listed in
the returned document. If server has a preferred choice, it
should be listed in the Location response header. | 1.0 |
| 301 | Moved Permanently | Requested document is elsewhere, and the URL for it is given in
the Location response header. Browsers should
automatically follow the link to the new URL. | 1.0 |
| 302 | Found | Similar to 301, except that the new URL should be interpreted as
a temporary replacement, not a permanent one. The message was
"Moved Temporarily" in HTTP 1.0. Browsers should
automatically follow the link to the new URL.
This status code is sometimes used interchangeably with 301. On a request
for http://domain/path missing the trailing slash, some servers
will send 301 and others will send 302.
Technically, browsers are only supposed to automatically follow the redirection if the original request was GET. See the 307 header for details. | 1.0 |
| 303 | See Other | Like 301 and 302, except that if the
original request was POST, the
redirected document (given in the Location header)
should be retrieved via GET. | 1.1 |
| 304 | Not Modified | Client has a cached document and
performed a conditional request (usually by supplying an
If-Modified-Since header indicating that it only wants
documents newer than a specified date). This tells client that the old, cached document should still be used. | 1.0 |
| 305 | Use Proxy | Requested document should be retrieved via the proxy listed in
Location header. | 1.1 |
| 307 | Temporary Redirect | This is identical to 302 ("Found" or "Temporarily Moved"). It
was added to 1.1 since many browsers erroneously followed the redirection
on a 302 response even if the original message was a POST, even though
it really ought to have followed the redirection of a POST request
only on a 303 response. This response is intended to be unambigously
clear: follow redirected GET and POST requests
in the case of 303 responses, only follow the redirection for GET
requests in the case of 307 responses.
| 1.1 |
| 400 | Bad Request | The request contained a syntax error and was not understood. | 1.0 |
| 401 | Unauthorized | Client tried to access password-protected page without proper authorization.
Response should include a WWW-Authenticate header that the browser would
use to pop up a username/password dialog box, which then comes back
via the Authorization header. | 1.0 |
| 403 | Forbidden | Resource is not available, regardless of authorization. Often the result of bad file or directory permissions on the server. | 1.0 |
| 404 | Not Found | No resource could be found at that address. This is the standard "no such page" response. Browsers and servers a like usually have elaborate default pages ready for this status, with useless advice. | 1.0 |
| 405 | Method Not Allowed | The request method (GET, POST, HEAD,
DELETE, PUT, TRACE, etc.) was
not allowed for the requested resource. | 1.1 |
| 406 | Not Acceptable | Resource indicated generates a MIME type incompatible with that
specified by the client via its Accept header.
| 1.1 |
| 407 | Proxy Authentication Required | Similar to 401, but proxy server must return a Proxy-Authenticate
header. | 1.1 |
| 408 | Request Timeout | The client took too long to send the request. | 1.1 |
| 409 | Conflict | Usually associated with PUT requests; used for situations such
as trying to upload an incorrect version of a file. | 1.1 |
| 410 | Gone | Document is gone; no forwarding address known. Differs from 404 in
that the document is known to be permanently gone in this case,
not just unavailable for unknown reasons as with 404.
| 1.1 |
| 411 | Length Required | Server cannot process request unless client sends a
Content-Length header. | 1.1 |
| 412 | Precondition Failed | Some precondition specified in the request headers was false. | 1.1 |
| 413 | Request Entity Too Large | The requested document is bigger than the server can
handle now. If the server thinks it can handle it later, it
should include a Retry-After header.
| 1.1 |
| 414 | Request URI Too Long | The URI is too long. | 1.1 |
| 415 | Unsupported Media Type | The request is in an unknown format. | 1.1 |
| 416 | Requested Range Not Satisfiable | Client included an unsatisfiable Range header in the request.
| 1.1 |
| 417 | Expectation Failed | Value in the Expect request header could not be met.
| 1.1 |
| 500 | Internal Server Error | Generic "server is confused" message. It is often the result of CGI programs or servlets that crash or return improperly formatted headers. | 1.0 |
| 501 | Not Implemented | Server doesn't support functionality to fulfill request. Used,
for example, when client issues an advanced command like PUT. | 1.0 |
| 502 | Bad Gateway | Used by servers that act as proxies or gateways; indicates that initial server got a bad response from the remote server. | 1.0 |
| 503 | Service Unavailable | Server cannot respond due to maintenance or overloading. For example,
a servlet might return this header if some thread or database connection
pool is currently full. Server may supply a Retry-After header. | 1.0 |
| 504 | Gateway Timeout | Used by servers that act as proxies or gateways; indicates that initial server didn't get a response from the remote server in time. | 1.1 |
| 505 | HTTP Version Not Supported | Server doesn't support version of HTTP indicated in request line. | 1.1 |