HTTP 404 Not Found means the server cannot find the requested resource. It may be permanently gone, the URL may be mistyped, or the content may have been deleted. For permanently deleted content, use 410 Gone instead — Google deindexes 410 URLs faster than 404s. For restricted content you don't want users to know exists, return 404 rather than 403.

HTTP 200 OK means the request succeeded. For GET: the body contains the requested resource. For POST: the body contains the result of the action. For PUT/PATCH: the body contains the updated resource. Use 201 Created when a new resource is created via POST, and 204 No Content when the operation succeeds but there is nothing to return.

HTTP Status Code Reference

Q: What is the difference between 401 and 403?

401 Unauthorized means the client is not authenticated — the server does not know who you are. Think: 'Who are you? Please log in.' 403 Forbidden means the client is authenticated but does not have permission. Think: 'I know who you are, but you can't come in.' Always include WWW-Authenticate in a 401 response. 403 should be returned when re-authenticating won't help.

Q: What is HTTP 500 Internal Server Error?

HTTP 500 Internal Server Error is a generic catch-all for server-side errors. The server encountered an unexpected condition preventing it from fulfilling the request. Common causes: unhandled exceptions, database failures, null reference errors, configuration errors. Never expose stack traces or internal paths to clients. Log the full error server-side and return a generic user-facing message.

Q: What is HTTP 429 Too Many Requests?

HTTP 429 means the client has sent too many requests in a given time window. This is a rate limiting response. It should include a Retry-After header indicating when the client can retry. Best practice: also include X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers so clients understand their quota.

Q: What is the difference between 301 and 302 redirects?

301 Moved Permanently means the resource has permanently moved. Search engines pass PageRank through 301s and update their index to the new URL. 302 Found is a temporary redirect — search engines index the original URL and no PageRank is passed. Use 301 for permanent URL changes (HTTP to HTTPS, domain migrations). Use 302 for temporary redirects (A/B tests, maintenance pages).

Q: What does HTTP 503 mean?

HTTP 503 Service Unavailable means the server is temporarily unable to handle requests, typically due to overload or maintenance. It should include a Retry-After header so clients know when to retry. Googlebot will temporarily reduce its crawl rate for sites returning 503s. If persistent for days, Google may begin removing affected URLs from its index.

Q: What is HTTP 422 Unprocessable Content?

HTTP 422 means the server understands the request format (it's syntactically valid) but the content fails semantic validation. Use it for form validation errors where the JSON is well-formed but values are invalid (email format wrong, age negative, required relationship missing). Return a detailed error body listing each validation failure. Use 400 for syntactically malformed requests instead.

Q: What is the difference between 302 and 307 redirects?

Both are temporary redirects, but 307 Temporary Redirect guarantees that the HTTP method is preserved (POST stays POST, PUT stays PUT). 302 Found browsers have historically converted POST to GET — the HTTP spec does not guarantee method preservation. Use 307 when you need to temporarily redirect POST requests and must preserve the method. Use 303 See Other to intentionally redirect POST to a GET page.

What Are HTTP Status Codes?

HTTP Status Codes — The Complete Guide for Developers

HTTP status codes are three-digit numbers returned by a web server in response to every HTTP request. They tell the client — a browser, API client, or application — whether the request succeeded, failed, was redirected, or encountered an error. Understanding status codes is foundational for web development, REST API design, debugging, SEO and infrastructure monitoring.

Status codes are standardised in RFC 9110 (HTTP Semantics, 2022), which supersedes RFC 7231. The first digit determines the class of response. Every subsequent digit adds specificity within that class.

Class	Range	Meaning	Client action
1xx	100–199	Informational — request received, processing continues	Usually handled transparently by HTTP client
2xx	200–299	Success — request was received, understood, and accepted	Process the response body
3xx	300–399	Redirection — further action required to complete the request	Follow Location header to new URL
4xx	400–499	Client Error — the request was malformed or cannot be fulfilled	Fix the request before retrying
5xx	500–599	Server Error — the server failed to fulfill a valid request	Retry with backoff; report if persistent

Most Common Codes

The 10 Most Important HTTP Status Codes Every Developer Must Know

HTTP 200 OK — the baseline

200 is the default success response. For GET requests it means the requested resource is in the body. For POST it means the action was completed and the result is in the body. Never return 200 with an error body — this is a common anti-pattern in older APIs that breaks monitoring and client error handling.

HTTP 201 Created — resource born

Return 201 after a POST creates a new resource. Always include a Location: /api/resource/id header pointing to the new resource. Omitting the Location header is a spec violation. If creation is asynchronous (queued), use 202 Accepted instead and point the Location header to a status endpoint.

HTTP 204 No Content — success with nothing to say

Return 204 for successful DELETE operations and PUT/PATCH operations where you do not need to return the updated resource. The response must not include a body — some clients break if you send a body with 204. Also used for CORS preflight responses.

HTTP 400 vs 422 — the malformed vs invalid distinction

Use 400 Bad Request when the request itself is malformed: unparseable JSON, missing Content-Type header, invalid URL structure. Use 422 Unprocessable Content when the request is syntactically valid but semantically wrong: email format invalid, age must be positive, required relationship missing. Return RFC 9457 Problem Details format for structured error responses.

HTTP 401 vs 403 — the authentication vs authorisation distinction

This is the most commonly confused pair in the entire status code spec. 401 Unauthorized means the request lacks valid authentication — the server does not know who you are. Always include WWW-Authenticate header. 403 Forbidden means the client is authenticated but lacks permission — the server knows who you are but refuses access. Re-authenticating will not help a 403. A third option: return 404 instead of 403 when you want to hide that a resource exists at all (security through obscurity, sometimes appropriate).

HTTP 404 vs 410 — gone vs gone forever

404 Not Found is ambiguous — the resource may be temporarily or permanently unavailable. Google typically deindexes a 404 after several crawl cycles over days or weeks. 410 Gone is definitive — the resource is permanently deleted. Google deindexes 410 within one or two crawl cycles. For deleted content you want removed from search results quickly (cancelled accounts, removed products, deprecated endpoints), use 410 deliberately.

HTTP 429 Too Many Requests — rate limiting done right

Always include Retry-After (seconds or HTTP date) so clients know when to retry. Also include X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers so clients can implement proactive throttling rather than reacting to 429s. Implement exponential backoff in clients — naive retry loops after 429 make the rate limiting problem worse.

HTTP 500 Internal Server Error — the critical rule

Never expose internal error details in a 500 response — not stack traces, not file paths, not database connection strings, not error IDs that enumerate internal systems. Log the full error internally with a correlation ID, then return a generic message to the client. Include the correlation ID in the response so users can report it: {"error":"Something went wrong","reference":"ERR-abc123"}. 500s are safe to retry with exponential backoff.

HTTP 503 Service Unavailable — maintenance done right

Always include Retry-After so load balancers and API clients know when to try again. Return an HTML error page for browser requests and JSON for API clients (check the Accept header). Googlebot reduces its crawl rate for sites returning 503. If 503s persist for more than a few days, Google may begin removing affected URLs from search results.

HTTP 301 vs 302 redirects — the SEO difference

301 Moved Permanently passes PageRank (link equity) to the destination URL. Search engines update their index to the new URL. 302 Found does not pass PageRank — Google indexes the original URL, not the destination. Use 301 for all permanent URL changes: HTTP to HTTPS migrations, domain changes, www to non-www. Use 302 for temporary redirects: A/B testing, login redirects, maintenance pages. Avoid redirect chains — go directly to the final destination.

API Design

Choosing the Right Status Code for REST APIs — Practical Decision Guide

GET request outcomes

Scenario	Status code	Notes
Resource found and returned	`200 OK`	Body contains the resource
Resource not found	`404 Not Found`	Or 410 if permanently deleted
Resource exists but user cannot see it	`403 Forbidden` or `404 Not Found`	Use 404 to hide existence
Resource unchanged since cached version	`304 Not Modified`	ETag/Last-Modified match
Partial content (range request)	`206 Partial Content`	Content-Range header required

POST request outcomes

Scenario	Status code	Notes
New resource created immediately	`201 Created`	Location header required
Action completed, no new resource	`200 OK`	Return result in body
Processing async (queued)	`202 Accepted`	Location: status endpoint
Input validation failure	`422 Unprocessable`	List all validation errors
Malformed request body	`400 Bad Request`	Cannot parse the body
Duplicate resource (unique constraint)	`409 Conflict`	Return conflicting resource
Post-redirect-get pattern	`303 See Other`	Prevents form resubmission

DELETE request outcomes

Scenario	Status code	Notes
Resource deleted successfully	`204 No Content`	No body returned
Resource deleted, returning confirmation	`200 OK`	Return deleted resource or confirmation message
Resource not found	`404 Not Found`	Or 204 for idempotent deletes
Cannot delete (has dependents)	`409 Conflict`	Explain constraint in body

SEO Impact

How HTTP Status Codes Affect SEO & Googlebot Crawling

Every status code your server returns to Googlebot directly affects crawl budget, indexing, link equity and how quickly changes take effect in search results.

✅

200 OK — crawled and eligible for indexing — Pages returning 200 are crawled and eligible for indexing. Googlebot respects noindex meta tags and X-Robots-Tag headers on 200 responses. Canonical tags on 200 responses signal the preferred URL to index.

➡️

301 — full PageRank passes, Googlebot updates index to new URL — Google follows 301 redirects and passes essentially all link equity (PageRank) to the destination URL. The destination URL is indexed, not the source. Google follows up to 10 redirect hops before stopping — avoid chains. HTTP to HTTPS 301s are the canonical way to migrate your entire site’s protocol.

↪️

302 — source URL indexed, no PageRank passed — Google temporarily follows 302s but indexes the source URL rather than the destination. No PageRank is passed through 302s. This is intentional — Google assumes the redirect may be reversed. Use 302 only for genuinely temporary redirects. Accidentally using 302 for permanent moves is a common SEO mistake.

🗑️

404 — deindexed after several crawl cycles — Googlebot deindexes 404 URLs after seeing consistent 404s over multiple crawl visits, typically days to weeks. URLs stay in Search Console for 90 days after deindexing. Use 404 for resources that may return — use 410 for content you want removed from search results immediately.

⛔

410 — fastest deindex signal to Google — Google treats 410 as a definitive signal that content is permanently gone and deindexes it much faster than 404 — typically within one or two crawl cycles. Use 410 for deleted user accounts, removed products, deprecated API endpoints, and content you need removed from search results quickly such as DMCA takedowns or GDPR right-to-be-forgotten requests.

⏳

503 — temporary crawl rate reduction, deindex if persistent — Googlebot temporarily reduces crawl frequency for sites returning 503. If 503s persist for more than a few days, Google may begin deindexing affected URLs. Always include Retry-After to signal when the site will be available again. Google Search Console will report crawl errors under Coverage.

💥

500/502/504 — reduce crawl rate, potential deindex — Server errors cause Googlebot to temporarily reduce crawl rate. Sustained server errors (several days) may result in deindexing of affected pages. Monitor Google Search Console’s Coverage report for server error patterns. Use structured logging and alerting to catch 5xx spikes early.

Retry Logic

Which HTTP Status Codes Are Safe to Retry?

A well-designed HTTP client should implement selective retry logic — not all status codes are safe to retry automatically.

Status	Safe to retry?	Recommended strategy
`408`, `429`, `500`, `502`, `503`, `504`	Yes	Exponential backoff with jitter. Respect Retry-After on 429/503.
`400`, `401`, `403`, `404`, `405`, `410`, `422`	No	Fix the request or user permissions first. Retrying returns same error.
`409`	Conditional	Fetch current state, merge, retry with new ETag.
`501`	No	Feature not implemented. Retry will never succeed.
`425`	Conditional	Retry without TLS 0-RTT early data.
`3xx`	Follow redirect	Follow Location header automatically. Limit to 10 hops.

Implement exponential backoff: start with 1 second, double each retry, add random jitter, cap at 60–120 seconds. After 3–5 retries, fail gracefully and notify the user.

Comparison

LazyTools vs Other HTTP Status Code References

Feature	LazyTools	MDN Web Docs	httpstatus.com	JLV DevTools
Instant keyword search	✅ Number or keyword	❌ No search	❌ No search	✅ Yes
Retry strategy per code	✅ Every code	❌ None	❌ None	❌ None
Googlebot SEO impact	✅ Per code	❌ None	❌ None	❌ None
vs. similar codes comparisons	✅ 401 vs 403, etc.	⚠ Separate pages	❌ None	✅ Partial
Fix guide per code	✅ Every code	⚠ Some	❌ None	❌ None
Relevant HTTP headers	✅ Per code	✅ Yes	❌ None	❌ None
No account required	✅ Yes	✅ Yes	✅ Yes	✅ Yes

FAQ

HTTP Status Code FAQ

What is HTTP 404?▾

HTTP 404 Not Found means the server cannot find the requested resource. For permanently deleted content, return 410 Gone instead — Google deindexes 410 URLs faster. For restricted resources you do not want users to know exist, return 404 rather than 403.

What is HTTP 403 Forbidden?▾

HTTP 403 Forbidden means the server understood the request but refuses to authorize it. The client is authenticated but does not have permission. Unlike 401, re-authenticating will not help — the user needs different permissions or a different account. Consider returning 404 if you want to hide that the resource exists.

What is the difference between 401 and 403?▾

401 = not authenticated (server does not know who you are). Always include WWW-Authenticate header. Re-authenticating may help. 403 = authenticated but not authorized (server knows who you are, but you lack permission). Re-authenticating will not help. Mnemonic: 401 = "Who are you?", 403 = "I know who you are — still no."

What is HTTP 500 Internal Server Error?▾

HTTP 500 is a catch-all for server-side errors. Never expose stack traces or internal details. Log full error server-side with a correlation ID and return a generic message. It is safe to retry with exponential backoff as it may be transient.

What is HTTP 429 Too Many Requests?▾

HTTP 429 is a rate limiting response. Always include Retry-After header. Also include X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset for transparency. Clients should implement exponential backoff, not retry immediately.

What is the difference between 301 and 302 redirects?▾

301 = permanent redirect, Google passes PageRank, indexes the destination URL. 302 = temporary redirect, Google indexes the source URL, no PageRank passed. Use 301 for permanent URL changes (HTTP to HTTPS, domain migrations). Use 302 for temporary redirects.

What is HTTP 200 OK?▾

Standard success response. Use 201 when creating new resources, 204 when there is no body to return, 202 when processing is asynchronous. Never return 200 with an error body — this breaks monitoring and client error handling.

What does HTTP 503 mean?▾

503 Service Unavailable means the server is temporarily unable to handle requests. Always include Retry-After. Googlebot reduces crawl rate for 503s. If persistent for days, Google may deindex affected URLs. Return HTML for browsers, JSON for API clients.

What is HTTP 422 Unprocessable Content?▾

Request syntax is valid but content fails semantic validation (invalid email format, out-of-range value, missing required relationship). Return a detailed error body listing each validation failure. Use 400 for syntactically malformed requests instead.

What is the difference between 302 and 307 redirects?▾

Both are temporary redirects. 307 guarantees the HTTP method is preserved (POST stays POST). 302 browsers have historically converted POST to GET. Use 307 when redirecting POST requests temporarily. Use 303 See Other to redirect POST to a GET page (post-redirect-get pattern).

What causes HTTP 502 Bad Gateway?▾

A gateway (Nginx, load balancer, API proxy) received an invalid response from an upstream server. Check upstream server logs, verify the backend is running, test the upstream endpoint directly. 502 is safe to retry with exponential backoff.

What is HTTP 410 Gone vs 404 Not Found?▾

410 Gone means content is permanently deleted — Googlebot deindexes within 1–2 crawl cycles. 404 Not Found is ambiguous and Googlebot deindexes over several cycles. Use 410 to remove content from search results quickly.

What is HTTP 204 No Content?▾

Success with no response body. Used for DELETE operations, PUT/PATCH without body needed, and CORS preflight. The response must not include a body — some clients break if you send one. Use 200 OK if you want to return confirmation data.

What is HTTP 201 Created?▾

Return after POST successfully creates a new resource. Always include Location header: Location: /api/users/123. Use 200 OK if no new resource is created, 202 Accepted if creation is asynchronous and not yet complete.

What does HTTP 304 Not Modified mean?▾

The resource has not changed since the client's cached version (ETag or Last-Modified matched). Response has no body — client uses cached copy. Essential HTTP caching mechanism that saves bandwidth significantly. Implement ETag or Last-Modified on all cacheable resources.

What are all HTTP status codes?▾

1xx Informational: 100 Continue, 101 Switching Protocols, 103 Early Hints. 2xx Success: 200 OK, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content. 3xx Redirection: 301, 302, 303, 304, 307, 308. 4xx Client Error: 400, 401, 403, 404, 405, 408, 409, 410, 413, 415, 422, 429, 451. 5xx Server Error: 500, 502, 503, 504. Search the tool above to look up any code instantly.

Related tools