Status codes, also known as Status Codes, are elements that an SEO must know practically by heart. In this guide you will find everything you need to know about these numeric messages that servers send to clients.
The status codes of the web server
- What are the Status Codes
- What are the Status Codes
- 1xx Informational responses
- 2xx Success
- 3xx Redirection
- 4xx Client errors
- 5xx Server errors
- Unofficial Status Codes
- How to read the Status Code
- Online tools
- Chrome extensions
- Spider and crawler
- Google Chrome
- Web server log
What are the Status Codes
When a client such as a browser requests a resource from a server the server sends the requested file, for example an HTML page. Together with the file, the server also sends a small packet of information to the client, called HTTP header – HTTP Header . The following is an example of an HTTP Header:
As you can see, the first line of the HTTP header contains the protocol used and a series of three numbersHTTP/1.1 200 OK, the code represents the Status Code.
There are many different Status Codes, each representing a type of response that the server sends to the client. 200 for example means “ok, the resource you asked for exists and I’m sending it to you”.
Let’s see what are all the status codes that you can find while browsing a site or even better, during a scan with Screaming Frog . Due to the nature of the terminology you will see many words in English, this is normal and you will have to get used to receiving information in this language.
What are the Status Codes
There are five classes of Status Code , plus some unofficial ones.
1xx Informational responses
Informational responses indicates that the request has been received and understood by the server. It is released on a provisional basis while the processing of the request continues. Advise the customer to await a definitive response. The message consists only of the status line and optional header fields and ends with a blank line. Since the HTTP / 1.0 standard did not define any 1xx status codes, servers should not send a 1xx response to an HTTP / 1.0 compliant client, except under experimental conditions.
The server has received the request headers and the client must proceed to send the request body (in the case of a request for which a body must be sent, such as a POST request). Sending a large request body to a server after a request has been denied for inappropriate headers would be inefficient. In order for a server to check the request headers, a client must send Expect: 100-continue as the header in its initial request and receive a Continue 100 status code in response before sending the body. If the client receives an error code such as 403 (Forbidden) or 405 (Method Not Allowed), it should not send the request body.
101 Switching Protocols
The requester asked the server to change protocols and the server agreed to do so.
102 Processing (WebDAV; RFC 2518)
A WebDAV request can contain many secondary requests involving file operations, which take a long time to complete the request. This code indicates that the server has received and is processing the request, but no response is available yet. This prevents the client from timing out and assuming that the request was lost.
103 Early Hints (RFC 8297)
Used to return some response headers before the final HTTP message.
This class of status codes indicates that the action requested by the customer has been received, understood and accepted.
Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity that describes or contains the result of the action.
The request was satisfied, resulting in the creation of a new resource.
The request was accepted for processing, but processing was not completed. The request may or may not possibly be considered and may not be permitted at the time of processing.
203 Non-Authoritative Information (since HTTP / 1.1)
The server is a transforming proxy (such as a web accelerator) that received an OK 200 from its source, but is returning a modified version of the source response.
204 No Content
The server successfully processed the request and is not returning any content.
205 Reset Content
The server successfully processed the request, but is not returning any content. Unlike a 204 response, this response requires the requester to reset the view of the document.
206 Partial Content (RFC 7233)
The server is only delivering part of the resource (byte serving) due to a range header sent by the client. The interval header is used by HTTP clients to allow resuming interrupted downloads or splitting a download into multiple simultaneous streams.
207 Multi-Status (WebDAV; RFC 4918)
The following message body is by default an XML message and can contain a number of separate response codes, depending on how many secondary requests have been made.
208 Already Reported (WebDAV; RFC 5842)
The members of a DAV binding have already been enumerated in an earlier part of the response (multistatus) and are not included again.
226 IM Used (RFC 3229)
The server has satisfied a request for the resource and the response is a representation of the result of one or more instance manipulations applied to the current instance.
This class of status codes indicates that the client needs to take further action to complete the request. Many of these status codes are used in URL redirection . A User-Agent can perform the additional action without user interaction only if the method used in the second request is GET or HEAD. A User-Agent can automatically redirect a request. A User-Agent should detect and intervene to prevent cyclic redirects.
300 Multiple Choices
Indicates multiple options for the resource from which the customer can choose (via User-Agent based content negotiation). For example, this code could be used to present multiple video format options, to list files with different file extensions, or to suggest a misunderstanding of the meaning of the words.
301 Moved Permanently
This and all future requests must be directed to the indicated URI and that the resource has been moved permanently.
This is an example of a practice that contradicts the standard. The HTTP / 1.0 specification (RFC 1945) required the client to perform a temporary redirect (the original descriptive phrase was “Resource moved temporarily”), but popular browsers implemented 302 with the functionality of a 303 See Other. Therefore, status codes 303 and 307 were added in HTTP / 1.1 to distinguish between the two behaviors. However, some web applications and frameworks use the 302 status code as if it were 303.
303 See Other (since HTTP / 1.1)
The response to the request can be found under another URI using the GET method. When received in response to a POST (or PUT / DELETE), the client should assume that the server has received the data and should send a new GET request to the specified URI.
304 Not Modified (RFC 7232)
Indicates that the resource has not been modified from the version specified by the If-Modified-Since or If-None-Match request headers. In this case, the resource does not need to be retransmitted as the client still has a previously downloaded copy.
305 Use Proxy (since HTTP / 1.1)
The requested resource is available only through a proxy, the address for which is provided in the response. Many HTTP clients (such as Mozilla and Internet Explorer) do not handle responses with this status code correctly, mainly for security reasons.
306 Switch Proxy
No longer used. It originally meant “Subsequent requests must use the specified proxy.”
307 Temporary Redirect (since HTTP / 1.1)
In this case, the request should be repeated with another URI; however, future requests should still use the original URI. In contrast to the way version 302 has historically been implemented, it is not possible to change the request method while releasing the original request. For example, a POST request must be retried using another POST request.
308 Permanent Redirect (RFC 7538)
The request and all future requests must be repeated using another URI. 307 and 308 have similar and parallel behavior to status codes 302 and 301, but do not allow HTTP method switching. Therefore, for example, submitting a form to a permanently redirected resource can continue without problems.
4xx Client errors
This class of status codes is intended for situations where the error appears to have been caused by the client. Except when responding to a HEAD request, the server must include an entity that contains an explanation of the error situation and whether it is a temporary or permanent condition. These status codes are applicable to any request method. User-Agents should show any included entities to the user.
400 Bad Request
The server cannot or cannot process the request due to an apparent client error. For example: invalid request syntax, size too large, invalid request message fragment, or misleading request routing.
401 Unauthorized (RFC 7235)
Similar to 403 Forbidden, but specific for use when authentication is required and has not worked or has not yet been provided. Some websites release HTTP 401 when an IP address is banned from the website (usually the website domain) and that specific address is denied permission to access a website.
402 Payment Required
Reserved for future use. The original intention was that this code could be used as part of some form of digital money or micro-payment scheme, as proposed by GNU Taler for example, but that hasn’t happened yet, and this code is not usually used. The Google Developers API uses this status if a particular developer has exceeded their daily request limit.
The request was valid, but the server refuses the action. The user may not have the necessary permissions for a resource or may need an account of some kind.
404 Not Found
The famous 404 page – The requested resource was not found but may be available in the future. Subsequent requests from the customer are allowed.
405 Method Not Allowed
A request method is not supported for the requested resource; for example, a GET request on a form requiring submission of data via POST or a PUT request on a read-only resource.
406 Not Acceptable
The requested resource can only generate unacceptable content based on the Accept headers sent in the request. See Content negotiation on Wikipedia for more information.
407 Proxy Authentication Required (RFC 7235)
The client must first authenticate with the proxy.
408 Request Timeout
The server timed out waiting for the request. According to the HTTP specification: “The client did not produce a request within the time the server was ready to wait, the client can retry the request without changes at any later time.”
Indicates that the request could not be processed due to conflicts in the request, such as a change conflict between multiple concurrent updates.
Indicates that the requested resource is no longer available and will no longer be available. This Status Code should be used when a resource has been intentionally removed and the resource should be deleted. After receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indexes. In most cases it is not necessary to ask clients and search engines to delete the resource, “404 not found” could be used instead.
411 Length Required
The request did not specify the length of its content, which is required for the requested resource.
412 Precondition Failed (RFC 7232)
The server does not meet one of the preconditions that the requester entered in the request.
413 Payload Too Large (RFC 7231)
The request is greater than what the server is willing or able to process. Previously this status code was called “Request Entity Too Large”.
414 URI Too Long (RFC 7231)
The supplied URI was too long to be processed by the server. Often the result of too much data being encoded as the query string of a GET request, in which case it must be converted to a POST request. Status Code called “Request-URI Too Long” earlier.
415 Unsupported Media Type
The requested entity has a media type that the server or resource does not support. For example, the client uploads an image asimage/svg+xml, but the server requires the images to use a different format.
416 Range Not Satisfiable (RFC 7233)
The client has requested a portion of the file (byte serving), but the server cannot provide that portion. For example, if the client has requested a portion of the file that is beyond the end of the file. Status Code previously called “Requested Range Not Satisfiable”.
417 Expectation Failed
The server cannot meet the requirements of the Expect request header field.
418 I’m a teapot (RFC 2324, RFC 7168)
This code was defined in 1998 and was one of the traditional IETF April jokes, featured in RFC 2324, Hyper Control Coffee Pot Control Protocol and is not intended to be implemented from actual HTTP servers. The RFC specifies that this code must be returned from the teapots required to make coffee. This HTTP status is used as an Easter egg on some websites, including Google.com.
421 Misdirected Request (RFC 7540)
The request was directed to a server that is unable to produce a response (for example, due to connection reuse).
422 Unprocessable Entity (WebDAV; RFC 4918)
The request was well formed but could not be followed due to semantic errors.
423 Locked (WebDAV; RFC 4918)
The resource being accessed is locked.
424 Failed Dependency (WebDAV; RFC 4918)
The request failed because it was dependent on another request and that request failed (for example, PROPPATCH).
426 Upgrade Required
The client must switch to a different protocol such as TLS / 1.0, which is indicated in the upgrade header field.
428 Precondition Required (RFC 6585)
The origin server requires the request to be conditional. Intended to prevent the non-update issue, where a client obtains the status of a resource, modifies it, and reports it to the server, while a third party has changed the status on the server in the meantime, causing a conflict.
429 Too Many Requests (RFC 6585)
The user has sent too many requests in a given period of time. Intended for use with rate limiting schemes.
431 Request Header Fields Too Large (RFC 6585)
The server is unwilling to process the request because one HTTP header field, or all fields, are collectively too large.
451 Unavailable For Legal Reasons (RFC 7725)
The web server owner has received a legal request to deny access to a resource or set of resources that includes the requested resource. Code 451 was chosen as a reference to the novel Fahrenheit 451.
5xx Server errors
The server was unable to fulfill a request. Response status codes starting with the digit “5” indicate when the server is aware that it has encountered an error or is unable to execute the request. Except when responding to a HEAD request, the server must include an entity containing an explanation of the error situation and indicate whether it is a temporary or permanent condition. Likewise, User-Agents should show any included entities to the user. These response codes are applicable to any request method.
500 Internal Server Error
A generic error message, given when an unexpected condition has been encountered and a specific message is no longer suitable.
501 Not Implemented
The server does not recognize the request method or does not have the ability to fulfill the request. Usually this implies future availability (for example, a new functionality of an API for a web service).
502 Bad Gateway
The server was acting as a gateway or proxy and was receiving an invalid response from the upstream server.
503 Service Unavailable
The server is currently unavailable because it is overloaded or down for maintenance. Generally, this is a temporary state.
504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
505 HTTP Version Not Supported
The server does not support the HTTP protocol version used in the request.
506 Variant Also Negotiates (RFC 2295)
Negotiation for the request generates a circular reference.
507 Insufficient Storage (WebDAV; RFC 4918)
The server is unable to store the representation needed to complete the request.
508 Loop Detected (WebDAV; RFC 5842)
The server detected an infinite loop while processing the request (sent in place of 208 Already Reported).
510 Not Extended (RFC 2774)
Additional request extensions are required to satisfy the server.
511 Network Authentication Required (RFC 6585)
The client must authenticate to gain access to the network. Intended for use by intercepting proxies used to control network access (for example, “captive portals” used to request acceptance of the Terms of Service before granting full Internet access via a Wi-Fi hotspot).
Unofficial status codes
The following status codes are not specified in any standard.
Used in proposing resettable requests to resume interrupted PUT or POST requests.
420 Method Failure (Spring Framework)
Deprecated response used by the Spring Framework when a method has failed.
420 Enhance Your Calm (Twitter)
Returned by version 1 of the Twitter Search and Trends API when the client has limited request usage; versions 1.1 and later use the 429 Too Many Requests response code instead.
450 Blocked by Windows Parental Controls (Microsoft)
The Microsoft extension code indicated when the Windows Parental Controls are activated and are blocking access to the requested web page.
498 Invalid Token (Esri)
Returned from ArcGIS servers. Code 498 indicates an expired or invalid token.
499 Token Required (Esri)
Returned by ArcGIS servers. Code 499 indicates that a token is required but has not been sent.
509 Bandwidth Limit Exceeded (Apache Web Server / cPanel)
The server has exceeded the bandwidth specified by the server administrator; this status code is often used by shared hosting providers to limit customer bandwidth.
530 Site is frozen
Used by the Pantheon web platform to indicate a site that has been frozen due to inactivity.
598 (Informal convention) Network read timeout error
Used by some HTTP proxies to report a network read timeout behind the proxy to a client in front of the proxy.
Internet Information Services
Microsoft’s Internet Information Services web server expands the 4xx error space to signal errors with the client’s request.
The Microsoft Internet Information Services web server expands the 4xx error class to report errors with the client request.
440 Login Time-out
The client session has timed out and needs to log in again.
449 Retry With
The server cannot honor the request because the user did not provide the requested information.
Used in Exchange ActiveSync when a more efficient server is available or the server cannot access users’ mailbox. The client is expected to rerun the HTTP Autodiscover operation to find a more suitable server.
The Nginx web server software expands the 4xx error class to report problems with the customer’s request.
444 No Response
Used internally to instruct the server not to return any information to the client and immediately close the connection.
494 Request header too large
The customer sent too large a request or too long a header line.
495 SSL Certificate Error
An expansion of the 400 Bad Request response code, used when the client has provided an invalid client certificate.
496 SSL Certificate Required
An expansion of the 400 Bad Request response code, used when a client certificate is required but not provided.
497 HTTP Request Sent to HTTPS Port
An expansion of the 400 Bad Request response code, used when the client has forwarded an HTTP request to a port that is listening for HTTPS requests.
499 Client Closed Request
Used when the client closed the request before the server could send a response.
Cloudflare’s reverse proxy service expands the 5xx status code class to report issues with the origin server.
520 Unknown Error
Error 520 is used as a “catch-all response for when the origin server returns something unexpected”, listing connection resets, large headers, and empty or invalid responses as common triggers.
521 Web Server Is Down
The origin server refused the connection from Cloudflare.
522 Connection Timed Out
Cloudflare was unable to negotiate a TCP handshake with the origin server.
523 Origin Is Unreachable
Cloudflare could not reach the origin server; for example, if the DNS records for the origin server are incorrect.
524 A Timeout Occurred
Cloudflare was able to complete a TCP connection with the origin server, but did not receive a timely HTTP response.
525 SSL Handshake Failed
Cloudflare could not negotiate an SSL / TLS handshake with the origin server.
526 Invalid SSL Certificate
Cloudflare could not validate the SSL / TLS certificate presented by the origin server.
527 Railgun Error
Error 527 indicates that the request timed out or failed after the WAN connection was established.
How to read the Status Code
Status Codes can be verified in many ways, you can choose the one that suits you best. Below I show you four types of tools you can use.
HTTP Header Reader – http://apps.evemilano.com/http-header-reader/
There are many online tools that allow you to enter the URL of a resource and provide you with the HTTP Header package with the Status Code. For example:
- HTTP Header Reader – this tool also allows you to change User-Agent.
- HTTP Status Code Checker
- HTTP / HTTPS Header Check
Chrome extensionsGoogle Chrome Extensions To read the Status Codes
With the browser it is quick and easy to check the Status Code, just provide yourself with the right extensions . My favorites are:
- Redirect Path
- Link Redirect Trace
Spider and crawler
With a spider it is natural to check the Status Codes, they are for that at the end 🙂 In Screaming Frog there is the Status Code column which shows the status code of each scanned URL.
Verification of Status Codes with Screaming Frog
You can check the Status Code of a page and all its dependencies directly from Google Chrome, by accessing the Developer Tools.
- Open Developer Tools
- Open the Network tab
- Refresh the page
- Select a resource
- Check the Status Code
Check Status Code with Google Chrome Developer Tools
Web server log
The most complete and perhaps interesting list of status codes you can find on your site is within the web server log. To learn more about the topic, I recommend this guide: How to read the web server log .