HTTP Status Codes

Contents

• Class 1xx: Informational
• Class 2xx: Successful
• Class 3xx: Redirection
• Class 4xx: Client error
• Class 5xx: Server error

In HTTP, special key figures are agreed for status codes. These status codes are inserted by a server in each header of an HTTP response. If the requested resource cannot or may not be transmitted directly, an automatically generated HTML page containing the error code and any other information is also transmitted.

This overview also contains the additional Microsoft IIS status codes.

Class 1xx: INFORMATIONAL

This class is reserved for provisional answers.

100 - Continue

The server has received the request correctly and is waiting for further instructions from the client to be able to execute the request. (Not currently used)

101 - Switching Protocols

The server has received the request correctly and will change the transfer protocol after sending this status message in accordance with the client's instructions for executing the request. (Not currently used)

102 - Processing

Used to avoid a timeout while the server is processing a time-intensive request.

103 - Early Hints

Indicates to the client that the server is likely to send a final response with the header fields contained in the information response. (RFC 8297)

Class 2xx: SUCCESSFUL

The 2xx class indicates that the client's request has been received, understood and accepted by the server.

200 - OK

The request reached the server correctly and was executed correctly.

201 - Created

The request reached the server correctly and the requested resource was recreated. This is the case if the request from the browser to the server was made using one of the HTTP transfer methods POST or PUT and contained an instruction to create the corresponding object.

202 - Accepted

The server has accepted the browser's request but does not provide any data in response. Instead of sending the data, the server writes it to a file and indicates in the message where the data can be found later. This message says nothing about whether the server can handle the request successfully. It has simply accepted it and postponed processing to a later time.

203 - Non-Authoritative Information

This status code should be returned by a server instead of code 200 if it is not the original server, but a proxy server, for example. In this way, the web browser learns that the data was sent successfully, but does not come from the original server and therefore there is no guarantee that it is up to date.

204 - No Content

The server has received the request but is not sending any data back. This status code is useful when used in CGI scripts that do something on the server but do not want to send new HTML code to the calling browser. From the user's point of view, the old screen content is retained.

205 - Reset Content

The request reached the server correctly and was processed. With this response, the requesting client is asked to delete the document view that triggered the request for this resource (e.g. an entry in a form field).

206 - Partial Content

The GET request contained the line "range" in the HTTP header, which prompts the server to transmit only a certain range of the requested resource. This request reached the server correctly and was processed. The requested data is sent in several portions (this has nothing to do with TCP/IP packets, but happens at HTTP protocol level). Information on "content-length" (e.g.: 1024) and "content-range" (e.g.: bytes 0-1023/1024) is used to specify how many bytes of the requested content are delivered and which part of the total data.

207 - Multi-Status

The response contains an XML document that contains several status codes for operations performed independently of each other.

Class 3xx: REDIRECTION

The 3xx class indicates that the request was received correctly, but that the user should make changes to the request for the resource.

300 - Multiple Choices

The requested data is available under several different URIs (mirror). Instead of the data, the available URIs are transferred as a list. The web browser can then let the user select a URI in a dialog.

301 - Moved Permanently

The requested data is no longer located under the URI, it has been permanently moved to a different address. The status message indicates under which URI the data is now located. A web browser that receives this response from the server can immediately request the new address, for example.

302 - Moved Temporarily

The requested data has been temporarily moved to another URI. The status message indicates the address where the data is currently located. A web browser that receives this response can, for example, immediately request the temporarily valid address.

303 - See Other

Die angeforderten Daten sind unter einem angegebenen URI verfügbar und sollte von dort mit Hilfe der get-Methode angefordert werden. Dieser Statuscode ist für CGI-Scripts gedacht, die mit der post-Methode aufgerufen wurden und den Browser auf eine andere Ressource lenken wollen, die mit der get-Methode angefordert werden soll.

304 - Not Modified

The requested data is available under a specified URI and should be requested from there using the get method. This status code is intended for CGI scripts that were called with the post method and want to direct the browser to another resource that is to be requested with the get method.

305 - Use Proxy

The requested resource can only be sent via a proxy that is explicitly specified in the response in the "location" field.

306 - Reserved

(Currently not in use)

307 - Temporary Redirect

Like the status code 302 (Moved Temporarily). Intended for incorrect reactions of some browsers to the code 302.

Class 4xx: CLIENT ERROR

The 4xx class stands for all messages about errors that are probably triggered by the requesting client.

400 - Bad Request

The request contains syntax errors. The server is therefore unable to process the request. This can happen, for example, if the request was made because a user tried to enter a URI manually in the address line of the browser and used invalid characters.

Additional Microsoft IIS status codes:

400.1 - Invalid Destination Header

Invalid Destination Header

400.2 - Invalid Depth Header

Invalid Depth Header

400.3 - Invalid If Header

Invalid If Header

400.4 - Invalid Overwrite Header

Invalid Overwrite Header

400.5 - Invalid Translate Header

Invalid Translate Header

400.6 - Invalid Request Body

Invalid Request Body

400.7 - Invalid Content Length

Invalid Content Length

400.8 - Invalid Timeout

Invalid Timeout

400.9 - Invalid Lock Token

Invalid Lock Token

401 - Unauthorized

The requested data is access-protected. The server can only send the data if a valid access ID, consisting of user name and password, is sent with the request. In practice, this always happens when an address is called up that is access-protected, e.g. by htaccess. After receiving this status code, the web browser then displays a dialog for entering the user name and password. It then starts a new request to the server with the data entered.

Additional Microsoft IIS status codes:

401.1 - Logon failed

Login failed
The login attempt has failed, probably because an invalid user name or password was used.

401.2 - Logon failed due to server configuration

Login failed due to server configuration
This HTTP status code indicates a problem in the authentication configuration settings on the server.

401.3 - Unauthorized due to ACL on resource

No authorization, resource is assigned an ACL
This code indicates a problem with NTFS permissions. This error can occur even if the permissions of the corresponding file are correct. The error occurs, for example, if the "IUSR" account does not have access to the "C:\Winnt\System32\Inetsrv" directory.

401.4 - Authorization failed by filter

No authorization because filter active
An ISAPI filter does not allow the request to be processed due to an authorization problem.

401.5 - Authorization failed by ISAPI/CGI application

Authorization in ISAPI/CGI application failed
An ISAPI or CGI (Common Gateway Interface) application does not allow the request to be processed due to an authorization problem.

402 - Payment Required

The requested data is subject to a charge. The server can only send the data if a confirmation of payment for the data is sent with the request. This is not currently used due to a lack of standardized technical principles for micropayments.

403 - Forbidden

The requested data is restricted. The credentials provided to allow access are invalid. This can happen, for example, if status code 401 was returned previously, and the browser has now started the next request with the credentials it requested from the user in the dialog, but these credentials are invalid. Some web browsers will then repeat the credential input dialog two more times, and after the third incorrect input, the user will receive a "Forbidden" error message.

Additional Microsoft IIS status codes:

403.1 - Execute access forbidden

Execution access prohibited
The corresponding level of execution authorization has not been granted. Two common causes for this error message are listed below:

• The permissions for executing files are not sufficient. For example, this error occurs if an attempt is made to call up an ASP page in a directory whose permissions are set to "None", or if a CGI script (CGI = Common Gateway Interface) is to be executed in a directory with the permissions "Scripts only". To change the permissions for execution, right-click on the directory in the Microsoft Management Console (MMC), then click on "Properties" and then on the "Directory" tab. The "Execute permissions" setting should correspond to the content to be accessed.
• The script mapping for the file type to be executed is not configured to recognize the verb used in the request (e.g. GET or POST). To check this, right-click on the directory in the MMC and then click on "Properties". Select the "Directory" tab and then "Configuration". The script assignment for the file type should be configured so that the verb used is recognized.

403.2 - Read access forbidden

Read access prohibited.
The corresponding level of read permission has not been granted. IIS 7.0, IIS 7.5 or IIS 8.0 must be configured so that read permission is granted for the directory. If a standard document is used, it must also exist.

403.3 - Write access forbidden

Write access forbidden
The corresponding level of write permission has not been granted. The IIS 7.0, IIS 7.5 or IIS 8.0 permissions and the NTFS file system permissions must be configured so that write permission is granted for the directory.

403.4 - SSL required

SSL required
The request is sent via a non-secure channel and the web application requires an SSL (Secure Sockets Layer) connection. Disable the "Require secure channel" option or use HTTPS instead of HTTP to access the page.

403.5 - SSL 128 required

SSL 128 required
The server is configured to require a 128-bit SSL connection. However, the request is not sent using 128-bit encryption.

403.6 - IP address rejected

IP address rejected
The server is configured to reject access to the current IP address.

403.7 - Client certificate required

Client certificate required
The server is configured so that a certificate is required for client authentication. However, no corresponding client certificate is installed on the client browser.

403.8 - Site access denied

Site access denied
The server is configured to reject requests based on the DNS (Domain Name System) name of the client computer.

403.9 - Too many users

The number of users connected to the server exceeds the set maximum number of users.
Note: Microsoft Windows 2000 Professional and Microsoft Windows XP Professional automatically enforce a limit of 10 connections in IIS. This limit cannot be removed.

403.10 - Invalid configuration

Invalid configuration.

403.11 - Password change

Password change.

403.12 - Mapper denied access

Access denied by mapper
The page requires a client certificate. However, the user ID assigned to the client certificate is denied access to the file.

403.13 - Client certificate revoked

Client certificate revoked
The client browser is trying to use a client certificate that has been revoked by the issuing certification authority.

403.14 - Directory listing denied

Directory listing is denied
The server is not configured to display a table of contents listing and no default document has been set.

403.15 - Client Access Licenses exceeded

The number of client licenses has been exhausted.

403.16 - Client certificate untrusted or invalid

The client certificate is untrusted or invalid
The client browser is trying to use a client certificate that is not trusted or invalid by the server running IIS 7.0, IIS 7.5 or IIS 8.0.

403.17 - Client certificate has expired or is not yet valid

The client certificate has expired or is not yet valid
The client browser is trying to use a client certificate that has expired or is not yet valid.

403.18 - Cannot execute requested URL in the current application pool

Requested URL cannot be executed in the current application pool
A custom error page has been configured and is located in an application pool other than the application pool of the requested URL.

403.19 - Cannot execute CGI applications for the client in this application pool

CGI applications for the client cannot be executed in this application pool
The identity of the application pool does not have the user right "Replace a token at process level".

403.20 - Forbidden: Passport logon failed

Forbidden: Passport logon failed.

403.21 - Forbidden: Source access denied

Forbidden: Source access denied.

403.22 - Forbidden: Infinite depth is denied

Forbidden: Infinite depth is denied.

403.502 - Forbidden: Too many requests from the same client IP; Dynamic IP Restriction limit reached

Forbidden: Too many requests from the same client IP; Dynamic IP Restriction limit reached.

404 - Not Found

The requested URI does not exist. Alongside status codes 200 and 304, this is one of the most common cases in practice. It always occurs when a link leads to an address on the server that does not exist or no longer exists, or when the user has tried to call up an address on the server by manually typing it into the address line of the browser, but this address does not exist.

Additional Microsoft IIS status codes:

404.0 - Not found

Not found
The file has been moved or does not exist.

404.1 - Site not found

Site not found.

404.2 - ISAPI or CGI restriction

ISAPI or CGI restriction
The requested ISAPI resource or the requested CGI resource is restricted on the computer.

404.3 - MIME type restriction

MIME type restriction
The current MIME mapping for the requested extension type is not valid or not configured.

404.4 - No handler configured

No handler configured
The file name extension of the requested URL does not have a handler configured to process the request on the web server.

404.5 - Denied by request filtering configuration

Denied by request filter configuration
The requested URL contains a string that is blocked by the server.

404.6 - Verb denied

Verb rejected
The request is made using an HTTP verb that is not configured or is invalid.

404.7 - File extension denied

The requested file name extension is not permitted.

404.8 - Hidden namespace

Hidden namespace
The requested URL is rejected because the directory is hidden.

404.9 - File attribute hidden

The requested file is hidden.

404.10 - Request header too long

The request header is too long.

404.11 - Request contains double escape sequence

The request contains double escape sequence.

404.12 - Request contains high-bit characters

Request contains high-bit characters.
The request contains high-bit characters and the server is configured to not allow high-bit characters.

404.13 - Content length too large

Content length is too long
The request contains a Content-Length header. The value of the Content-Length header is greater than the limit permitted for the server.

404.14 - Request-URL too long

Request URL is too long.
The requested URL exceeds the limit permitted for the server.

404.15 - Query string too long

Query string is too long
The request contains a query string that exceeds the limit permitted for the server.

404.16 - DAV request sent to the static file handler

DAV request was sent to handler for static files.

404.17 - Dynamic content mapped to the static file handler via a wildcard MIME mapping

Dynamic content is assigned to a static file handler via MIME assignment using placeholders.

404.18 - Querystring sequence denied

Querystring sequence denied.

404.19 - Denied by filtering rule

Denied by filtering rule.

404.20 - Too Many URL Segments

Too Many URL Segments.

405 - Method Not Allowed

The specified transfer method is not permitted on the server. The data is therefore not transferred. This can occur, for example, if no method other than the get method is permitted in the configuration of the web server, but an HTML form contains a CGI call with the post method.

406 - Not Acceptable

The request is not acceptable in this form. The data will therefore not be transmitted.

407 - Proxy Authentication Required

The requesting client is a proxy server. The data is only transferred to this server if it identifies itself as a valid proxy server. This status code is not currently used. In the long term, this should establish similar handling to the 401 status code, but not for requesting browsers, but for requesting proxy servers. This could make it possible for web providers to block unwanted proxy servers from caching their own data in the server configuration.

408 - Request Timeout

The server has not received an expected request within the specified maximum time period. The connection to the requesting browser is therefore terminated. Requested data is not transmitted.

409 - Conflict

The server cannot send the requested data because a conflict has arisen with another process. This can happen, for example, if another process has just provided a requested file with exclusive file locking (no file access allowed for other processes).

410 - Gone

The requested resource is no longer available on the server and there is no known alternative address for the same resource. This status code is selected by server administrators, for example, if it was a temporary presentation.

411 - Length Required

The data is not sent. They can only be sent if the request contains a content-length specification. The browser can attempt to reformulate the request and transmit the length of the request data sent to the server.

412 - Precondition Failed

One or more of the conditions specified in the request do not apply. The requested data will therefore not be transmitted.

413 - Request Entity Too Large

The server refuses to process the request because the content of the request is larger than the server can or wants to process. The server can terminate the connection to the client to prevent the client from sending further requests.

414 - Request-URI Too Long

The server refuses to process the request because the URI of the request is longer than the server can interpret. This rare status message is used if, for example, a URL contains an overlong query sequence.

415 - Unsupported Media Type

The server refuses to process the request because the requested resource cannot be transferred in the format (mime type) requested in the request.

416 - Requested Range Not Satisfiable

The request contains information on which byte range of the requested URI is to be transferred. Both the start value and the end value of the specified range are outside the available byte range, e.g. if a byte range of 1000 to 2000 is specified, but the resource only has 500 bytes. The requested data is therefore not transferred.

417 - Expectation Failed

Used in connection with an "Expect" header field. The server behavior requested in the "Expect" header field cannot be fulfilled.

418 - I'm a teapot

This code is to be understood as an April Fool's joke by the IETF, which is described in more detail in RFC 2324, Hyper Text Coffee Pot Control Protocol. Within a joking protocol for making coffee, it indicates that a teapot was mistakenly used instead of a coffee pot. However, this status code is not part of HTTP, but only of HTCPCP (Hyper Text Coffee Pot Control Protocol). Nevertheless, this joke status code can be found on some websites, but in reality the status code 200 is sent.

420 - Policy Not Fulfilled

In W3C PEP (Working Draft November 21, 1997), this code is proposed to indicate that a condition has not been met.

421 - There are too many connections from your internet address

Used when the maximum number of connections is exceeded. This code was originally proposed in W3C PEP (Working Draft November 21, 1997) to indicate the "bad mapping" error.

422 - Unprocessable Entity

Used if neither the return of status code 415 nor 400 would be justified, but processing of the request is rejected due to semantic errors, for example.

423 - Locked

The requested resource is currently locked.

424 - Failed Dependency

The request could not be carried out because it requires the success of a previous request.

425 - Unordered Collection

Defined in the drafts of WebDav Advanced Collections, but not in the "Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol".

426 - Upgrade Required

The client should switch to Transport Layer Security (TLS/1.0).

429 - Too Many Requests

The client has sent too many requests in a certain period of time.

Class 5xx: SERVER ERROR

The 5xx class stands for temporary non-executability of the request or for errors that have occurred or are present in the server and make it impossible to execute the request.

500 - Internal Server Error

The server cannot send the requested data because an error has occurred on the server. For example, the called CGI script could not be started.
Microsoft IIS: This error message is displayed for a number of server-side errors. You may find further information about the exact cause of this error in the event display. In addition, short HTTP error messages can be deactivated in order to obtain a detailed description of the error.

Additional Microsoft IIS status codes:

500.0 - Module or ISAPI error occurred

Module or ISAPI error occurred.

500.11 - Application is shutting down on the Web server

Application is currently being shut down on the web server
The request is not being processed because the target application pool is currently being shut down. To resolve the issue, wait for the worker process to complete the shutdown, then resend the request. If the problem persists, problems in the web application may be preventing it from shutting down properly.

500.12 - Application is busy restarting on the Web server

Application is currently being restarted on the web server
The request is not being processed because the target application pool is currently being restarted. This HTTP status code should be resolved by refreshing the page. If the HTTP status code reappears after refreshing the page, it may be due to antivirus software that is currently scanning the Global.asa file. If the problem persists, problems in the web application may be preventing it from restarting properly.

500.13 - Web server is too busy

Web server is busy
The request is not being processed because the server is busy and is no longer accepting incoming requests. Normally, this HTTP status code means that the number of incoming concurrent requests exceeds the number of requests that the IIS 7.0, IIS 7.5 or IIS 8.0 web application can handle. The problem may occur because the performance configuration settings are set too low, because the hardware is insufficient or because there is a bottleneck in the IIS 7.0, IIS 7.5 or IIS 8.0 web application. A common troubleshooting method is to generate a memory dump file of the IIS 7.0, IIS 7.5 or IIS 8.0 processes as soon as the error occurs and then debug the memory dump file.

500.15 - Direct requests for Global.asax are not allowed

Direct requests for Global.asax not permitted
A direct request is made for the "Global.asa" file or the "Global.asax" file.

500.19 - Configuration data is invalid

Configuration data is invalid
This HTTP status code occurs due to a problem in the associated "Applicationhost.config" or "Web.config" file.

500.21 - Module not recognized

Module not recognized.

500.22 - An ASP.NET httpModules configuration does not apply in Managed Pipeline mode

An ASP.NET httpModules configuration does not apply in Managed Pipeline mode.

500.23 - An ASP.NET httpHandlers configuration does not apply in Managed Pipeline mode

An ASP.NET httpHandlers configuration does not apply in Managed Pipeline mode.

500.24 - An ASP.NET impersonation configuration does not apply in Managed Pipeline mode

An ASP.NET impersonation configuration does not apply in Managed Pipeline mode.

500.50 - A rewrite error occurred during RQ_BEGIN_REQUEST notification handling

A rewrite error occurred while processing the RQ_BEGIN_REQUEST notification. An error occurred during the configuration or execution of the incoming rule. Note The distributed rule configuration for incoming and outgoing rules is read here.

500.51 - A rewrite error occurred during GL_PRE_BEGIN_REQUEST notification handling

An error occurred while rewriting the GL_PRE_BEGIN_REQUEST notification during processing. An error has occurred in the global configuration or during execution of the global rule. Note The global rule configuration is read here.

500.52 - A rewrite error occurred during RQ_SEND_RESPONSE notification handling

A rewrite error occurred while processing the RQ_SEND_RESPONSE notification. An error has occurred with the outgoing rule.

500.53 - A rewrite error occurred during RQ_RELEASE_REQUEST_STATE notification handling

A rewrite error occurred while processing the RQ_RELEASE_REQUEST_STATE notification. An error occurred with the outgoing rule. The rule is configured to be executed before the output user cache is updated.

500.100 - Internal ASP error

Internal ASP error.
An error occurs during the processing of an ASP page (Active Server Pages). To obtain more detailed information about the error, the short HTTP error messages can be deactivated in the web browser. In addition, an ASP error number may be displayed in the IIS log for the error that has occurred.

501 - Not Implemented

The server cannot process the request because it does not understand the nature of the request and does not know how to handle the requested resource.

502 - Bad Gateway

The server (used as a gateway or proxy) cannot process the request because it has received an error message when forwarding the request to a higher-level server.

Additional Microsoft IIS status codes:

502.1 - CGI application timeout

CGI application timeout
A CGI application does not return a valid HTTP response within the configured time limit.

502.2 - Bad gateway: Premature Exit

Invalid gateway: Premature termination
A CGI application returns an invalid HTTP response to the server running IIS 7.0, IIS 7.5 or IIS 8.0.

502.3 - Bad Gateway: Forwarder Connection Error (ARR)

Bad Gateway: Forwarder Connection Error (ARR).

502.4 - Bad Gateway: No Server (ARR)

Bad Gateway: No Server (ARR).

503 - Service Unavailable

The server cannot process the request due to overload. The requested data can therefore not be sent. The status message can indicate the earliest time at which the request can be processed again. In contrast to status code 202, the server does not process the data as soon as it has capacity again.

Additional Microsoft IIS status codes:

503.0 - Application pool unavailable

Application pool not available
The request is sent to an application pool that has been stopped or is currently deactivated. To resolve the issue, the target application pool must be started. The event log may contain information about why the application pool was stopped or disabled.

503.2 - Concurrent request limit exceeded

The limit of concurrent requests has been exceeded
The appConcurrentRequestLimit property is set to a value that is lower than the current number of concurrent requests. IIS 7.0, IIS 7.5 and IIS 8.0 allow a maximum number of concurrent requests as defined by the value of the appConcurrentRequestLimit property.

503.3 - ASP.NET queue full

ASP.NET queue full.

504 - Gateway Timeout

If the server works as a gateway or proxy, it returns this status message to the client if it does not receive a response from a server that was addressed by the client via it within a specific time defined by the server administrator.

505 - HTTP Version Not Supported

The server does not support the HTTP version specified in the HTTP header of the request. The requested data is therefore not sent.

506 - Variant Also Negotiates

The content agreement of the request results in a circular reference. (RFC 2295)

507 - Insufficient Storage

The request cannot be executed by the server due to insufficient memory. (WebDAV, RFC 4918)

508 - Loop Detected

The server has detected an infinite loop while processing the request (is sent instead of error 208). (WebDAV, RFC 5842)

509 - Bandwidth Limit Exceeded

The bandwidth limit has been exceeded. This error is not described in any RFCs. (Apache bw/limited extension)

510 - Not Extended

Further additions to the request are required for the server to execute the request. (RFC 2774)

511 - Network Authentication Required

The client must authenticate itself in order to access the network. (RFC 6585)

598 - Network read timeout error

This error is not described in any RFCs. This code is used by Microsoft HTTP proxies to signal a read timeout behind a proxy to a client in front of the proxy.

599 - Network connect timeout error

This error is not described in any RFCs. This code is used by Microsoft HTTP proxies to signal a connection timeout behind a proxy to a client in front of the proxy.