| 100 | The client should continue to send the request. This interim response is used to inform the client that part of its request has been accepted by the server and has not been rejected. The client should continue to send the rest of the request, or ignore this response if the request has been completed. The server must send a final response to the client after the request is completed. |
| 101 | The server has understood the client's request and will inform the client through the Upgrade message header to use a different protocol to complete this request. After sending the last blank line of this response, the server will switch to the protocols defined in the Upgrade message header.Such measures should only be taken when switching to a new protocol is more beneficial. For example, switching to a new HTTP version is more advantageous than the old version, or switching to a real-time and synchronous protocol to transmit resources that utilize such features. |
| 102 | Status code extended by WebDAV (RFC 2518) indicating that processing will continue. |
| 200 | The request has been successful, and the expected response header or data body will be returned with the response. |
| 201 | The request has been fulfilled, and a new resource has been created based on the request, and its URI has been returned with the Location header information. If the required resource cannot be created in time, '202 Accepted' should be returned. |
| 202 | The server has accepted the request but has not yet processed it. Just as it may be rejected, the request may or may not be executed in the end. In the case of asynchronous operation, there is no more convenient way than sending this status code. The purpose of returning a 202 status code response is to allow the server to accept the request for other processes (such as a batch-based operation that is executed only once a day) without having to keep the client connected to the server until the batch operation is completed. The response that accepts the request processing and returns a 202 status code should include some information indicating the current status of the processing in the returned entity, as well as a pointer to a processing status monitor or status prediction so that the user can estimate whether the operation has completed. |
| 203 | The server has successfully processed the request, but the returned entity header meta-information is not the definitive set available on the origin server, but comes from a local or third-party copy. The current information may be a subset or superset of the original version. For example, the metadata of the included resource may result in a superset of the meta-information known to the origin server. Use of this status code is not required, and is only appropriate if the response would otherwise be 200 OK. |
| 204 | The server successfully processed the request, but does not need to return any entity content, and wishes to return updated meta-information. The response may return new or updated meta-information in the form of entity headers. If present, these headers should correspond to the requested variables. If the client is a browser, the user's browser should remain on the page from which the request was sent, without causing any changes to the document view, even though the specification states that new or updated meta-information should be applied to the document in the user's browser's active view. Since the 204 response is forbidden to contain any message body, it always ends with the first blank line after the message header. |
| 205 | The server successfully processed the request and did not return any content. However, unlike the 204 response, the response returning this status code requires the requester to reset the document view. This response is mainly used to reset the form immediately after accepting user input so that the user can easily start another input. Like the 204 response, this response is also prohibited from containing any message body and ends with the first blank line after the message header. |
| 206 | The server has successfully processed part of the GET request. HTTP download tools such as FlashGet or Thunder use this type of response to implement breakpoint resumption or to break a large document into multiple download segments for simultaneous download. The request must include a Range header to indicate the content range the client wants to receive, and may include an If-Range as a request condition. The response must include the following header fields: Content-Range is used to indicate the range of content returned in this response; if it is a multi-segment download with Content-Type multipart/byteranges, each multipart segment should include a Content-Range field to indicate the content range of this segment. If the response includes Content-Length, its value must match the actual number of bytes in the content range it returns. Date ETag and/or Content-Location, if the same request should have returned a 200 response. Expires, Cache-Control, and/or Vary, if its value may be different from the value corresponding to other responses of the same variable. If this response request uses If-Range strong cache validation, then this response should not contain other entity headers; if this response request uses If-Range weak cache validation, then this response is prohibited from containing other entity headers; this avoids inconsistencies between cached entity content and updated entity header information. Otherwise, this response should contain all entity header fields that should be returned in a 200 response. If the ETag or Last-Modified header cannot be matched exactly, the client cache should not combine the content returned by the 206 response with any previously cached content. Any cache that does not support the Range and Content-Range headers is prohibited from caching the content returned by the 206 response. |
| 207 | Status code extended by WebDAV (RFC 2518), indicating that the following message body will be an XML message and may contain a series of independent response codes depending on the number of previous sub-requests. |
| 300 | The requested resource has a series of optional feedback information, each with its own specific address and browser-driven negotiation information. The user or browser can choose a preferred address for redirection. Unless this is a HEAD request, the response should include an entity with a list of resource characteristics and addresses so that the user or browser can choose the most appropriate redirect address. The format of this entity is determined by the format defined by Content-Type. The browser may automatically make the most appropriate choice based on the format of the response and the browser's own capabilities. Of course, the RFC 2616 specification does not specify how such automatic selection should be made. If the server itself already has a preferred feedback choice, the URI of this feedback should be indicated in Location; the browser may use this Location value as the address for automatic redirection. In addition, unless otherwise specified, this response is also cacheable. |
| 301 | The requested resource has been permanently moved to a new location, and any future references to this resource should use one of the several URIs returned in this response. If possible, clients with link editing capabilities should automatically modify the requested address to the address returned by the server. Unless otherwise specified, this response is also cacheable. The new permanent URI should be returned in the Location field of the response. Unless this is a HEAD request, the entity of the response should contain a hyperlink pointing to the new URI and a brief description. If this is not a GET or HEAD request, the browser must not automatically redirect unless confirmed by the user, because the conditions of the request may change as a result. Note: For some browsers using the HTTP/1.0 protocol, when the POST request they send gets a 301 response, the next redirect request will become a GET method. |
| 302 | The requested resource now temporarily responds to requests from a different URI. Since such a redirection is temporary, the client should continue to send subsequent requests to the original address. This response is cacheable only if specified in Cache-Control or Expires. The new temporary URI should be returned in the Location field of the response. Unless this is a HEAD request, the entity of the response should contain a hyperlink pointing to the new URI and a brief description. If this is not a GET or HEAD request, the browser is prohibited from automatically redirecting unless confirmed by the user, because the conditions of the request may change. NOTE: Although RFC 1945 and RFC 2068 do not allow clients to change the request method when redirecting, many existing browsers treat a 302 response as a 303 response and use GET to access the URI specified in the Location field, regardless of the method of the original request. Status codes 303 and 307 were added to make it clear what the server expects from the client in response. |
| 303 | The response to the current request can be found at another URI, and the client SHOULD use GET to access that resource. This method exists primarily to allow script-activated POST request output to redirect to a new resource. This new URI is not a replacement reference to the original resource. At the same time, the 303 response is prohibited from being cached. Of course, the second request (redirection) may be cached. The new URI should be returned in the Location field of the response. Unless this is a HEAD request, the entity of the response should contain a hyperlink pointing to the new URI and a brief description. Note: Many browsers before HTTP/1.1 cannot correctly understand the 303 status. If you need to consider the interaction with these browsers, the 302 status code should be sufficient, because most browsers handle the 302 response in exactly the way the above specification requires the client to handle the 303 response. |
| 304 | The server SHOULD return this status code if the client sends a conditional GET request and the request is allowed, and the document's contents have not changed (since the last access or according to the request's conditions). A 304 response MUST NOT contain a message-body, and therefore always ends with the first blank line after the message headers. The response MUST include the following header information: Date, unless the server does not have a clock. If servers without clocks follow these rules, proxy servers and clients MAY add the Date field to received response headers (as specified in RFC 2068), and caching will work properly. ETag and/or Content-Location, if the same request would have returned a 200 response. Expires, Cache-Control, and/or Vary, if their values might differ from those of previous responses for the same variants.If this response request used strong cache validation, then this response SHOULD NOT include other entity-headers; otherwise (for example, a conditional GET request used weak cache validation), this response MUST NOT include other entity-headers; this avoids inconsistencies between cached entity content and updated entity-header information.If a 304 response indicates that an entity is not currently cached, then the cache system MUST ignore the response and repeat the request without the restriction.If a 304 response is received requesting an update to a cached entry, then the cache system MUST update the entire entry to reflect the values of all fields that were updated in the response. |
| 305 | The requested resource must be accessed through a specified proxy. The Location field will give the URI information of the specified proxy. The recipient needs to repeatedly send a separate request to access the corresponding resource through this proxy. Only the original server can create a 305 response. NOTE: RFC 2068 does not specify that the 305 response is intended to redirect a single request, and can only be created by an origin server. Ignoring these restrictions can have serious security consequences. |
| 306 | In the latest version of the specification, the 306 status code is no longer used. |
| 307 | The requested resource is now temporarily responding to requests from a different URI. Because such a redirection is temporary, the client SHOULD continue to send subsequent requests to the original address. This response is cacheable only if specified in Cache-Control or Expires. The new temporary URI should be returned in the Location field of the response. Unless this is a HEAD request, the entity of the response should contain a hyperlink pointing to the new URI and a brief description. Because some browsers cannot recognize 307 responses, it is necessary to add the above necessary information so that users can understand and make access requests to the new URI. If this is not a GET or HEAD request, the browser is prohibited from automatically redirecting unless confirmed by the user, because the conditions of the request may change. |
| 400 | 1. The semantics are incorrect and the current request cannot be understood by the server. Unless modified, the client should not submit this request again. 2. The request parameters are incorrect. |
| 401 | The current request requires user authentication. The response must contain a WWW-Authenticate header appropriate to the requested resource to query user information. The client can repeatedly submit a request containing appropriate Authorization header information. If the current request already contains Authorization credentials, then the 401 response means that the server verification has rejected those credentials. If the 401 response contains the same authentication query as the previous response, and the browser has attempted authentication at least once, then the browser should display the entity information contained in the response to the user, because this entity information may contain relevant diagnostic information. See RFC 2617. |
| 402 | This status code is reserved for possible future needs. |
| 403 | The server understood the request, but is refusing to perform it. Unlike the 401 response, authentication will not help, and this request should not be repeated. If this is not a HEAD request, and the server wishes to make it clear why the request cannot be performed, the reason for the refusal should be described in the entity. Of course, the server can also return a 404 response if it does not want the client to obtain any information. |
| 404 | The request failed. The requested resource was not found on the server. There is no information to tell the user whether this condition is temporary or permanent. If the server knows the situation, it should use the 410 status code to inform that the old resource is permanently unavailable due to some internal configuration mechanism problems and there is no address that can be jumped to. The 404 status code is widely used when the server does not want to reveal why the request was rejected or no other suitable response is available. |
| 405 | The request method specified in the request line cannot be used to request the corresponding resource. The response must return an Allow header information to indicate the list of request methods that the current resource can accept. Since PUT and DELETE methods will write to resources on the server, most web servers do not support or allow the above request methods under the default configuration, and will return a 405 error for such requests. |
| 406 | The content characteristics of the requested resource cannot satisfy the conditions in the request header, so the response entity cannot be generated. Unless this is a HEAD request, the response should return an entity containing entity characteristics and a list of addresses from which the user or browser can choose the most appropriate one. The format of the entity is determined by the media type defined in the Content-Type header. The browser can make the best choice based on the format and its own capabilities. However, the specification does not define any standard for making such automatic choices. |
| 407 | Similar to the 401 response, except that the client must authenticate on the proxy server. The proxy server must return a Proxy-Authenticate for identity challenge. The client can return a Proxy-Authorization header for verification. See RFC 2617. |
| 408 | Request timeout. The client did not complete a request within the time the server was prepared to wait. The client can submit this request again at any time without making any changes. |
| 409 | The request could not be completed due to a conflict with the current state of the requested resource. This code is only allowed to be used in such a situation: the user is considered to be able to resolve the conflict and will resubmit a new request. The response should contain enough information for the user to discover the source of the conflict. Conflicts usually occur in the processing of PUT requests. For example, in an environment where version checking is used, a PUT request to modify a specific resource carries a version information that conflicts with a previous (third-party) request. At this time, the server should return a 409 error to inform the user that the request cannot be completed. At this time, the response entity is likely to contain a comparison of the differences between the two conflicting versions so that the user can resubmit and merge the new version. |
| 410 | The requested resource is no longer available on the server and there is no known forwarding address. This situation should be considered permanent. If possible, clients with link editing capabilities should remove all references to this address after obtaining user permission. If the server does not know or cannot determine whether the condition is permanent, then a 404 status code should be used. Unless otherwise specified, this response is cacheable. The purpose of the 410 response is mainly to help webmasters maintain the website, to notify users that the resource is no longer available, and the server owner hopes that all remote connections pointing to this resource will also be deleted. This type of event is common in limited-time, value-added services. Similarly, the 410 response is also used to notify clients that resources originally belonging to a certain individual are no longer available on the current server site. Of course, whether all permanently unavailable resources need to be marked as '410 Gone' and how long this mark needs to be kept depends entirely on the server owner. |
| 411 | The server refuses to accept the request without a defined Content-Length header. After adding a valid Content-Length header indicating the length of the request message body, the client can submit the request again. |
| 412 | The server failed to meet one or more of the preconditions given in the request header fields when validating the request. This status code allows the client to set preconditions in the request meta-information (request header field data) when retrieving resources, thereby preventing the request method from being applied to resources other than the one it intended. |
| 413 | The server is refusing to process the current request because the size of the entity data submitted by the request exceeds the size of the server is willing or able to process. In this case, the server can close the connection to prevent the client from continuing to send this request. If this situation is temporary, the server should return a Retry-After response header to tell the client how long it can try again. |
| 414 | The length of the requested URI exceeds the length that the server can interpret, so the server refuses to provide service for the request. This is relatively rare. Common situations include: The form submission that should have used the POST method became the GET method, resulting in the query string being too long. Redirect URI "black hole", for example, each redirection uses the old URI as part of the new URI, resulting in the URI being too long after several redirects. The client is trying to exploit security vulnerabilities in some servers to attack the server. This type of server uses a fixed-length buffer to read or operate on the requested URI. When the parameter after the GET exceeds a certain value, a buffer overflow may occur, resulting in arbitrary code execution [1]. Servers without this type of vulnerability should return a 414 status code. |
| 415 | For the current request method and the requested resource, the entity submitted in the request is not in a format supported by the server, so the request is rejected. |
| 416 | If the request contains a Range request header, and any data range specified in the Range does not overlap with the available range of the current resource, and the request does not define an If-Range request header, the server should return a 416 status code. If the Range uses a byte range, then this means that the first byte position of all data ranges specified in the request exceeds the length of the current resource. The server should also include a Content-Range entity header when returning the 416 status code to indicate the length of the current resource. This response is also prohibited from using multipart/byteranges as its Content-Type. |
| 417 | The expected content specified in the request header Expect cannot be met by the server, or this server is a proxy server, and there is clear evidence that the content of Expect cannot be met at the next node in the current route. |
| 421 | The number of connections from the IP address of the current client to the server exceeds the maximum range allowed by the server. Usually, the IP address here refers to the client address seen from the server (such as the user's gateway or proxy server address). In this case, the calculation of the number of connections may involve more than one terminal user. |
| 422 | The number of connections from the current client's IP address to the server exceeds the maximum range allowed by the server. Usually, the IP address here refers to the client address seen from the server (such as the user's gateway or proxy server address). In this case, the calculation of the number of connections may involve more than one end user. |
| 422 | The request format is correct, but it cannot be responded to because it contains semantic errors. (RFC 4918 WebDAV) 423 Locked The current resource is locked. (RFC 4918 WebDAV) |
| 424 | The current request failed due to an error in a previous request, such as PROPPATCH. (RFC 4918 WebDAV) |
| 425 | Defined in the WebDav Advanced Collections draft, but not in the WebDAV Sequence Sets Protocol (RFC 3658). |
| 426 | The client SHOULD switch to TLS/1.0. (RFC 2817) |
| 449 | Extended by Microsoft to indicate that the request should be retried after performing appropriate actions. |
| 500 | The server encountered an unexpected condition that prevented it from completing the request. Generally, this problem occurs when an error occurs in the server's program code. |
| 501 | The server does not support a feature required by the current request. When the server does not recognize the request method and cannot support its request for any resource. |
| 502 | The server, acting as a gateway or proxy, received an invalid response from an upstream server while trying to perform a request. |
| 503 | Due to temporary server maintenance or overload, the server is currently unable to process the request. This situation is temporary and will recover after a period of time. If the delay can be expected, the response can include a Retry-After header to indicate the delay. If this Retry-After information is not given, the client should handle it in the same way as the 500 response. Note: The existence of the 503 status code does not mean that the server must use it when it is overloaded. Some servers simply want to reject the client's connection. |
| 504 | The server, acting as a gateway or proxy, failed to receive a response in time from the upstream server (the server identified by the URI, such as HTTP, FTP, LDAP) or the auxiliary server (such as DNS) when trying to execute a request. Note: Some proxy servers return 400 or 500 errors when the DNS query times out. |
| 505 | The server does not support, or refuses to support, the HTTP version used in the request. This implies that the server cannot or is unwilling to use the same version as the client. The response SHOULD contain an entity describing why the version is not supported and which protocols the server supports. |
| 506 | Extended from the Transparent Content Negotiation Protocol (RFC 2295) to indicate an internal configuration error in the server: the requested negotiation argument resource is configured to use itself in transparent content negotiation and is therefore not an appropriate focus in a negotiation process. |
| 507 | The server is unable to store the content necessary to fulfill the request. This condition is considered temporary. WebDAV(RFC 4918) |
| 509 | The server reached a bandwidth limit. This is not an official status code, but is still widely used. |
| 510 | The policy required to access the resource was not satisfied. (RFC 2774) |