More free tools Related: SSL checker

HTTP Status Codes Explained

Search by code (502) or keyword ("gateway", "rate limit"). Each card includes a meaning, common causes, and quick fixes you can try first.

Tip: try “rate”, “auth”, “timeout”, “cache”.
Filter
200
OK
The request succeeded and the server returned a normal response.
Common causes
  • Healthy endpoint
  • Success response with a body
Quick checks
  • Verify response content matches expectations (not an error page returning 200)
Related: 204, 301
HTTP 200 OK means the request succeeded and returned a normal response. Common use: healthy endpoint.
201
Created
The server created a resource (common after POST).
Common causes
  • Successful create operation
  • Location header points to new resource
Quick checks
  • Confirm idempotency and retries won’t create duplicates
HTTP 201 Created means the server successfully created a resource (commonly after POST).
204
No Content
The request succeeded but there’s no response body.
Common causes
  • Successful delete
  • Successful update without returning a body
Quick checks
  • Confirm client code doesn’t assume JSON body
HTTP 204 No Content means the request succeeded but the server returned no body.
301
Moved Permanently
The resource has a new permanent URL (SEO-sensitive).
Common causes
  • Site migration (HTTP→HTTPS, www changes)
  • Canonicalization rules
Quick checks
  • Verify Location header is correct and no redirect loops
  • Prefer 301 for permanent changes
HTTP 301 Moved Permanently is a permanent redirect. Ensure the Location header is correct and avoid redirect loops.
302
Found
Temporary redirect (often used for auth flows).
Common causes
  • Login redirects
  • Feature flags or routing rules
Quick checks
  • Confirm client follows redirect as expected
  • Use 307/308 when method preservation matters
HTTP 302 Found is a temporary redirect. For method-preserving redirects, consider 307/308.
307
Temporary Redirect
Temporary redirect that preserves HTTP method.
HTTP 307 Temporary Redirect preserves the HTTP method on redirect (unlike 302 in some clients).
304
Not Modified
The cached version is still valid (no body returned).
Common causes
  • Conditional request with valid ETag
  • If-Modified-Since header matched
Quick checks
  • This is expected behavior for caching
  • Use the cached response body
HTTP 304 Not Modified means the cached version is valid. Use your cached copy; no body is returned.
308
Permanent Redirect
Permanent redirect that preserves HTTP method.
HTTP 308 Permanent Redirect preserves the HTTP method and indicates a permanent move.
400
Bad Request
The server couldn’t understand the request (client-side problem).
Common causes
  • Invalid JSON or malformed payload
  • Missing required params
  • Request too large (sometimes 413 instead)
Quick fixes
  • Validate payload and headers
  • Check server logs for validation errors
HTTP 400 Bad Request means the request is malformed or invalid. Validate JSON/body, required params, and headers.
401
Unauthorized
Authentication is missing or invalid.
Common causes
  • Expired token
  • Missing Authorization header
  • Incorrect credentials
Quick fixes
  • Refresh token / re-auth
  • Verify auth scheme (Bearer, Basic, etc.)
HTTP 401 Unauthorized means authentication failed or is missing. Check Authorization header and token validity.
403
Forbidden
Authenticated (or not) but not allowed to access the resource.
Common causes
  • Missing permissions/roles
  • IP allowlist / WAF rules
  • CSRF protections (for browsers)
Quick fixes
  • Verify account permissions
  • Check WAF/CDN rules and logs
HTTP 403 Forbidden means access is not allowed. Check permissions/roles and any WAF/CDN rules.
404
Not Found
The server can’t find the requested resource.
Common causes
  • Wrong path/URL
  • Missing route after deploy
  • Asset file removed
Quick fixes
  • Confirm routing + rewrites
  • Check trailing slash behavior
HTTP 404 Not Found means the resource doesn’t exist at that URL. Confirm routing, rewrites, and deploy changes.
408
Request Timeout
The server timed out waiting for the request.
HTTP 408 Request Timeout means the server timed out waiting for the request. Check client timeouts and network conditions.
405
Method Not Allowed
The HTTP method isn't supported for this resource.
Common causes
  • POST to a GET-only endpoint
  • Missing route handler for that method
Quick fixes
  • Check API docs for allowed methods
  • Verify route configuration
HTTP 405 Method Not Allowed means the HTTP method isn't supported. Check API docs and verify route configuration.
409
Conflict
The request conflicts with current server state.
Common causes
  • Duplicate resource creation
  • Edit conflicts (stale version)
  • Optimistic locking failures
Quick fixes
  • Refresh and retry with latest data
  • Check for unique constraint violations
HTTP 409 Conflict means the request conflicts with current state (duplicate, edit conflict). Refresh and retry.
410
Gone
The resource existed but has been permanently removed.
Common causes
  • Intentionally deleted content
  • Deprecated API endpoint
Quick fixes
  • Update links/bookmarks
  • Check for replacement URL
HTTP 410 Gone means the resource was permanently removed. Unlike 404, this is intentional and permanent.
413
Payload Too Large
The request body exceeds the server's size limit.
Common causes
  • Large file upload
  • Oversized JSON payload
  • Nginx/proxy body size limits
Quick fixes
  • Reduce payload size or chunk uploads
  • Increase server body size limit if appropriate
HTTP 413 Payload Too Large means the request body exceeds size limits. Reduce payload or adjust server limits.
422
Unprocessable Entity
The request is well-formed but has semantic errors.
Common causes
  • Validation errors (invalid email, wrong format)
  • Business rule violations
Quick fixes
  • Check response body for validation details
  • Fix field values and retry
HTTP 422 Unprocessable Entity means the request has semantic/validation errors. Check error details in response.
429
Too Many Requests
Rate limit hit (client should slow down).
Common causes
  • Too many retries
  • Traffic spike
  • Shared IP hitting limits
Quick fixes
  • Use exponential backoff + jitter
  • Respect Retry-After header if present
HTTP 429 Too Many Requests means you hit a rate limit. Slow down; use exponential backoff and respect Retry-After.
500
Internal Server Error
Generic server-side failure.
Common causes
  • Unhandled exception
  • Misconfiguration
  • Dependency failure surfaced as 500
Quick fixes
  • Check application logs and recent deploys
  • Verify DB/queue connectivity
HTTP 500 Internal Server Error is a generic server failure. Check logs, recent deploys, and dependencies.
501
Not Implemented
The server doesn't support the requested functionality.
Common causes
  • Unsupported HTTP method
  • Feature not yet built
Quick fixes
  • Check API docs for supported features
  • Use an alternative endpoint or method
HTTP 501 Not Implemented means the server doesn't support the requested functionality.
502
Bad Gateway
A proxy/gateway got an invalid response from an upstream.
Common causes
  • Upstream app crashed or restarted
  • Bad upstream DNS
  • Proxy misrouting
Quick fixes
  • Check upstream health + logs
  • Verify proxy upstream config and timeouts
Related: 503, 504
HTTP 502 Bad Gateway means a gateway/proxy received an invalid response from an upstream. Check upstream health, DNS, and proxy config/timeouts.
503
Service Unavailable
The server is temporarily unable to handle the request.
Common causes
  • Overloaded server
  • Planned maintenance
  • Autoscaling lag
Quick fixes
  • Check capacity, CPU/memory, and queue depth
  • Use Retry-After if appropriate
HTTP 503 Service Unavailable means the server is temporarily unable to handle the request (overload or maintenance). Check capacity and scaling.
504
Gateway Timeout
A proxy/gateway timed out waiting for an upstream response.
Common causes
  • Upstream is slow (DB, dependency)
  • Timeout misconfiguration
  • Network issues between proxy and upstream
Quick fixes
  • Check upstream latency and dependency health
  • Review timeouts at every hop (client → CDN → LB → app)
HTTP 504 Gateway Timeout means a gateway timed out waiting for an upstream. Check upstream latency and align timeouts across hops.

FAQ

502 Bad Gateway usually means a gateway/proxy received an invalid response from an upstream service (crash, DNS, proxy config).

502 is an invalid upstream response. 504 is a timeout waiting for a valid upstream response. Both often involve proxies/load balancers.

Not always. A 401/403 can be caused by misconfigured auth, and 404s can happen after deploys or routing changes. But 4xx generally point to request/permission issues.

Use external uptime/HTTP monitoring with alerts so you learn about errors quickly, and keep a simple runbook for the top 5 failure modes (DNS, SSL, proxy, app crash, database).

Catch 5xx errors before customers do

If your site starts returning 4xx/5xx, an external monitor with alerts reduces time-to-detect and makes incidents easier to debug.

Explore alerts & integrations
More free tools