Kostenlos · Ohne Anmeldung

HTTP-Statuscode-Referenz

Alle registrierten HTTP-Statuscodes, durchsuchbar und nach Klasse filterbar — mit verständlichen Erklärungen, was jeder Code wirklich bedeutet.

100

Continue

The server received the request headers; the client should proceed to send the body.

Details
101

Switching Protocols

The server agrees to switch protocols as requested via the Upgrade header (e.g. to WebSocket).

Details
102

Processing

WebDAV: the server has accepted the request but has not completed it yet.

Details
103

Early Hints

Preliminary headers (mostly Link preload hints) sent before the final response.

Details
200

OK

The request succeeded. The standard response for successful HTTP requests.

Details
201

Created

The request succeeded and a new resource was created — typical for POST endpoints.

Details
202

Accepted

The request was accepted for asynchronous processing; completion is not guaranteed.

Details
203

Non-Authoritative Information

The response was modified by a transforming proxy from the origin's 200 response.

Details
204

No Content

The request succeeded but there is no body to return — common for DELETE or PUT.

Details
205

Reset Content

The request succeeded; the client should reset the document view (e.g. clear a form).

Details
206

Partial Content

The server is delivering only part of the resource due to a Range header.

Details
207

Multi-Status

WebDAV: the body contains multiple status codes for multiple sub-operations.

Details
208

Already Reported

WebDAV: members of a binding were already enumerated in a previous reply.

Details
226

IM Used

The response is a delta (instance manipulation) applied to the current resource.

Details
300

Multiple Choices

Several representations exist for the resource; the client should pick one.

Details
301

Moved Permanently

The resource moved permanently to a new URL. Browsers and crawlers update their references.

Details
302

Found

Temporary redirect. The client should keep using the original URL for future requests.

Details
303

See Other

The response is at a different URI and should be fetched with GET — typical after a POST.

Details
304

Not Modified

The cached version is still valid; the server sends no body. Driven by If-None-Match / If-Modified-Since.

Details
305

Use Proxy

Deprecated: the resource must be accessed through the proxy given in the Location header.

Details
307

Temporary Redirect

Like 302, but the client must not change the HTTP method when following the redirect.

Details
308

Permanent Redirect

Like 301, but the client must not change the HTTP method when following the redirect.

Details
400

Bad Request

The server cannot process the request due to a client error — malformed syntax, invalid parameters or body.

Details
401

Unauthorized

Authentication is required or has failed. The response includes a WWW-Authenticate challenge.

Details
402

Payment Required

Reserved; used in practice by some APIs to signal exhausted quota or required payment.

Details
403

Forbidden

The server understood the request but refuses it — authentication won't help.

Details
404

Not Found

The resource does not exist at this URL. The most common HTTP error on the web.

Details
405

Method Not Allowed

The HTTP method is not supported for this resource — e.g. POST on a read-only endpoint.

Details
406

Not Acceptable

No representation matches the request's Accept headers.

Details
407

Proxy Authentication Required

Like 401, but authentication is required by an intermediate proxy.

Details
408

Request Timeout

The server timed out waiting for the client to finish sending the request.

Details
409

Conflict

The request conflicts with the resource's current state — e.g. concurrent edits or duplicate creation.

Details
410

Gone

The resource existed but was permanently removed; unlike 404, this is intentional and final.

Details
411

Length Required

The server requires a Content-Length header and the request did not provide one.

Details
412

Precondition Failed

A conditional header (If-Match, If-Unmodified-Since…) evaluated to false.

Details
413

Content Too Large

The request body exceeds what the server is willing to process.

Details
414

URI Too Long

The request URI is longer than the server accepts — often a symptom of data in the query string.

Details
415

Unsupported Media Type

The request body's Content-Type is not supported by the endpoint.

Details
416

Range Not Satisfiable

The Range header asks for a portion the resource cannot supply.

Details
417

Expectation Failed

The Expect request header could not be met by the server.

Details
418

I'm a teapot

April Fools' RFC 2324: the server refuses to brew coffee in a teapot. Sometimes used as an easter egg.

Details
421

Misdirected Request

The request was sent to a server unable to produce a response (e.g. wrong TLS SNI).

Details
422

Unprocessable Content

The request is well-formed but semantically invalid — the classic validation-error response for APIs.

Details
423

Locked

WebDAV: the resource is locked.

Details
424

Failed Dependency

WebDAV: the request failed because a previous dependent request failed.

Details
425

Too Early

The server refuses to process a request that might be replayed (TLS early data).

Details
426

Upgrade Required

The client must switch to a different protocol (given in the Upgrade header).

Details
428

Precondition Required

The server requires the request to be conditional to prevent lost-update conflicts.

Details
429

Too Many Requests

The client exceeded a rate limit. Check the Retry-After header before retrying.

Details
431

Request Header Fields Too Large

Headers (individually or collectively) exceed the server's limits — often oversized cookies.

Details
451

Unavailable For Legal Reasons

Access is denied for legal reasons, such as censorship or court order.

Details
500

Internal Server Error

A generic unhandled error on the server. The catch-all when nothing more specific applies.

Details
501

Not Implemented

The server does not recognise or support the request method or functionality.

Details
502

Bad Gateway

A gateway or reverse proxy received an invalid response from the upstream server.

Details
503

Service Unavailable

The server is temporarily unable to handle the request — overload, maintenance or a crashed backend.

Details
504

Gateway Timeout

A gateway or reverse proxy did not receive a timely response from the upstream server.

Details
505

HTTP Version Not Supported

The HTTP protocol version used in the request is not supported.

Details
506

Variant Also Negotiates

Server misconfiguration in transparent content negotiation.

Details
507

Insufficient Storage

WebDAV: the server cannot store the representation needed to complete the request.

Details
508

Loop Detected

WebDAV: the server detected an infinite loop while processing the request.

Details
510

Not Extended

Further extensions to the request are required for the server to fulfil it.

Details
511

Network Authentication Required

The client must authenticate to gain network access — typical of captive portals.

Details

Sofortsuche — kein Konto, keine Limits.

Die fünf Statuscode-Klassen

1xx

1xx — Information. Zwischenantworten, während der Server weiterarbeitet: Protokollwechsel, Early Hints. Für Endnutzer selten sichtbar.

2xx

2xx — Erfolg. Die Anfrage wurde empfangen, verstanden und akzeptiert. 200 OK ist der Standard; APIs nutzen auch 201 für Erstellung und 204 für leere Antworten.

3xx

3xx — Umleitung. Der Client muss eine weitere Aktion ausführen, meist dem Location-Header folgen. 301/308 sind permanent, 302/307 temporär, 304 bedeutet „nutze deinen Cache".

4xx

4xx — Client-Fehler. Die Anfrage selbst ist fehlerhaft: ungültige Syntax (400), fehlende Authentifizierung (401), verboten (403), Ressource nicht gefunden (404) oder Rate Limit (429).

5xx

5xx — Server-Fehler. Der Server konnte eine gültige Anfrage nicht erfüllen: unbehandelte Ausnahmen (500), defekte Upstreams (502), Überlast oder Wartung (503), Upstream-Timeouts (504). Diese Codes sollte man überwachen und alarmieren.

Sofort alarmiert, wenn Ihre API einen 5xx liefert

ContinuumNexus prüft Ihre Endpunkte aus mehreren Regionen und benachrichtigt Sie per E-Mail, sobald ein Statuscode kippt.

Häufige Fragen

Was ist der Unterschied zwischen 502, 503 und 504?
Alle drei stammen von einem Gateway oder Load Balancer vor Ihrer Anwendung. 502: Der Upstream lieferte eine ungültige Antwort. 503: Der Dienst ist nicht verfügbar (Überlast, Wartung, abgestürztes Backend). 504: Der Upstream antwortete nicht rechtzeitig.
Was ist der Unterschied zwischen 401 und 403?
401 Unauthorized heißt „nicht authentifiziert" — gültige Zugangsdaten senden und erneut versuchen. 403 Forbidden heißt „authentifiziert, aber nicht berechtigt" — ein erneuter Versuch mit denselben Zugangsdaten hilft nicht.
301 oder 302 für Weiterleitungen?
301 (oder 308) bei dauerhaftem Umzug — Browser cachen es und Suchmaschinen übertragen Ranking-Signale. 302 (oder 307) für temporäre Umleitungen. Muss die HTTP-Methode erhalten bleiben, sind 307/308 gegenüber 302/301 vorzuziehen.
Was bedeutet 429 Too Many Requests?
Der Server begrenzt Ihre Anfragerate: Sie haben mehr Anfragen gesendet als im Zeitfenster erlaubt. Beachten Sie den Retry-After-Header, bauen Sie Backoff in Ihren Client ein oder beantragen Sie ein höheres Kontingent.
Welche Statuscodes sollte ein Uptime-Monitor als „down" werten?
Jeder 5xx ist ein serverseitiger Fehler und sollte alarmieren. Bei 4xx kommt es auf den Kontext an: Ein 404 auf dem Health-Endpoint ist ein Deployment-Fehler, ein 401 kann schlicht fehlende Zugangsdaten des Monitors bedeuten. Tools wie ContinuumNexus erlauben Assertions auf den exakt erwarteten Statuscode.