questions about HTTP status codes

Hello! Here are some questions & answers. The goal isn't to get all the questions "right". Instead, the goal is to learn something! If you find a topic you're interested in learning more about, I'd encourage you to look it up and learn more.

does every HTTP response have a status code?


a status code (like 200) is a required part of every HTTP response. status codes are in 5 classes:

  • 1xx (informational)
  • 2xx (successful)
  • 3xx (redirect)
  • 4xx (client error)
  • 5xx (server error)

is there an canonical list of HTTP status codes?


there are 41 and they're all defined in RFC 7231

is it possible to return a status code that isn't in the HTTP specification like 789?


I tested returning a 789 and Firefox didn't even complain. It's probably better to stick to the regular defined status codes though :)

if you get a 404 not found error, does it always mean you requested a file that doesn't exist on the server?


a server can return a 404 for any reason it wants. Usually it's because either the file is missing, or you requested an endpoint that the server doesn't have any route for.

if you're not authorized to view a resource, will the server always return 403 Forbidden?


again, servers can return any status code they want. For example, GitHub will return 404 Not Found for repositories that exist but that you don't have permission to access. It does this because it doesn't want to leak the information that the repository actually does exist.

if you redirect to another URL using a 301 or 302, how does the browser know what URL to go to?

it's in the Location header!

For example, many sites redirect all non-HTTPS requests to use HTTPS instead:

$ curl -I
HTTP/1.1 301 Moved Permanently

do browsers cache the results of a 302 Found redirect?


302 redirects aren't cached by default, so every time the browser goes to the URL it'll request it again.

do browsers cache the results of a 301 Moved Permanently redirect?


this means that the second time a browser visits a site that's returned a 301, it won't make a request to the original URL at all -- it'll just load the redirect right away. This is why it's dangerous to set up a 301 if you're not 100% sure you want to keep the redirect forever. You can also set the Cache-Control header to only cache the redirect for a limited amount of time.

does 304 Not Modified redirect to another URL?


304 Not Modified is a "redirect" to the browser's cache. Servers can return this header when the client has asked the server whether its cached version of a resource is up to date (with the If-None-Match or If-Modified-Since header).

304 responses don't contain a response body, because the whole point is that the client already has the response cached.