Tips / Nginx

Understanding Common HTTP Status Codes

When you surf the World Wide Web, a lot of things happen at the same time. When you visit a URL, a lot of code is getting executed and rendered; information is going up and down from the servers to the clients, and vice versa. When you make an HTTP request, you need to understand the status of that request.

For example, while loading from your browser, you may get:

HTTP/1.1 200 OK
Server: nginx
Vary: Accept-Encoding,Cookie
X-Cacheable: SHORT
Cache-Control: max-age=600, must-revalidate

You can see that information using curl from the terminal:

curl -I

The important part is the first line, the HTTP/1.1 status code. In this example, you get this:

HTTP/1.1 200 OK

That’s the part of the request that you’re going to explore today: HTTP Status Codes.

List of most important HTTP Status Codes

Before you get into the list, you must know the 4 important categories:

  • Success Codes (2xx)
  • Redirection Codes (3xx)
  • Client Side Error Codes (4xx)
  • Server Side Error Codes (5xx)

Success Codes (2xx)

200 OK: This status code indicates that the request was made successfully. If you see a 200 status code, then your page was served OK (without any issues) by your web server.

206 Partial Content: The 206 status code is sent only when the User Agent (client browsing) requests a specific range of the file, rather than the entire file. This status code is very common on audio and video players, where the client requests small parts of the file at a time.

Redirection Codes (3xx)

301 Moved permanently: This is used for permanent HTTP redirection from one URL to another. This is a normal HTTP code when you place a redirection between to, for example. It indicates that the content has been permanently redirected to another place.

You can easily check this using curl:

[webtech@localhost ~]$ curl -I
HTTP/1.1 301 Moved Permanently
Server: nginx
Vary: Accept-Encoding
X-Cacheable: non200

In this example, you get a 301 state because all requests made to are being redirected to

302 Found: This is often used for HTTP temporary redirection. The main difference between the 301 status code and the 302 status code is from the SEO point of view. When Google is crawling your pages, it will find a 302 response, which means that you placed a temporary redirection, instead of a permanent redirection.

Client Side Error Codes (4xx)

403 Fobidden: This error means that you don’t have permission to access the URL you are looking for. This is a very common error and can have various causes:

  1. If you don’t have any index file in your web root (document root) directory, most of the servers will show you 403 errors. That’s normal because they don’t have the Indexes ( properly activated to prevent attackers from seeing what you have inside the directory.
  2. If your files and directories don’t have the proper Unix/Linux permissions (for example: 700, 000, etc.), you won’t be able to read the file. A more common circumstance is that the permissions on the file or directory being requested don’t allow access by the web server’s user. If the web server is running as user, “www-data”, any files you want the web server to serve will have to be accessible by the user, “www-data”.
  3. If you have placed a URL protected area that only allows access by IP, all of the denied requests will show a 403 Forbidden error.

404 Not found: This is one of the most common codes. A 404 status code means that the file you are looking for is not there; it doesn’t exist at the server file system. Make sure that your file exists, and also check your web server configuration. A bad HTTP configuration can cause this kind of status code.

405 Method not allowed: This happens when you request something using a request method that is not supported. For example, you might be using GET on a form that requires data to be sent via POST.

406 Not acceptable: This means that the requested resource is generating unacceptable content, according to the Accept headers present in the request made. On some mod_security installations, you can get 406 error codes when you hit some mod_security rules with your HTTP request.

Server Side Error Codes (5xx)

500 Internal Server error: This status code is a kind of catch-all when your app doesn’t proceed in the way the server expects. It can be an .htaccess misconfiguration, a rewrite problem, a file permission error if you are using suPHP or a wrong owner of your files or directories. Review your app logs and enable more debugging levels.

502 Bad gateway: This is a pretty common one if you are using Nginx web server, if the the server was acting as a proxy (for example: for Apache on the backend) and received an invalid response from the backend service (Apache, PHP-FPM, or anything you are running behind the proxy). If you are using Nginx, read more: 502 Bad gateway

504 Gateway timeout: This is the same as the 502 status code. In this case, the timeout error is often generated by a different number of reasons on the backend connection. Check your backend service (Apache, PHP-FPM, Service timeouts, etc). If you are using Nginx, read more: 504 Gateway Timeout


Given the complexity of web applications and how they work, having a clear understanding of HTTP status codes can help you to solve problems quickly and point you in the right direction to solve the issues from the root. After reading this tutorial, you should be able to understand the most common HTTP status codes.

If you want to see the full list of HTTP status codes, Wikipedia has a great detailed list.

Popular search terms:

  • error code nginx http
  • what status code is give nginx deny conf
  • nginx code
  • nginx error codes

Esteban Borges

Linux Geek, Webperf Addict, Nginx Fan. CTO @Infranetworking