The Ultimate Guide to HTTP Status Codes
Table of contents
Chapter 1: Introduction
HTTP status codes are a response to a request for a webpage. Every time you type in a URL, click a link or get a search result, you are essentially requesting a document or web page from a server. HTTP status codes are 3-digit codes (like 200 OK, or 404 Not Found) sent from a web server to let people and search engines know if there were any mistakes in the request or any problems with the server trying to process the request.
HTTP status codes are important to diagnosing website issues, like if a web server is not working and not serving pages or if improper links have been created on a website that doesn’t work. Catching all these issues quickly is really important to provide a good experience for people and search engines. If you want to rank well in search engines, you need to make sure your website is always working properly by reviewing status codes reported by the server.
There are five HTTP status code categories or classes. The first number indicates the class of the status, and there are specific codes in each class. Each specific status code usually has a descriptive word attached to it, like “OK” or “Moved Permanently,” but some servers can provide varied descriptions.
1xx category, informational response
These status codes don’t provide much useful information (despite the name). These indicate the server is still processing. You will likely never see status codes in the 100s.
2xx category, success
The best kind of status: success! The most common is 200 OK, which you hope your server is responding with most often. A successful response code indicates to the client that the request was fulfilled and they're getting what they wanted.
3xx category, redirection
These indicate the page or resource requested has moved. It also sends the new URL, which the client then automatically requests. When this happens in your web browser, you may not even notice the redirect because it happens quickly. You might see the URL you end up on is not the same as the one you clicked. The most common status code here is 301 Moved Permanently.
4xx category, client error
These codes indicate a client error, usually meaning that the client has requested a resource that does not exist or is not allowed. This category contains the most recognizable status code: 404 Not Found.
5xx category, server error
These codes indicate the server encountered an error or is undergoing temporary maintenance or downtime.
The IANA (Internet Assigned Numbers Authority) is a standards organization that maintains the official list of status codes. A server can be configured to return other unofficial status codes if desired.
This article will cover the more common status codes an SEO or marketing professional might encounter. We’ll also learn how to fix common issues and how Google interprets these status codes.
These definitions are helpful to understand first:
- Client: software or hardware that can make requests to a server. Examples would be a web browser, email client, PC, or mobile device.
- Server: software or hardware that accepts requests and sends data back to the client. A server is usually another computer separate from the client.
- Proxy server: a server that takes requests and sends them to another server for processing.
- HTTP: stands for HyperText Transport Protocol, the foundational protocol that defines how clients and servers communicate or transfer data.
- HTTPS: the secure version of HTTP. This encrypts data before transporting it across the Internet.
- HSTS: a web security policy added to HTTPS that forces a client’s HTTP requests always to be HTTPS. This policy is cached in a client’s browser after their first HTTP request.
- HTTP Header: carries additional information to HTTP response or request
Chapter 2: Common HTTP status codes and examples
This means that the request was successful, and the client received what they asked for.
301 Moved Permanently
The 301 status code is crucial for websites changing URLs, especially concerning search engine optimization. If you change the URL of a webpage, you must set up redirection to maintain the link value and search engine rankings for that page. A redirect sends people and search engines to the new URL.
A redirect has a Source URL and a Destination URL.
For example, your site has a page with this URL:
https://www.callrail.com/phone-numbers/ (This is the original, or Source URL)
A new page was developed, which required a new URL:
https://www.callrail.com/call-tracking/setup/phone-numbers/ (This is the new, or Destination URL)
When a redirect is set up, anyone who requested the old (Source) URL is automatically redirected to the new (Destination URL).
If you neglect to set up redirection on a URL that changes, then all the links to that old URL are now broken (404). Setup redirection so all links and SEO value continue to flow to the new page.
302 Found (Moved Temporarily)
The 302 status is used for temporary redirection. This status indicates that future requests should continue to use the original URL, not the new destination URL.
A 302 might be used if you wanted to send everyone coming to the homepage to a different page for a short term offer or special message. Some A/B tests might use a 302 to send users to a test version. There are usually better ways to accomplish the same experiences without changing a URL and setting up a redirect. 301 redirection is preferred for SEO over the 302.
304 Not Modified
This status code means the document requested has not changed and is already cached on your computer (the client). The server is telling your machine to load the locally cached version.
307 Temporary Redirect
The 307 status code is a stricter, more secure version of a 302. The 307 and 308 status codes were designed to not allow a change from POST to GET. The GET method should not be used for passwords or sensitive information because the data would be sent unencrypted in the URL.
307 Internal Redirect (with HSTS)
There’s another use for the 307 status code in conjunction with HSTS (Strict Transport Security). The HSTS policy tells a browser never to request the non-secure HTTP again. Any future requests will always change to HTTPS on the client-side before it gets to the server. That change on the client side results in a 307 Internal Redirect. You may see this response in a web crawler like Screaming Frog if a site has HSTS implemented.
308 Permanent Redirect
This status code was created as a stricter, more secure version of a 301. Similar to the 307, it also does not allow a change from POST to GET method. You likely won’t see a 308 status unless submitting form data that require additional security and needs redirection.
404 Not Found
Perhaps the most infamous status code of them all: 404 Not Found. This one is pretty simple, the URL that was requested has nothing there, BUT there might be something available later, so feel free to keep requesting. That last part is important, especially for web crawlers like Googlebot. There are many different reasons why a page might go 404, and search engines will continue to check the URL, if they’ve found it in the past or if there are links to it.
This is very similar to a 404, except the server declares, “it’s gone, and it ain’t coming back.” Don’t bother rechecking this.
429 Too many requests
You may see a 429 status code in your web crawler if the server is rate-limiting requests to protect from overloading. Some servers may simply stop responding if you go over a specified limit of URLs per second, in which case you might get a “0” or “No Response” returned.
500 Internal Server Error
This is somewhat of a catch-all error indicating the server encountered an error or something it did not expect. The request is not successful. A developer will understand there’s a problem with the server or the request that needs to be fixed. If a search engine is getting many server errors, it will reduce or stop crawling a website. Google reports server errors they encounter on your site in the Google Search Console Index Coverage Report.
502 Bad Gateway
The 502 status indicates the server, acting as a gateway or proxy server, received an invalid response from another server. A proxy server takes requests and sends them to another server for processing. The 502 error happens when an upstream server sends back an invalid response.
503 Service Unavailable
The 503 status code indicates the server is busy, overloaded, or down for maintenance. The status is generally understood to be temporary, and the resource should be available later. If a 503 is configured for server maintenance, it’s a best practice to include a time when the website will be available again.
504 Gateway Timeout
The 504 status code is returned when a server acting as a proxy runs out of time waiting for a response from an upstream server.
Chapter 3: How to check HTTP status codes
There are many ways you can check status codes and full HTTP headers or server headers. The status code is just part of the more detailed HTTP server header returned. Here a couple.
There are several online tools that offer bulk URL checks on HTTP status and server headers. The server header information contains additional information on the status, like cache expiration timing.
You can add browser plugins that can check redirects as you request them in your browser too. Here are a few top plugins
A web crawler is excellent for checking a long list of URLs or crawling an entire site. Most web crawlers can be configured to extract the entire HTTP header, and response codes are always reported by default. Screaming Frog is one of the best choices and has several advanced reports around status codes, redirect chains, and HTTP headers it can export as well.
Chapter 4: How to use HTTP status codes correctly
When to use 301 redirection (or when not to)
Don’t change URLs unless you really have to.
Google representative John Mueller says, “Avoid changing URLs unless you have a really good reason to do so, and you're sure that they'll remain like that in the long run.”
If you do change URLs, always set up redirection. It’s better than leaving the old URL 404 Not Found.
Don’t set up redirection on your root domain to a folder. Example: https://domain.com/ → https://www.domain.com/home/ You can do this, but it’s not recommended. You might end up with more redirects than you bargained for if you have a non-www to www redirect and HTTP to HTTPS redirect. The root domain tends to be linked often without a folder. You may end up wasting crawl budget or losing PageRank.
Don’t redirect a page to a non-relevant page. Links must maintain relevance to maintain value. If you redirect a page about dog training to a page that sells dog toys, you will lose any link value associated with the original page because any existing links won’t have the proper context now.
Don’t redirect all your pages to the homepage. Doing so would result in the loss of all link value for a site because the homepage is not a suitable replacement for every other page on a website.
301 to 404
This one is pretty easy, don’t set up redirects to a 404 page. PageRank will stop flowing if it hits a 404 page. If you’ve configured redirects on many pages, check that all the source URLs 301 redirect to correct Destination URLs, which result in status code 200 OK.
301 to 301 (Stacked redirection)
A redirect to another URL that redirects again is OK but not optimal. Each redirect is another request. Too many redirects can cause problems for search engine web crawlers.
Google representative John Meuller stated that Google will only follow up to 5 hops in a redirect chain. It’s best practice to keep the number of redirects to a minimum. Some sites may have gone through several URL changes that add up over time.
Let’s say you’ve maintained a site for ten years and changed a page URL 4 times during that time (not recommended). You might have a string of 4 redirects: URL1 -> URL2 -> URL3 -> URL4. Best practice is to configure all URL variants to 301 directly to the final destination: URL1 -> URL4, URL2 -> URL4, URL3 -> URL4.
301 vs. 302 redirection
In almost every instance, with regards to SEO, a redirect should be a 301 and not a 302.
“both of these redirects [301 and 302] pass PageRank, it is just a matter of which of these URLs we actually show in the search results.. When we recognize it is actually more like a permanent redirect and 302 is something that you may have accidentally set up, then we do treat that as a 301.”
In other words, Google considers the 302 as a possible mistake and will eventually treat it as a permanent redirect.
301 redirection is a best practice because it works quickly, and there is no possibility of confusion for a search engine. You always have the option to modify or remove a permanent redirect after it’s configured. Google will pick up the change.
307 & 308 redirection
These are secure versions of the 301 and 302 redirect, temporary and permanent. You only need this added security if submitting secure form data to a server. For redirecting one URL to another URL, the 301 redirection is what you’ll want to use.
Page Not Found with 200 status (Soft 404)
A soft 404 is a page that tells users nothing has been found but returns a 200 OK status code. It can also be an empty or mostly empty page with a 200 status. If a page says “not found” or is blank, the proper status code is 404. The 404 helps the search engine understand and differentiate pages with errors.
Page Not Found with 301 status
Don’t try to redirect your 404 pages automatically. That might sound like a great solution to reduce 404s, but you need to know when and where errors happen on a website. Some systems will redirect a 404 to their best guess of the correct page, resulting in mistakes and missing major site issues. Identify the cause of 404s when they're reported so the best solution can be put in place.
Chapter 5: How to fix common HTTP status code errors
Fixing 404 status code
Why is there a 404?
There are many reasons why a page may return a 404, like:
The URL changed, and no redirection setup
An incorrect link, mistyped
Incorrect redirection setup
CMS (Content Management System) publishing issues
DNS or Server issues
How to find 404s
You can find a list of 404s by crawling your site with a web crawler and checking the response codes for pages. Some online SEO tools like Moz, SEMrush, and AHREFs use scheduled cloud-based web crawlers to report many issues, including 404s.
Google Search Console’s Coverage report is a great way to see errors that Google has picked up. Be sure to check the “Excluded” URLs tab, where you may find some 404s listed under Not Found (404), Crawl Anomaly, and Soft 404.
- How to fix 404s
The most common solution to a 404 is to set up redirection to the new, correct URL, but don’t assume they all need redirection. It’s a good idea to figure out what happened first.
For example, someone mistakenly changed a URL from A to B, which creates a 404 on URL A. Instead of redirecting A to B, you might prefer to change it back to the original A version as quickly as possible. You could also redirect B to A in case a search engine had crawled the incorrect B URL.
If you see a 404 reported on your site, you might set up a redirect to fix it, but it’s a best practice to find where that link is and correct the link as well. You may find a deeper issue upon investigation.
It’s common to make mistakes in redirection, and if that is causing a 404, you want to fix the redirect configuration rather than adding more redirection.
If you notice that many URLs you expect to be correct are 404, you may have to investigate the web application, server, or DNS (domain name server) settings to ensure everything is working.
Fixing 301 redirection issues
- Fix internal links that 301 redirect
If you’ve recently changed URLs, but the original URLs still exist throughout your website, it’s best practice to update your links to the new URLs. Reducing links that redirect improves crawl budget by cutting back the number of requests a search engine web crawler needs to make. Consider if every link on a website were a redirect, it would double the number of requests required to crawl all the pages.
- Fix redirect loops If you accidentally set up a redirect loop from URL1 -> URL2 -> URL1, it will loop forever or until a client realizes it’s a loop and should stop requesting. You’ll need to remove the redirection on the intended destination URL.
Fixing 500 status code
- The 5xx status codes indicate a problem with the server. You will probably need a network engineer, DevOps, or whoever manages website hosting to help figure these out.
- The 503 status code is usually an intentional setup for server maintenance. It’s a best practice to serve 503 responses with a check back time to indicate when the server will be available again.
Chapter 6: Custom HTTP status code solutions
Custom 404 page
It’s a good idea to set up a custom Not Found page with a 404 response and several links to guide users to other helpful resources. Sometimes we make fun 404 pages, an opportunity to leave a good brand impression for some people that didn’t find what they were looking for.
Redirection for index cleanup
In some cases, duplicate or incorrect URLs may get indexed by a search engine. The best way to get these out of the search index is to 301 redirect them to the closest matching page. Don’t neglect to find and fix the root cause first.
410 gone + sitemap files Another solution to removing URLs from Google’s index is to serve 410 gone status code. If you want Google to process these quickly, set up an XML sitemap of the URLs with 410 gone status and submit the sitemap via Google Search Console.
Chapter 7: Funny HTTP status sodes
418 I'm a teapot
The 418 status code is part of a satirical Hyper Text Coffee Pot Control Protocol (HTCPCP), a protocol for controlling, monitoring, and diagnosing coffee pots. It’s meant to poke fun at some of the inappropriate ways HTTP has been extended over the years. The error code indicates a request to brew coffee went to a teapot, which certainly cannot make a cup of coffee. Google has a page that uses a 418.
420 Enhance Your Calm (Twitter)
Twitter implemented the 420 status code error to rate-limit apps making too many requests. This not-so-secret reference to cannabis was likely a way of telling applications to “chill out, man.” As a result of the usefulness, the IETF officially created the 429 Too Many Requests status code.
451 Not Available for Legal Reasons
The 451 status code indicates content prohibited by the government or copyright law. The code’s origin is a reference to the novel Fahrenheit 451, where a dystopian government has banned books. The status code was deemed useful enough to be officially adopted, but most of the time, a webmaster will redirect or 404 content demanded to be taken down for legal reasons.
HTTP Status Dogs
Now that you’ve learned about HTTP status codes, you’ll have a good basis for learning how search engines crawl and index the Internet.