The 4xx class of status code is intended for cases in which the
client seems to have erred. Except when responding to a HEAD request,
the server SHOULD include an entity containing an explanation of the
error situation, and whether it is a temporary or permanent condition.
These status codes are applicable to any request method.
User agents SHOULD display any included entity to the user.
Note: If the client is sending data, a server implementation using TCP
should be careful to ensure that the client acknowledges receipt of
the packet(s) containing the response, before the server closes the
input connection. If the client continues sending data to the server
after the close, the server's TCP stack will send a reset packet to
the client, which may erase the client's unacknowledged input buffers
before they can be read and interpreted by the HTTP application.
400 Bad Request
The request could not be understood by the server due to malformed
syntax. The client SHOULD NOT repeat the request without
The request requires user authentication. The response MUST include
a WWW-Authenticate header field containing a challenge applicable to
the requested resource. The client MAY repeat the request with a
suitable Authorization header field. If the request already included
Authorization credentials, then the 401 response indicates that
authorization has been refused for those credentials. If the 401
response contains the same challenge as the prior response, and the
user agent has already attempted authentication at least once, then
the user SHOULD be presented the entity that was given in the
response, since that entity MAY include relevant diagnostic
402 Payment Required
This code is reserved for future use.
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated. If
the request method was not HEAD and the server wishes to make public
why the request has not been fulfilled, it SHOULD describe the reason
for the refusal in the entity. This status code is commonly used when
the server does not wish to reveal exactly why the request has been
refused, or when no other response is applicable.
404 Not Found
The server has not found anything matching the Request-URI. No
indication is given of whether the condition is temporary or
If the server does not wish to make this information available to
the client, the status code 403 (Forbidden) can be used instead. The
410 (Gone) status code SHOULD be used if the server knows, through
some internally configurable mechanism, that an old resource is
permanently unavailable and has no forwarding address.
405 Method Not Allowed
The method specified in the Request-Line is not allowed for the
resource identified by the Request-URI. The response MUST include an
Allow header containing a list of valid methods for the requested
406 Not Acceptable
The resource identified by the request is only capable of
generating response entities which have content characteristics not
acceptable according to the accept headers sent in the request.
Unless it was a HEAD request, the response SHOULD include an entity
containing a list of available entity characteristics and location(s)
from which the user or user agent can choose the one most appropriate.
The entity format is specified by the media type given in the
Content-Type header field. Depending upon the format and the
capabilities of the user agent, selection of the most appropriate
choice may be performed automatically. However, this specification
does not define any standard for such automatic selection.
Note: HTTP/1.1 servers are allowed to return responses which are
not acceptable according to the accept headers sent in the request. In
some cases, this may even be preferable to sending a 406 response.
User agents are encouraged to inspect the headers of an incoming
response to determine if it is acceptable. If the response could be
unacceptable, a user agent SHOULD temporarily stop receipt of more
data and query the user for a decision on further actions.
407 Proxy Authentication Required
This code is similar to 401 (Unauthorized), but indicates that the
client MUST first authenticate itself with the proxy. The proxy MUST
return a Proxy-Authenticate header field containing a challenge
applicable to the proxy for the requested resource. The client MAY
repeat the request with a suitable Proxy-Authorization header field.
408 Request Timeout
The client did not produce a request within the time that the
server was prepared to wait. The client MAY repeat the request without
modifications at any later time.
The request could not be completed due to a conflict with the
current state of the resource. This code is only allowed in situations
where it is expected that the user might be able to resolve the
conflict and resubmit the request. The response body SHOULD include
enough information for the user to recognize the source of the
conflict. Ideally, the response entity would include enough
information for the user or user agent to fix the problem; however,
that may not be possible and is not required.
Conflicts are most likely to occur in response to a PUT request. If
versioning is being used and the entity being PUT includes changes to
a resource which conflict with those made by an earlier (third-party)
request, the server MAY use the 409 response to indicate that it can't
complete the request. In this case, the response entity SHOULD contain
a list of the differences between the two versions in a format defined
by the response Content-Type.
The requested resource is no longer available at the server and no
forwarding address is known. This condition SHOULD be considered
permanent. Clients with link editing capabilities SHOULD delete
references to the Request-URI after user approval. If the server does
not know, or has no facility to determine, whether or not the
condition is permanent, the status code 404 (Not Found) SHOULD be used
instead. This response is cache-able unless indicated otherwise.
The 410 response is primarily intended to assist the task of web
maintenance by notifying the recipient that the resource is
intentionally unavailable and that the server owners desire that
remote links to that resource be removed. Such an event is common for
limited-time, promotional services and for resources belonging to
individuals no longer working at the server's site. It is not
necessary to mark all permanently unavailable resources as "gone" or
to keep the mark for any length of time -- that is left to the
discretion of the server owner.
411 Length Required
The server refuses to accept the request without a defined Content-
Length. The client MAY repeat the request if it adds a valid
Content-Length header field containing the length of the message-body
in the request message.
412 Precondition Failed
The precondition given in one or more of the request-header fields
evaluated to false when it was tested on the server. This response
code allows the client to place preconditions on the current resource
meta information (header field data) and thus prevent the requested
method from being applied to a resource other than the one intended.
413 Request Entity Too Large
The server is refusing to process a request because the request
entity is larger than the server is willing or able to process. The
server may close the connection to prevent the client from continuing
If the condition is temporary, the server SHOULD include a
Retry-After header field to indicate that it is temporary and after
what time the client may try again.
414 Request-URI Too Long
The server is refusing to service the request because the
Request-URI is longer than the server is willing to interpret. This
rare condition is only likely to occur when a client has improperly
converted a POST request to a GET request with long query information,
when the client has descended into a URL "black hole" of redirection
(e.g., a redirected URL prefix that points to a suffix of itself), or
when the server is under attack by a client attempting to exploit
security holes present in some servers using fixed-length buffers for
reading or manipulating the Request-URI.
415 Unsupported Media Type
The server is refusing to service the request because the entity of
the request is in a format not supported by the requested resource for
the requested method.