Complete Guide to HTTP Status Codes | Common Error Causes and Solutions
While developing an API, you get a 422 response. In production, a 502 suddenly starts appearing. Whether a redirect is 301 or 302 changes the SEO impact. HTTP status codes are the common language of web development, and understanding them correctly is the first step in troubleshooting.
Five categories of status codes
| Range | Category | Meaning |
|---|---|---|
| 1xx | Informational | Request received and processing |
| 2xx | Success | Request Successful |
| 3xx | Redirection | Additional action required (redirect) |
| 4xx | Client Error | Client-side Issues |
| 5xx | Server Error | Server-side issue |
Code developers encounter most frequently
200 OK — Success
The most basic success response. The API is working as expected.
301 Moved Permanently — Permanent redirect
Used when a URL changes permanently. <strong>For SEO purposes, the authority of the old URL is transferred to the new URL</strong>, making it essential for site migration and HTTPS implementation. Google treats 301 as "signal forwarding".
<strong>Common issue</strong>: Returning 302 when 301 is intended. Apache's <code>Redirect</code> defaults to 302. Explicitly specify <code>Redirect 301</code>.
302 Found — Temporary redirect
Temporary redirect. Used for A/B testing and maintenance detours. SEO value is not transferred.
304 Not Modified — Cache valid
Returned when the browser sends a conditional request with <code>If-Modified-Since</code> or <code>If-None-Match</code> headers and the resource has not changed. <strong>No body is sent</strong>, so bandwidth can be saved.
400 Bad Request — Invalid request
The server cannot parse the request. Cause: Invalid JSON, missing required parameters, or Content-Type mismatch.
# よくあるミス: Content-Type を指定していない
curl -X POST https://api.example.com/users -d '{"name":"Alice"}'
# → 400 (Content-Type: application/json が必要)
# 正しい
curl -X POST https://api.example.com/users \
-H 'Content-Type: application/json' \
-d '{"name":"Alice"}'401 Unauthorized — Authentication required
Missing or invalid authentication credentials. Bearer token has expired, or API Key is incorrect.
403 Forbidden — Access denied
Authentication passed, but authorization failed. For example, when a regular user accesses an admin-only endpoint. The difference from 401 is "presence/absence of authentication" vs "presence/absence of authorization."
404 Not Found — Resource not found
The most famous error. Caused by URL typos, deleted pages, or routing configuration mistakes. For SEO purposes, using <code>410 Gone</code> to indicate 「intentionally deleted」 is sometimes preferable.
413 Payload Too Large — Size exceeded
Frequently encountered in file uploads. Check Nginx's <code>client_max_body_size</code> (default 1MB), PHP's <code>upload_max_filesize</code>, and API Gateway limits.
422 Unprocessable Entity — Validation Error
JSON syntax is correct but invalid from a business logic perspective (invalid email format, empty required field, etc.). REST APIs typically return this for validation errors.
429 Too Many Requests — Rate Limiting
Too many requests sent in a short time. The <code>Retry-After</code> header indicates how many seconds to wait. Countermeasure: Implement exponential backoff.
500 Internal Server Error — Server Internal Error
Unhandled exceptions, NULL references, configuration file errors. <strong>Most dangerous error type</strong>. Always check server logs.
502 Bad Gateway — Upstream Server Anomaly
The reverse proxy (Nginx) failed to connect to the upstream PHP-FPM / Node.js / Python WSGI or received an invalid response. Check for upstream process restart, insufficient memory, or socket connection timeouts.
503 Service Unavailable — Service Temporarily Unavailable
Maintenance or server overload. Include a <code>Retry-After</code> header to inform the client to wait.
504 Gateway Timeout — Upstream Timeout
Upstream server did not respond in time. Heavy DB queries, external API delays. Check Nginx's <code>proxy_read_timeout</code>.
DevLab Status Code Search Tool
<a href="/ja/tools/http-status/">HTTP Status Code Search Tool</a> lets you instantly search by code number or keyword (e.g., "redirect", "forbidden", "timeout"), and view the meaning, cause, and solution for each code in a single list. Works entirely in your browser with no sign-up required.
Related tools: <a href="/ja/check/headers/">HTTP header validation</a>, <a href="/ja/check/redirect-chain/">redirect chain tracing</a>, <a href="/ja/check/security/">security diagnosis</a>.
Summary
HTTP status codes are the common language between server and client. Key knowledge includes the SEO impact of 301 vs 302, validation distinction between 400 vs 422, and infrastructure diagnostics for 5xx codes. When in doubt, first check the status code and apply the remedies above.