IDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSEIDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSE
Impactr Logoimpactr
FeaturesHow it worksEvidencePricingLearnCompare
  1. Home
  2. HTTP Status Codes

reference

HTTP status codes, with a security lens.

Every HTTP status code explained in plain language - plus what each one means for offensive testing and defense, from 401-vs-403 access control to 429 rate limiting and 500 error disclosure.

1xx Informational

The request was received and the process is continuing.

100ContinueThe client should continue with its request.101Switching ProtocolsThe server is switching protocols as requested.103Early HintsPreload hints sent before the final response.

2xx Success

The request was successfully received, understood, and accepted.

200OKThe request succeeded.201CreatedThe request succeeded and a resource was created.202AcceptedThe request was accepted for processing.204No ContentSuccess with no response body.206Partial ContentThe server is delivering part of the resource.

3xx Redirection

Further action is needed to complete the request.

301Moved PermanentlyThe resource has permanently moved.302FoundThe resource temporarily resides at a different URL.303See OtherRedirect to another URL using GET.304Not ModifiedThe cached version is still valid.307Temporary RedirectTemporary redirect preserving the method.308Permanent RedirectPermanent redirect preserving the method.

4xx Client Error

The request contains bad syntax or cannot be fulfilled.

400Bad RequestThe server cannot process a malformed request.401UnauthorizedAuthentication is required and has failed or is missing.402Payment RequiredReserved for future or payment-gated use.403ForbiddenThe server understood but refuses to authorize the request.404Not FoundThe requested resource does not exist.405Method Not AllowedThe HTTP method is not supported for this resource.406Not AcceptableNo representation matches the Accept headers.408Request TimeoutThe client took too long to send the request.409ConflictThe request conflicts with the current state.410GoneThe resource is permanently unavailable.413Content Too LargeThe request payload is too large.415Unsupported Media TypeThe payload format is unsupported.422Unprocessable ContentThe request is well-formed but semantically invalid.429Too Many RequestsThe client has sent too many requests.431Request Header Fields Too LargeThe request headers are too large.

5xx Server Error

The server failed to fulfill a valid request.

500Internal Server ErrorA generic server-side error occurred.501Not ImplementedThe server does not support the functionality.502Bad GatewayAn upstream server returned an invalid response.503Service UnavailableThe server is temporarily unable to handle the request.504Gateway TimeoutAn upstream server did not respond in time.505HTTP Version Not SupportedThe HTTP version is not supported.511Network Authentication RequiredThe client must authenticate to gain network access.
Impactr Logoimpactr

Built by hackers, for the code you ship. Autonomous AI penetration testing for modern web apps and APIs.

© 2026 Impactr

Product

FeaturesCoverageUse casesEvidencePricingWaitlist

Resources

VulnerabilitiesGuidesComparisonsGlossaryCWE databaseBy industryBy languageHTTP status codesSecurity headers

Company

ContactTwitterLinkedInGitHub