General IT and learning layerBeginner23 min read

What Does Status code Mean?

Reviewed byJohnson Ajibi· Senior Network & Security Engineer · MSc IT Security

This page mentions older exam versions. See the Legacy Exam Context section below. No direct current exam mapping is configured for this term yet — use the latest vendor objectives for your target exam.

On This Page

Quick Definition

A status code is a short number that a web server sends back to your browser after you ask for a webpage or data. It tells you if the request worked, if you need to do something else, or if something went wrong. Think of it like a quick reply from a help desk that says everything is fine, you have to move, or there is a problem.

Commonly Confused With

Status codevsHTTP response body

The status code is the numeric code in the response header that indicates the outcome of the request. The response body is the actual data sent back, like the HTML of a webpage or a JSON object. A status code can be 200 OK while the body contains an error message if the application logic failed.

A server returns 200 OK but the body says Sorry, we could not find that item. The status code says success, but the content is actually an error message.

Status codevsHTTP request method

A request method (GET, POST, PUT, DELETE) tells the server what action the client wants to perform. The status code is the server's response to that action. They are related but different: a GET request might return 200 OK, while a POST request might return 201 Created.

If you use GET to ask for a file, a 200 means you got it. If you use POST to create a new user, a 201 means the user was created successfully.

Status codevsTCP/IP error

Status codes are at the application layer (HTTP). TCP/IP errors happen at the transport or network layer, such as connection timeouts or host unreachable. A status code is only received if the TCP connection was established and an HTTP response was sent.

If a server is completely down, you get a TCP error like connection refused, not an HTTP status code. A 500 Internal Server Error means the server was reachable but had a problem.

Must Know for Exams

Status codes are a staple of general IT certification exams, including CompTIA A+, Network+, Security+, and the Cisco Certified Network Associate (CCNA) curriculum. They also appear heavily in cloud certification exams like AWS Certified Cloud Practitioner and Microsoft Azure Fundamentals. In the CompTIA A+ exam (220-1101 and 220-1102), you may be asked to identify the meaning of a status code when troubleshooting web connectivity issues. For example, a question might describe a user who gets a page cannot be displayed message, and you need to know whether that corresponds to a 404, 403, or 500 error.

In the CompTIA Network+ exam (N10-008), status codes are part of the network operations and troubleshooting objectives. You might see questions that ask you to interpret HTTP status codes from a web server log to determine the type of fault. For instance, a log showing repeated 503 errors could indicate a server overload, while a log with many 404 errors might point to a broken link or a misconfigured web server. The exam expects you to differentiate between client-side and server-side errors based solely on the code.

In the Security+ exam (SY0-601), status codes become important for understanding web application attacks. A 403 Forbidden might indicate an access control issue that could be exploited. A 302 redirect could be used in phishing attacks. You may be asked to analyze a scenario where a server returns a specific status code and identify the security implication. For cloud exams, knowing the difference between a 200 OK and a 201 Created is important when working with REST APIs. Many cloud certification questions present an API response and ask you to determine what action was performed based on the status code.

The most common exam question pattern is a multiple-choice question that presents a troubleshooting scenario. For example: A user reports that when they try to access https://example.com/images/logo.png, they get an error. The web server log shows a 404 status code. What is the most likely cause? The correct answer is that the file does not exist at that path. Another typical question: A web server returns a 500 status code when a user submits a form. What is the likely issue? The answer is a server-side script error. Mastering status codes means you will be able to answer these questions confidently and quickly.

Simple Meaning

When you use your computer or phone to visit a website, you are sending a request to a remote server. That server processes your request and then sends back a response. A status code is a three-digit number embedded in that response that summarizes the outcome in a very concise way. It is like a shorthand message that tells your browser what happened behind the scenes.

Imagine you order a pizza by phone. The pizza shop might say different things back to you. They could say Your pizza is being made now, which is good and means success. Or they could say You need to pick up the pizza at the store instead, which is a redirection. Or they might say We are out of dough, sorry, which is an error on their side. Or they could say You gave us the wrong address, which is an error on your side. A status code works exactly like those three types of replies.

The first digit of the code is the most important. Codes that start with 1 mean the server is still working on it. Codes that start with 2 mean everything worked fine. Codes that start with 3 mean you need to go somewhere else for the information. Codes that start with 4 mean there is a mistake in your request. Codes that start with 5 mean there is a problem on the server side. This simple grouping helps IT professionals diagnose issues very quickly without reading long error messages. When you study for IT certifications, you will need to memorize the most common codes and what they mean, because they are the first clue in troubleshooting network and web application problems.

Full Technical Definition

In the context of the Hypertext Transfer Protocol (HTTP), a status code is a three-digit integer returned by a server in the first line of an HTTP response message. The code is defined by the Internet Engineering Task Force (IETF) in RFC 7231 and related specifications. The status code is always accompanied by a human-readable reason phrase, such as OK or Not Found, but it is the numeric code that automated systems and browsers use to determine the next action.

The status code is divided into five classes based on its first digit. A 1xx code is informational and indicates that the request has been received and the server is continuing to process it. These are rarely seen by end users in modern web browsing. A 2xx code means the request was successfully received, understood, and accepted. The most common is 200 OK, which signifies that the requested resource has been sent in the response body. A 3xx code indicates redirection, meaning the client must take additional action to complete the request. For example, a 301 Moved Permanently tells the client that the resource has a new URI, and all future requests should use that new URI. A 4xx code signals a client error. The server understands the request but cannot fulfill it because of something the client did wrong. The classic 404 Not Found is a client error, meaning the requested resource does not exist on the server. Finally, a 5xx code indicates a server error, where the server failed to fulfill a valid request. The most famous is 500 Internal Server Error, a generic catch-all for unexpected server conditions.

In real IT implementation, status codes are crucial for debugging and monitoring. Web servers, load balancers, and content delivery networks log every status code returned. IT professionals use these logs to identify patterns of failure, such as spikes in 404 errors indicating broken links, or repeated 503 Service Unavailable errors pointing to server overload. Firewalls and intrusion detection systems may also filter traffic based on status codes, blocking requests that generate too many 403 Forbidden responses. When studying for general IT certifications, you need to understand not just what each code means, but also how to interpret them in logs and network captures. For example, a 302 Found redirect might be used legitimately for temporary page moves, but it can also be a sign of a redirect-based attack. Knowing the difference between a 301 and a 302 is a common exam distinction.

Real-Life Example

Think about sending a letter to a government office to request a copy of a public record. You mail the letter and wait for a reply. The reply you get back is like a status code.

If you get a letter back that says Your request has been processed and here is your document, that is a 200 OK. Everything worked perfectly. The server (the office) processed your request and sent you the data you wanted. Now imagine you sent your letter to an old address of the office. You get a reply that says We have moved. Please send your request to this new address. That is a 301 Moved Permanently. The server tells you where to go instead, and your browser will automatically follow that new address if it understands the code.

What if you send a letter but you accidentally wrote the wrong department name? You get a reply that says Department not found here. That is a 404 Not Found. The server cannot find what you asked for, and it is usually your mistake. But sometimes the office has the department, but the door is locked because you do not have the right badge. That is a 403 Forbidden. You found the location, but you are not allowed in.

Now imagine you sent your letter with perfect details, but the office printer broke and all their staff are on lunch break. You get a reply saying We are temporarily unable to handle your request. That is a 503 Service Unavailable, a server error. The problem is not with your request, it is inside the office. In IT, when a website is down for maintenance, visitors often see a 503 error. Understanding these codes helps you know whether to fix your own request (client error) or wait for the server owner to fix their problem (server error).

Why This Term Matters

Status codes are the language that servers and clients use to communicate about the state of a request. For an IT professional, knowing how to read and interpret status codes is like knowing how to read warning lights on a car dashboard. Each code tells you where to start looking for a problem. If you see a 4xx code, you know the issue is likely in the request or the client-side configuration. If you see a 5xx code, you know the problem is on the server side. This simple distinction saves hours of troubleshooting time.

In practical IT support, status codes appear in browser developer tools, server logs, API responses, and network monitoring software. When a user complains that a website is not loading, the first thing a help desk technician might do is check the status code in the browser's network tab. If the code is 200, the page loaded fine, so the issue might be with the user's local cache or display settings. If the code is 404, the link is broken. If the code is 500, the server needs attention. Without this knowledge, a technician might waste time checking cables and IP addresses when the real problem is a misconfigured web application.

For IT certification learners, status codes are a foundational concept that appears across multiple domains. They are covered in networking, web development, security, and cloud computing. Understanding status codes helps you understand how the web works, how APIs function, and how to debug distributed systems. Many certifications include scenario-based questions where you must identify the correct status code for a given situation, or interpret a log file to find the root cause of an outage. Mastering status codes gives you a practical skill that you will use every day in IT work.

How It Appears in Exam Questions

Status code questions in IT certification exams generally fall into several patterns. The first pattern is direct definition questions. You are asked: Which HTTP status code indicates that a resource has been permanently moved? The correct answer is 301. These questions test your memory of the most common codes. The second pattern is scenario-based troubleshooting. For instance: A help desk technician receives a report that users cannot access a company's internal web application. The technician checks the server log and sees the following entries: [error] client xxx.xxx.x.x returned 503. What does this status code indicate? The answer: the server is temporarily unable to handle the request, likely due to overload or maintenance.

The third pattern is comparison questions. The exam might ask: What is the difference between a 301 and a 302 redirect? The correct answer is that a 301 indicates a permanent move and search engines will update their indexes, while a 302 indicates a temporary move and the original URL should continue to be used. The fourth pattern is log analysis. You are given a snippet of a web server log with multiple status codes and asked to identify which entries indicate client errors. You must pick out all the 4xx codes. The fifth pattern is configuration and debugging. A question might describe a situation where a web application returns a 403 Forbidden when a user tries to access a specific page. You need to know that this likely means permissions are set incorrectly on the server, not that the page does not exist.

Some questions combine status codes with other networking concepts. For example: A network admin configures a load balancer and notices that backend servers are returning 502 Bad Gateway errors. What is the most likely cause? The correct answer is that one of the backend servers is not responding correctly to the load balancer. Another question: A user reports that a website loads slowly and eventually shows a 504 Gateway Timeout error. What does this indicate? The server acting as a gateway or proxy did not receive a timely response from an upstream server. These questions test your ability to apply status code knowledge to real infrastructure scenarios. For cloud exams, you might see questions about API responses: A developer calls an API to create a new user account and receives a 201 Created status code. What does this mean? The request succeeded and a new resource was created.

Browse Certifications

Test your understanding with exam-style practice questions.

Practise

Example Scenario

Sarah is a new IT support technician at a small company. She receives a ticket from a user named Tom who cannot access the company's internal training portal at http://training.company.local. Sarah decides to investigate by opening her browser's developer tools and looking at the Network tab after attempting to load the page. She sees that the request returns a status code of 404 Not Found.

Sarah knows that a 404 code means the server is responding, but the specific resource Tom is trying to access does not exist. She checks the URL very carefully and notices that Tom typed training.local instead of training.company.local. She corrects the URL and the page loads perfectly with a 200 OK status code. This is a simple client error: the user typed the wrong web address. Sarah logs the ticket as resolved and explains to Tom that the issue was a typo in the URL.

Now imagine a different scenario. The next day, another user reports that the same training portal returns an error. Sarah checks the network tab again and this time sees a 500 Internal Server Error. She knows this is a server-side problem, so she contacts the web development team. They discover that a recent software update broke a critical script on the server. The developers roll back the update and the site returns to normal, serving 200 OK responses again. If Sarah had not understood the difference between 404 and 500, she might have spent hours checking Tom's browser settings when the real problem was on the server. This scenario shows how status codes directly guide troubleshooting steps and save time.

Common Mistakes

Thinking all 4xx status codes mean the page does not exist.

A 404 specifically means Not Found, but there are many other 4xx codes like 400 Bad Request, 401 Unauthorized, 403 Forbidden, and 405 Method Not Allowed. Each indicates a different client error.

Learn the specific meaning of each common 4xx code. 400 means the request is malformed, 401 means authentication is missing or invalid, 403 means the server understood the request but refuses to authorize it, and 404 means the resource is not found.

Confusing 301 and 302 redirects.

A 301 is a permanent redirect, meaning the original URL should no longer be used. A 302 is a temporary redirect, meaning the original URL remains valid. Using one in place of the other can cause broken links and incorrect search engine indexing.

Remember that 301 = permanent move, 302 = temporary move. If a website has permanently changed its domain, use 301. If it is just for maintenance or A/B testing, use 302.

Assuming a 200 OK always means the content is correct.

A 200 OK only means the server successfully processed the request and sent a response. The actual content in the response could be an error page or incorrect data if the server application has a bug. A status code does not validate the content.

Always check the response body in addition to the status code. A 200 can still contain a human-readable error message if the application logic failed. Do not rely solely on the status code for correctness.

Overlooking the 1xx informational codes.

Many learners ignore 1xx codes because they are rarely seen in everyday browsing, but protocols like WebSocket upgrades use 101 Switching Protocols. In load testing and API debugging, 100 Continue is important for optimizing large uploads.

Study the 1xx codes even if they seem obscure. They are relevant in advanced network troubleshooting and certain web development contexts.

Thinking a 500 error is always a hardware problem.

A 500 Internal Server Error is a general catch-all for server-side issues. It can be caused by software bugs, misconfigured permissions, database connection failures, or even a typo in a configuration file, not just hardware faults.

Treat a 500 error as a symptom that needs further investigation. Check server logs, application logs, and database status before assuming hardware failure.

Exam Trap — Don't Get Fooled

{"trap":"The exam asks: A user receives a 403 Forbidden error when trying to access a webpage. The technician checks the server log and sees the request was made. What is the most likely cause?

The trap answer is that the page does not exist.","why_learners_choose_it":"Learners confuse 403 Forbidden with 404 Not Found because both result in an error page. They remember that Forbidden means access is denied but incorrectly assume the page might not exist if they cannot see the server configuration."

,"how_to_avoid_it":"Remember that 403 means the server knows the resource exists but refuses to serve it due to permissions. The page does exist. The correct answer is that the user lacks the necessary permissions, or the server has an access control list blocking the request.

The scenario specifies the server log shows the request was made, which confirms the resource was found."

Step-by-Step Breakdown

1

Client sends HTTP request

The client (browser or application) sends an HTTP request to the server. This request includes a method (like GET or POST), a URL, headers, and sometimes a body. The request is sent over a TCP connection.

2

Server receives and processes the request

The server receives the request and begins processing it. The server determines if the request is valid, if the resource exists, and if the client has permission to access it. This may involve querying a database, reading files, or running server-side scripts.

3

Server selects the status code

Based on the outcome of its processing, the server selects the appropriate three-digit status code. For example, if everything is fine, it selects 200. If the resource does not exist, it selects 404. The status code is the first part of the response line.

4

Server constructs the HTTP response

The server builds the full HTTP response, which includes the status line (with the code and reason phrase), response headers (like Content-Type and Date), and an optional response body. The status code is placed in the first line, such as HTTP/1.1 200 OK.

5

Server sends the response over the network

The server sends the response back to the client over the established TCP connection. The client's network stack receives the data and passes it up to the application layer.

6

Client interprets the status code

The client reads the status code from the response. The browser or application uses the code to determine the next action. For a 200, it renders the body. For a 301, it automatically follows the redirect to the new URL. For a 404, it displays an error page to the user.

7

Client takes action based on the code

The client executes the appropriate action. If the code is 401 Unauthorized, the client might prompt the user for credentials. If the code is 503, the client might retry the request after a delay. This step is critical for proper application behavior.

Practical Mini-Lesson

As an IT professional, understanding status codes is not just about memorizing numbers. It is about using them as diagnostic tools. When you work with web servers like Apache, Nginx, or IIS, you will spend time reading access logs and error logs. Every entry in an access log includes the status code returned for each request. For example, a typical log entry might look like: 192.168.1.10 - - [12/Dec/2024:10:30:15 +0000] GET /images/logo.png HTTP/1.1 200 1234. That 200 tells you the request was successful. If you see many 404 entries, you know there are broken links on your site or users are typing incorrect URLs. If you see a sudden spike in 500 errors, you know there is a problem with your server-side code or configuration.

In API development and integration, status codes are part of the contract between systems. When you build a REST API, you must return the correct status code for each operation. For example, when a client creates a new resource, you should return 201 Created, not 200 OK. Using the wrong code can break client applications that rely on specific codes to trigger their own logic. For instance, a client might expect a 201 to know it should clear a form or update a local list. If you return 200, the client may not behave correctly.

What can go wrong? Inaccurate status codes are a common problem. A server might return 200 OK even when the underlying operation failed, because a bug in the application code did not update the status code properly. This leads to confusing behavior where the client thinks everything is fine but the data is wrong. Another problem is security misconfiguration. Returning a 403 Forbidden when you should return a 404 Not Found can reveal the existence of hidden files or directories to potential attackers. Many security best practices recommend returning a generic 404 for hidden resources to avoid leaking information.

In cloud environments like AWS, status codes are used in load balancer logs and CloudFront access logs. You can set up alarms based on the rate of 5xx errors to trigger automatic scaling or notifications. For example, if the error rate exceeds a threshold, an alarm can send a message to the operations team. Knowing how to analyze these codes is a core skill for cloud administrators.

For your certification studies, practice interpreting log files. Look at sample access logs and identify which requests were successful, which redirected, and which failed. Try to determine whether failures are client-side or server-side. This kind of exercise will prepare you for exam questions and real-world troubleshooting. Remember that the status code is just one piece of the puzzle, but it is often the most important starting point.

Memory Tip

Remember the first digit rule: 1xx = hold, 2xx = good, 3xx = go elsewhere, 4xx = your fault, 5xx = my fault.

Legacy Exam Context

Older materials may mention these exam versions, but learners should use the current objectives for their target exam.

N10-008N10-009(current version)
SY0-601SY0-701(current version)

Related Glossary Terms

Frequently Asked Questions

What is the difference between a 301 and a 302 redirect?

A 301 redirect is permanent and tells search engines to update their index with the new URL. A 302 redirect is temporary and indicates that the original URL should still be used for future requests. Use 301 for permanent moves and 302 for temporary changes like maintenance pages.

Why do I sometimes see a 304 Not Modified status code?

A 304 Not Modified is used for caching. When a browser requests a resource and includes an If-Modified-Since header, the server returns 304 if the resource has not changed since that date. The browser then uses its cached version, which saves bandwidth and improves load times.

Is a 500 error always the fault of the server?

Yes, a 5xx code indicates a server error. However, the root cause could be related to a misconfiguration or a bug introduced by a recent update. It is still the server's responsibility to handle the request properly.

What should I do if I get a 503 Service Unavailable error?

A 503 error means the server is temporarily unable to handle the request, often due to maintenance or overload. Wait a few minutes and try again. If the error persists, contact the website administrator.

Can I see status codes in my browser?

Yes. In most browsers, you can open Developer Tools (F12), go to the Network tab, reload the page, and click on each request to see its status code. This is a valuable technique for troubleshooting page loading issues.

What does a 401 Unauthorized error mean?

A 401 error means you need to authenticate yourself before accessing the resource. The server does not know who you are. This is different from 403 Forbidden, which means you are known but not allowed access.

How are status codes used in API testing?

In API testing, you send requests to an API endpoint and check the returned status code to verify the expected behavior. For example, a successful GET should return 200, a successful POST that creates a resource should return 201, and a request with invalid data should return 400.

Summary

HTTP status codes are three-digit numbers that servers use to communicate the outcome of a client's request. They are divided into five classes based on the first digit: 1xx for informational, 2xx for success, 3xx for redirection, 4xx for client errors, and 5xx for server errors. Understanding these codes is essential for troubleshooting web and network issues, interpreting server logs, and developing robust web applications. For IT certification exams, status codes appear in multiple-choice, scenario-based, and log analysis questions across CompTIA A+, Network+, Security+, and cloud certifications.

Mastering status codes means you can quickly identify whether a problem is on the client side or the server side, which dramatically speeds up troubleshooting. The most common codes to memorize are 200 OK, 301 Moved Permanently, 302 Found, 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 500 Internal Server Error, 502 Bad Gateway, and 503 Service Unavailable. Always remember that a 2xx code indicates success, a 3xx code means a redirect, a 4xx code indicates a problem with the request, and a 5xx code means a problem on the server. In exams, watch out for traps that confuse 403 with 404, or 301 with 302. Use the first-digit memory trick to anchor your understanding. Status codes are a small topic with big impact in both exams and real IT work.