THE HTTP REFERENCE TABLES

This reference is a bonus material that will help you develop your API more quickly. We compiled
everything related to HTTP so you don’t ever need to search the internet for a status code or anything
else related to HTTP inside your API.

1
 Has
Method Description
body?
This specification reserves the method name CONNECT for use with No
CONNECT a proxy that can dynamically switch to being a tunnel (e.g. SSL
tunneling).
The DELETE method requests that the origin server delete the No
DELETE
resource identified by the Request-URI.
The GET method retrieves whatever information (in the form of an No
GET
entity) is identified by the Request-URI.
The HEAD method is identical to GET except that the server MUST No
HEAD
NOT return a message-body in the response.
The OPTIONS method represents a request for information about the No
OPTIONS communication options available on the request/response chain
identified by the Request-URI.
The POST method is used to request that the origin server accept the Yes
POST entity enclosed in the request as a new subordinate of the resource
identified by the Request-URI in the Request-Line.
The PUT method requests that the enclosed entity be stored under the Yes
PUT
supplied Request-URI.
The TRACE method is used to invoke a remote, application-layer No
TRACE
loop-back of the request message.

2
These two tables define status code ranges (classification) and describe all the status codes.

Overall range Defined range Category

100-199 100-101 Informational
200–299 200–206 Successful
300–399 300–305 Redirection
400–499 400–415 Client error
500–599 500–505 Server error

Status
Reason phrase Meaning
code
Continue An initial part of the request was received, and the client
100
should continue.
Switching Protocols The server is changing protocols, as specified by the
101
client, to one listed in the Upgrade header.
200 OK The request is okay.
Created The resource was created (for requests that create server
201
objects).
Accepted The request was accepted, but the server has not yet
202
performed any action with it.
Non-Authoritative The transaction was okay, except the information
203 Information contained in the entity headers was not from the origin
server, but from a copy of the resource.
No Content The response message contains headers and a status line,
204
but no entity body.
Reset Content Another code primarily for browsers; basically means
205 that the browser should clear any HTML form elements
on the current page.
206 Partial Content A partial request was successful.
Multiple Choices A client has requested a URL that actually refers to
multiple resources. This code is returned along with a
300
list of options; the user can then select which one he
wants.

3
 Status
Reason phrase Meaning
code
Moved Permanently The requested URL has been moved. The response
301 should contain a Location URL indicating where the
resource now resides.
Found Like the 301 status code, but the move is temporary. The
302 client should use the URL given in the Location header
to locate the resource temporarily.
See Other Tells the client that the resource should be fetched using
303 a different URL. This new URL is in the Location
header of the response message.
Not Modified Clients can make their requests conditional by the
304 request headers they include. This code indicates that the
resource has not changed.
Use Proxy The resource must be accessed through a proxy, the
305
location of the proxy is given in the Location header.
306 (Unused) This status code currently is not used.
Temporary Redirect Like the 301 status code; however, the client should use
307 the URL given in the Location header to locate the
resource temporarily.
400 Bad Request Tells the client that it sent a malformed request.
Unauthorized Returned along with appropriate headers that ask the
401 client to authenticate itself before it can gain access to
the resource.
Payment Required Currently this status code is not used, but it has been set
402
aside for future use.
403 Forbidden The request was refused by the server.
404 Not Found The server cannot find the requested URL.
Method Not Allowed A request was made with a method that is not supported
for the requested URL. The Allow header should be
405
included in the response to tell the client what methods
are allowed on the requested resource.
Not Acceptable Clients can specify parameters about what types of
entities they are willing to accept. This code is used
406
when the server has no resource matching the URL that
is acceptable for the client.
Proxy Authentication Like the 401 status code, but used for proxy servers that
407
Required require authentication for a resource.
Request Timeout If a client takes too long to complete its request, a server
408 can send back this status code and close down the
connection.
409 Conflict The request is causing some conflict on a resource.

4
 Status
Reason phrase Meaning
code
Gone Like the 404 status code, except that the server once
410
held the resource.
Length Required Servers use this code when they require a Content-
Length header in the request message. The server will
411
not accept requests for the resource without the Content-
Length header.
Precondition Failed If a client makes a conditional request and one of the
412
conditions fails, this response code is returned.
Request Entity Too The client sent an entity body that is larger than the
413
Large server can or wants to process.
Request URI Too The client sent a request with a request URL that is
414
Long larger than what the server can or wants to process.
Unsupported Media The client sent an entity of a content type that the server
415
Type does not understand or support.
Requested Range Not The request message requested a range of a given
416 Satisfiable resource, and that range either was invalid or could not
be met.
Expectation Failed The request contained an expectation in the Expect
417
request header that could not be satisfied by the server.
500 Internal Server Error The server encountered an error that prevented it from
servicing the request.
Not Implemented The client made a request that is beyond the server’s
501
capabilities.
Bad Gateway A server acting as a proxy or gateway encountered a
502 bogus response from the next link in the request
response chain.
Service Unavailable The server cannot currently service the request but will
503
be able to in the future.
Gateway Timeout Similar to the 408 status code, except that the response
504 is coming from a gateway or proxy that has timed out
waiting for a response to its request from another server.
HTTP Version Not The server received a request in a version of the protocol
505
Supported that it can’t or won’t support.

5
Both HTTP request and HTTP response can contain header fields. These two tables describe
those fields and provide simple examples.

Field Description Example

Can be used to specify certain media Accept: text/plain
Accept types which are acceptable for the
response
Accept- Indicates what character sets are Accept-Charset: utf-8
Charset acceptable for the response
Similar to Accept, but restricts the Accept-Encoding: gzip, deflate
Accept-
content-codings that are acceptable in
Encoding
the response.
Similar to Accept, but restricts the set Accept-Language: en-US
Accept-
of natural languages that are preferred
Language
as a response.
Authentication credentials for HTTP Authorization: Basic
Authorization
authentication. QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Used to specify directives that must be Cache-Control: no-cache
Cache-
obeyed by all caching mechanisms
Control
along the request-response chain.
Allows the sender to specify options Connection: keep-alive
that are desired for that particular
Connection connection and MUST NOT be
communicated by proxies over further
connections.
Content-Encoding is primarily used to Content-Encoding: gzip
Content- allow a document to be compressed
Encoding without losing the identity of its
underlying media type.
An HTTP cookie previously sent by Cookie: $Version=1;
Cookie
the server with Set-Cookie (below).
Content- The length of the request body in Content-Length: 1024
Length octets (8-bit bytes).
A Base64-encoded binary MD5 sum Content-MD5:
Content-MD5
of the content of the request body. Q2hlY2sgSW50ZWdyaXR5IQ==
The MIME type of the body of the Content-Type: application/ x-www-form-
Content-Type request (used with POST and PUT urlencoded
requests).
The date and time that the message Date: Tue, 19 Jun 2012 10:10:10 GMT
Date
was sent.

6
 Field Description Example
Indicates that particular server Expect: 100-continue
Expect
behaviors are required by the client.
The email address of the user making From: [email protected]
From
the request.
The domain name of the server (for Host: code-maze.com
virtual hosting), and the TCP port
number on which the server is
Host listening. The port number may be
omitted if the port is the standard port
for the service requested. Mandatory
since HTTP/1.1.
Only perform the action if the client If-Match:
supplied entity matches the same "737060cd8c284d8af7ad3082f209582d"
entity on the server. This is mainly for
If-Match
methods like PUT to only update a
resource if it has not been modified
since the user last updated it.
Allows a 304 Not Modified to be If-Modified-Since: Sat, 29 Oct 1994
returned if content is unchanged. 19:43:31 GMT

If-Modified-
Since

If-None- Allows a 304 Not Modified to be If-None-Match:

Match returned if content is unchanged. "737060cd8c284d8af7ad3082f209582d"
If the entity is unchanged, send me the If-Range:
If-Range part(s) that I am missing; otherwise, "737060cd8c284d8af7ad3082f209582d"
send me the entire new entity.
If- Only send the response if the entity If-Unmodified-Since: Sat, 29 Oct 1994
Unmodified- has not been modified since a specific 19:43:31 GMT
Since time.
Limit the number of times the message Max-Forwards: 10
Max-
can be forwarded through proxies or
Forwards
gateways.
Initiates a request for cross-origin Origin: https://code-maze.com/
resource sharing (asks server for an
Origin
'Access-Control-Allow-Origin'
response field).
Implementation-specific headers that Pragma: no-cache
Pragma may have various effects anywhere
along the request-response chain.
Proxy- Authorization credentials for Proxy-Authorization: Basic
Authorization connecting to a proxy. QWxhZGRpbjpvcGVuIHNlc2FtZQ==

7
 Field Description Example
Request only part of an entity. Bytes Range: bytes=500-999
Range
are numbered from 0.
This is the address of the previous web Referer: https://code-maze.com/
page from which a link to the currently
requested page was followed. (The
Referer
word "referrer" is misspelled in the
RFC as well as in most
implementations.)
The transfer encodings the user agent TE: trailers, deflate
is willing to accept: the same values as
for the response header TE can be
used, plus the "trailers" value (related
TE
to the "chunked" transfer method) to
notify the server it expects to receive
additional headers (the trailers) after
the last, zero-sized, chunk.
Ask the server to upgrade to another Upgrade: HTTPS/1.3, IRC/6.9, RTA/x11,
Upgrade
protocol. websocket
The user agent string of the user agent User-Agent: Mozilla/5.0 (X11; Linux
User-Agent x86_64; rv:12.0) Gecko/20100101
Firefox/12.0
Informs the server of proxies through Via: 1.0 fred,
Via
which the request was sent. 1.1 example.com(Apache/1.1)
A general warning about possible Warning: 199 Miscellaneous warning
Warning
problems with the entity body.

Field Description Example

Specifying which web sites can Access-Control-Allow- Origin: *
Access-Control-
participate in cross-origin
Allow-Origin
resource sharing
Allows the server to indicate its Accept-Ranges: bytes
Accept-Ranges acceptance of range requests for a
resource.
Conveys the sender's estimate of Age: 24
the amount of time since the
Age
response (or its revalidation) was
generated at the origin server.
Lists the set of methods supported Allow: GET, HEAD, PUT
by the resource identified by the
Request-URI. The purpose of this
Allow
field is strictly to inform the
recipient of valid methods
associated with the resource.

8
 Field Description Example
Tells all caching mechanisms Cache-Control: max-age=3600
from server to client whether they
Cache-Control
may cache this object. It is
measured in seconds
Options that are desired for the Connection: close
Connection
connection
The type of encoding used on the Content-Encoding: gzip
Content-Encoding
data. See HTTP compression.
Content-Language The language the content is in. Content-Language: en
The length of the response body Content-Length: 1024
Content-Length
in octets (8-bit bytes)
An alternate location for the Content-Location: /index.htm
Content-Location
returned data
A Base64-encoded binary MD5 Content-MD5:
Content-MD5
sum of the content of the response Q2hlY2sgSW50ZWdyaXR5IQ==
An opportunity to raise a "File Content-Disposition: attachment;
Download" dialogue box for a filename="fname.ext"
known MIME type with binary
Content-Disposition
format or suggest a filename for
dynamic content. Quotes are
necessary with special characters.
Where in a full body message this Content-Range: bytes 21010-
Content-Range
partial message belongs 47021/47022
Content-Type The MIME type of this content Content-Type: text/html; charset=utf-8
The date and time that the Date: Sun, 17 Jun 2017 10:11:12 GMT
Date
message was sent
An identifier for a specific ETag:
ETag version of a resource, often a "737060cd8c284d8af7ad3082f209582d"
message digest
Gives the date/time after which Expires: Date: Sun, 17 Jun 2017 10:11:12
Expires
the response is considered stale GMT
The last modified date for the Last-Modified: Date: Sun, 17 Jun 2017
Last-Modified requested object, in RFC 2822 10:11:12 GMT
forma
Used to express a typed Link: ; rel="alternate"
relationship with another
Link
resource, where the relation type
is defined by RFC 5988
Used in redirection, or when a Location: https://code-
Location
new resource has been created. maze.com/index.html
This header is supposed to set P3P: CP="This is not a P3P policy!
Platform for Privacy Preferences See http://www.google.com/support/acco
P3P Project (P3P) policy, in the form unts/bin/answer.py?hl=en&answer=15165
of 7 for more info."
P3P:CP="your_compact_policy".

9
 Field Description Example
However, P3P did not take off,
most browsers have never fully
implemented it, a lot of websites
set this header with fake policy
text, that was enough to fool
browsers the existence of P3P
policy and grant permissions for
third party cookies.
Implementation-specific headers Pragma: no-cache
that may have various effects
Pragma
anywhere along the request-
response chain.
Request authentication to access Proxy-Authenticate: Basic
Proxy-Authenticate
the proxy.
Used in redirection, or when a Refresh: 5; url=https://code-
new resource has been created. maze.com/index.html
This refresh redirects after 5
Refresh seconds. This is a proprietary,
non-standard header extension
introduced by Netscape and
supported by most web browsers.
If an entity is temporarily Retry-After: 240
unavailable, this instructs the
Retry-After
client to try again after a specified
period of time (seconds).
Server A name for the server Server: Apache/2.4 (Unix)
Sets an HTTP Cookie Set-Cookie: UserID=1; Max-Age=3600;
Set-Cookie
Version=1
A HSTS Policy informing the Strict-transfer-Security: max-
HTTP client how long to cache age=16070400; includeSubDomains
Strict-transfer-
the HTTPS only policy and
Security
whether this applies to
subdomains.
The Trailer general field value Trailer: Max-Forwards
indicates that the given set of
Trailer header fields is present in the
trailer of a message encoded with
chunked transfer coding.
The form of encoding used to Transfer-Encoding: chunked
safely transfer the entity to the
Transfer-Encoding user. Currently defined methods
are: chunked, compress, deflate,
gzip, identity.
Tells downstream proxies how to Vary: *
Vary
match future request headers to

10
 Field Description Example
decide whether the cached
response can be used rather than
requesting a fresh one from the
origin server.
Informs the client of proxies Via: 1.0 mick,
Via through which the response was 1.1 baselogic.com(Apache/2.4)
sent.
A general warning about possible A general warning about possible
Warning
problems with the entity body. problems with the entity body.
Indicates the authentication WWW-Authenticate: Basic
WWW-Authenticate scheme that should be used to
access the requested entity.

Because of the sheer quantity of Internet Media Types, we’ve listed the most commonly used
ones.

Type Description
application Application-specific content format (discrete type)
audio Audio format (discrete type)
chemical Chemical data set (discrete IETF extension type)
image Image format (discrete type)
message Message format (composite type)
model 3-D model format (discrete IETF extension type)
multipart Collection of multiple objects (composite type)
text Text format (discrete type)
video Video movie format (discrete type)

Type Description
application/atom+xml Atom Feeds
ECMAScript/JavaScript (equivalent to application/javascript but with
application/ecmascript
stricter processing rules)
application/json JavaScript Object Notation JSON
ECMAScript/JavaScript (equivalent to application/ecmascript but with
application/javascript
looser processing rules) It is not accepted in IE 8 or earlier
application/octet- Unclassified binary data.
stream
application/pdf Portable Document Format

11
application/postscript PostScript
application/rss+xml RSS feeds
application/soap+xml SOAP
application/font-woff Web Open Font Format
application/xhtml+xml XHTML
application/xml-dtd Document Type Definition (DTD) files
application/xop+xml XML-binary Optimized Packaging (XOP)
application/zip ZIP archive files
application/gzip Gzip

Type Description
multipart/mixed MIME Email
MIME Webform
multipart/form-data

Type Description
text/css Cascading Style Sheets.
text/csv Comma-separated values
text/html HTML file
text/plain Textual data
text/xml Extensible Markup Language

12