HTTP 상태 코드는 서버가 클라이언트 요청에 대해 반환하는 세 자리 숫자입니다. 이 완전한 HTTP 상태 코드 참조는 실무에서 만나는 모든 코드를 다룹니다.
1xx — 정보 응답
서버가 요청을 수신하고 처리를 계속하고 있음을 나타냅니다.
| Code | Name | Description |
|---|---|---|
100 | Continue | The server has received the request headers. The client should proceed to send the body. Used with Expect: 100-continue header. |
101 | Switching Protocols | The server is switching protocols as requested by the client (e.g., upgrading to WebSocket). |
102 | Processing | The server is processing the request but has not completed it yet (WebDAV). |
103 | Early Hints | Used to return some response headers before the final response. Allows preloading resources with Link headers. |
2xx — 성공
가장 일반적인 카테고리입니다. 요청이 성공적으로 처리되었습니다.
| Code | Name | Description |
|---|---|---|
200 | OK | The standard success response. Meaning depends on the method: GET returns the resource, POST returns the result of the action. |
201 | Created | A new resource was successfully created. Should include a Location header with the URL of the new resource. |
202 | Accepted | The request has been accepted for processing, but processing is not yet complete. Great for async operations. |
204 | No Content | Success, but there is no content to return. Common for DELETE operations and PUT updates. |
206 | Partial Content | The server is delivering only part of the resource due to a Range header. Used for resumable downloads and video streaming. |
3xx — 리다이렉션
클라이언트가 추가 작업을 수행해야 합니다.
| Code | Name | Description |
|---|---|---|
301 | Moved Permanently | The resource has permanently moved to a new URL. Search engines transfer ranking to the new URL. Use for permanent URL changes. |
302 | Found | Temporary redirect. The original URL should still be used for future requests. Search engines keep indexing the original. |
303 | See Other | The response to the request can be found at another URL using GET. Often used after POST to redirect to a result page. |
304 | Not Modified | The resource hasn't changed since the last request. The client should use its cached version. Saves bandwidth. |
307 | Temporary Redirect | Like 302, but guarantees the HTTP method won't change. A POST stays a POST after redirect. |
308 | Permanent Redirect | Like 301, but guarantees the HTTP method won't change. Preferred over 301 for API redirects. |
4xx — 클라이언트 오류
문제가 클라이언트 측에 있습니다.
| Code | Name | Description |
|---|---|---|
400 | Bad Request | The server cannot process the request due to malformed syntax, invalid parameters, or missing required fields. |
401 | Unauthorized | Authentication is required. The request lacks valid credentials (token, API key, or session). |
403 | Forbidden | The server understood the request but refuses to authorize it. The user is authenticated but lacks permission. |
404 | Not Found | The requested resource could not be found. Check the URL for typos or verify the resource exists. |
405 | Method Not Allowed | The HTTP method (GET, POST, etc.) is not supported for this resource. Check allowed methods in the Allow header. |
408 | Request Timeout | The server timed out waiting for the request. The client can retry. |
409 | Conflict | The request conflicts with the current state of the resource. Common with duplicate entries or version conflicts. |
410 | Gone | The resource is permanently gone and will not be available again. Unlike 404, this is intentional and permanent. |
413 | Payload Too Large | The request body exceeds the server's size limit. Common with file uploads. |
415 | Unsupported Media Type | The server doesn't support the request's Content-Type. Ensure you're sending the correct format (JSON, form-data, etc.). |
418 | I'm a Teapot | An April Fools' joke from RFC 2324. The server refuses to brew coffee because it is, permanently, a teapot. |
422 | Unprocessable Entity | The request is well-formed but contains semantic errors. Common for validation failures in APIs. |
429 | Too Many Requests | Rate limit exceeded. Check the Retry-After header for when to retry. |
451 | Unavailable For Legal Reasons | The resource is blocked due to legal reasons (censorship, GDPR, court order). Named after Fahrenheit 451. |
5xx — 서버 오류
서버가 요청을 처리할 수 없었습니다.
| Code | Name | Description |
|---|---|---|
500 | Internal Server Error | A generic server error. Check server logs for the actual error. Never expose stack traces to clients in production. |
501 | Not Implemented | The server does not support the functionality required to fulfill the request (e.g., an unimplemented API endpoint). |
502 | Bad Gateway | The server, acting as a gateway/proxy, received an invalid response from the upstream server. Check if your backend is running. |
503 | Service Unavailable | The server is temporarily unable to handle the request (overloaded or down for maintenance). Should include Retry-After header. |
504 | Gateway Timeout | The gateway/proxy did not receive a timely response from the upstream server. Common with slow database queries or external API calls. |
API 상태 코드 모범 사례
적절한 상태 코드로 API를 더 직관적으로 만드세요.
// REST API Status Code Guidelines
// Creating a resource
POST /api/users → 201 Created (with Location header)
// Successful read
GET /api/users/123 → 200 OK
// Successful update
PUT /api/users/123 → 200 OK (with updated resource)
PATCH /api/users/123 → 200 OK
// Successful delete
DELETE /api/users/123 → 204 No Content
// Validation error
POST /api/users (invalid data) → 422 Unprocessable Entity
{
"error": "Validation failed",
"details": [
{ "field": "email", "message": "Invalid email format" }
]
}
// Authentication required
GET /api/admin → 401 Unauthorized
{ "error": "Authentication required" }
// No permission
GET /api/admin (as regular user) → 403 Forbidden
{ "error": "Insufficient permissions" }
// Resource not found
GET /api/users/999 → 404 Not Found
{ "error": "User not found" }
// Rate limit exceeded
GET /api/search → 429 Too Many Requests
Retry-After: 60
{ "error": "Rate limit exceeded", "retry_after": 60 }일반적인 디버깅 시나리오
상태 코드는 디버깅의 첫 번째 단서입니다.
CORS Errors (Browser shows "blocked by CORS")
The browser blocks the request, but the actual HTTP status may be hidden. Check server logs. Ensure your server sends the correct Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers headers.
502 Bad Gateway on Deployment
Your reverse proxy (Nginx, Cloudflare) can't reach your application server. Check: Is the app process running? Is it listening on the correct port? Are there firewall rules blocking the connection?
# Check if your app is running
ps aux | grep node
# Check if it's listening on the expected port
netstat -tlnp | grep 3000
# Check Nginx error logs
tail -f /var/log/nginx/error.log504 Gateway Timeout
The upstream server is too slow. Common causes: slow database queries, external API timeouts, or large file processing. Solutions: optimize queries, add timeouts to external calls, use background jobs for heavy tasks.
429 Rate Limiting
// Implementing exponential backoff in JavaScript
async function fetchWithRetry(url, maxRetries = 3) {
for (let i = 0; i < maxRetries; i++) {
const response = await fetch(url);
if (response.status !== 429) return response;
const retryAfter = response.headers.get('Retry-After');
const delay = retryAfter
? parseInt(retryAfter) * 1000
: Math.pow(2, i) * 1000; // 1s, 2s, 4s
await new Promise(r => setTimeout(r, delay));
}
throw new Error('Max retries exceeded');
}자주 묻는 질문
401과 403의 차이?
401 = 인증 부족. 403 = 인증되었으나 권한 없음.
200 vs 201 사용 시점?
200은 성공, 201은 새 리소스 생성 시.
418의 의미?
1998년 만우절 농담. 서버가 찻주전자입니다.
SEO에서 301과 302의 차이?
301 = 영구(SEO 전달). 302 = 임시.
429 처리 방법?
Retry-After 헤더 확인, 지수 백오프 구현.
HTTP 상태 코드를 이해하는 것은 기본입니다. 도구를 활용하세요.