httphttp-response-codes

Non integer HTTP response codes possible?


I am aware of standard HTTP response codes and their categorization (1xx, 2xx, 3xx, 4xx and 5xx)

But, I have seen certain web requests return non-standard HTTP response codes, like 999, 1001, 1002, 1006 etc. However, I have never seen any HTTP response code that contains alphanumeric characters. Is it possible for any server to send non-integer response codes?


Solution

  • A server response is just a sequence of bytes sent over the network. HTTP 1.x is a text-based protocol, where the request and response — including status code — are sent as structured text in a defined format. It is therefore very possible to send across alphanumeric characters where a standards-compliant server would send across a valid HTTP status code.

    If a non-numeric value is sent, don't expect clients to do a sane thing with them. Clients quite reasonably expect a standards-compliant (numeric) value, and well-behaved clients would likely fail if they receive something not conforming to the standard.

    Example HTTP response:

    Take as a concrete example the following HTTP response message. The status code of 200 is found in the status line (HTTP/1.1 200 OK), along with the protocol version (HTTP/1.1) and reason phrase (OK).

    HTTP/1.1 200 OK
    Content-Type: text/plain
    Content-Length: 35
    
    This sentence is the response body.
    

    There is nothing preventing a server from replacing the status code in the status line with literally any other text. For instance, if non-numeric values were allowed, the following might be considered a response with status code "ABC" and reason phrase "Test alphanumeric response".

    HTTP/1.1 ABC Test alphanumeric response
    

    IETF status code specification

    IETF RFC 7230 requires the status code to be a three-digit integer, and RFC 7231 requires the first digit of the status code to be between 1 and 5.

    3.1.2. Status Line

    The first line of a response message is the status-line, consisting of the protocol version, a space (SP), the status code, another space, a possibly empty textual phrase describing the status code, and ending with CRLF.

    status-line = HTTP-version SP status-code SP reason-phrase CRLF

    The status-code element is a 3-digit integer code describing the result of the server's attempt to understand and satisfy the client's corresponding request.

    6. Response Status Codes

    […]

    The first digit of the status-code defines the class of response. The last two digits do not have any categorization role. There are five values for the first digit:

    • 1xx (Informational): The request was received, continuing process
    • 2xx (Successful): The request was successfully received, understood, and accepted
    • 3xx (Redirection): Further action needs to be taken in order to complete the request
    • 4xx (Client Error): The request contains bad syntax or cannot be fulfilled
    • 5xx (Server Error): The server failed to fulfill an apparently valid request