Introduction to HTTP status codes for software testers

There are billions of websites all over the world on the Internet. As a regular user, if you want to check your favourite team’s scores, check your bank account, view emails or book flights, you need a specific web address to get the information you want.

Whenever a Uniform Resource Locator (URL) is entered into the browser (client), a request is sent to the server (where the web page is located). In other words, the client sends a Hypertext Transfer Protocol (HTTP) request to the server, which returns an HTTP response or status code to the client indicating whether the request was successful or not. You make a request using HTTP and the server responds.

HTTP – what is it?

What HTTP stands for? The Hypertext Transfer Protocol (HTTP). It is the foundation of the World Wide Web (WWW) and is used to load web pages using hypertext links. HTTP is an application layer protocol designed to transfer information between network devices and runs on top of the other layers of the network protocol stack. A typical HTTP flow involves a client computer making a request to a server, which then sends a response message.

What does an HTTP request contain?

An HTTP request is the way in which Internet communication platforms, such as web browsers, request the information needed to load a web page. Each HTTP request sent over the Internet carries with it a series of encoded data that carries different types of information. A typical HTTP request includes:

  • HTTP version type,
  • URL,
  • HTTP method,
  • HTTP header,
  • optional HTTP body.

What are HTTP methods?

The HTTP method, denotes the action that an HTTP request expects the queried server to take. For example, the two most common HTTP methods are “GET” and “POST”; a “GET” request expects information back (usually in the form of a web page), while a “POST” request usually means that the client is sending information to the web server (for example, information from a form, e.g., a submitted username and password).

What are HTTP headers?

The HTTP head, or otherwise known as the http header, contains textual information stored in key-value pairs and is part of every HTTP request (and response). These headers communicate basic information, such as what browser the client is using and what data is being requested.

Example of http request headers from Google Chrome’s network tab:

http request headers

http request headers

What does an HTTP response structure contains?

An HTTP response is what web clients (often browsers) receive from a web server in response to an HTTP request. These responses provide valuable information based on what was requested in the HTTP request.

A typical HTTP response includes:

  • HTTP status code,
  • HTTP response header,
  • optional HTTP body.

HTTP vs HTTPS

HTTPS is HTTP with encryption and authentication. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses and to digitally sign those requests and responses. As a result, HTTPS is much more secure than HTTP.

HTTPS is HTTP with encryption and authentication

SOURCE: cloudflare.com

Protocol and HTTP codes

A digital language protocol with mutually accepted rules that allows both sending and reading communications over the Internet. Several protocols with different attributes are available, such as DNS, FTP, HTTP, IRC and SSL.

In terms of HTTP codes, each time a request is sent to the server, the status code refers to the status of the request, whether it is successful, failed, or something in between. Although these states are returned every time the client interacts with the server, there is no need for the end user to see these transactions repeatedly. However, HTTP status codes are crucial for developers and testers to diagnose and troubleshoot website configuration issues.

How do HTTP status codes work?

Whenever a user enters a URL into the browser, a request is sent to the web server, which processes it and sends back a response. This response is often received as HTML, CSS, PDF or JSON as a whole bundle of documents along with an HTTP header. The HTTP header carries information about the client, server, and requested page, and also contains status codes. These codes are returned whenever the server receives a request from the client, and again there is no need for the user to display these codes, but they are displayed when something goes wrong.

For testers and developers, there are many tools available, such as Web Sniffer, that allows you to view HTTP status codes that you don’t normally see in the browser.

HTTP status code categories

There are five categories of status codes, with the first digit of each code indicating the category to which it belongs. For example, status code 404 belongs to the 4xx category. The classification of the categories is described below:

  • 1xx Informational – This is an informational category and indicates that the request from the client was initiated by the server.
  • 2xx Success – If the request received by the server from the client was successfully processed or completed, a success message is displayed.
  • 3xx Redirect – There are cases where a web page or some information that the user requested may have been moved to another page or link, so a redirect will take place. This means that the server has accepted the request, but additional steps need to be taken in order to complete that particular request.
  • 4xx Client Error – This category is classified as client error codes. The server has accepted the request, but cannot continue because it may contain incorrect syntax.
  • 5xx Server Error – This category indicates a server error. This status code is displayed when the request is valid but contains an error, so the server is unable to fulfill the request.

The digit “xx” indicates different numbers from 00 to 99.

Status codes starting with the number “2” indicate success. For example, after a client requests a web page, the most common response is a status code of “200 OK”, indicating that the request was completed correctly.

If the answer starts with a “4” or “5”, it means that an error has occurred and the web page will not be displayed. A status code starting with the digit “4” indicates an error on the client side (we very often encounter the “404 NOT FOUND” status code for URL typos). A status code starting with the digit “5” means that something has gone wrong on the server side. Status codes can also start with “1” or “3” to indicate an informational response, for example redirection.

HTTP status codes and their meaning

There are more than 40 status codes but here we will cover just a few of them.

Information 1xx

  • 100 Continue: This code indicates that a partial request has been received from the client and unless the request is rejected, the client should continue with the request.
  • 102 Processing: This status code indicates that a request from a client has been received and the server is processing a specific request, but the status of that request will be returned at a later time. This status code is similar to the “100 Continue” code, where the result may be returned immediately, whereas with the “102 Processing” code, the result will be returned after the entire request has been received.

Successful 2xx

  • 200 OK: When the server request is successful and works as expected, then this status code is generated. They are usually not visible to the user.
  • 201 Received: This status indicates that the request from the client has been accepted for processing, but the process has not yet been successfully completed.
  • 203 Non-authoritative information: if there is something between the client and the server, such as an HTTP proxy or a third party, that modifies the response before it is provided to the client, the server will use status code 203 to indicate that the response has been modified.
  • 204 No Content: the server has fulfilled the request, but may not return a response body. The server may return updated meta-information.

Redirection 3xx

  • 301 Moved Permanently: this status code indicates that the page requested by the client is unavailable at that address and is permanently moved. The user is navigated to this new address.
  • 302 Found: this status code is often misunderstood. This state means that the resource the client is trying to access has been temporarily moved to a different URL. In other words, the content is located elsewhere for the time being.
  • 303 See Other: this state means that the result requested by the client can be found elsewhere. When the client attempts to retrieve a response against a POST request, the server responds with a success message. Instead of displaying a message from the server, a good practice is to redirect the user to a specific URL.

Client error 4xx

  • 400 Bad Request: this code converts that the request received by the client to the server is not understandable and requires modification when the same request is resent. Any status code that begins its sequence with a 4 means that the client has done something wrong. 400 is a generic error code and is used in situations where other codes do not fit.
  • 401 Unauthorized: This status code indicates that the request entered by the client is password protected and requires credentials, such as a username and password, to access it. If incorrect credentials have been provided, this error code will still be generated.
  • 402 Payment required: This status code indicates an authorization problem; if you are making requests via HTTPS, you may receive this error if the browser does not have access to your account.
  • 403 Forbidden: This status code indicates that the page requested by the client is inaccessible. For example, if you try to access such information without entering the correct password, the server may generate this status code.
  • 404 Not Found: This generic status code means that the content requested by the client does not exist or is not available on the server.
  • 408 Request Timeout: This code indicates that a request from a client is taking longer than expected to reach the server. There are many reasons for this, such as a slow internet connection or no internet connection at all.

Server Error 5xx

  • 500 Internal Server Error: any status code that starts with a 5 means that the server has done something wrong. This error occurs on the server side when a request from a client is not retrieved. This could be due to a disconnection from the network, an interrupted connection to the database, or perhaps an error in the code.
  • 501 Not executing: this means that the server cannot execute what the client requests. For example, if you try to use a part of a web page or service that has not been implemented and configured on the server, or is being worked on, you may see this code.
  • 502 Bad Gateway: this code indicates that the server received a bad response from another server.
  • 503 Service Unavailable: This status code indicates that due to server overload, the request sent by the client cannot be processed at the moment.
  • 504 Gateway Timeout: This error code indicates that the server is acting as a gateway or proxy server and did not actually receive the requested response on time.

How will testers use their knowledge of HTTP codes ?

Change of HTTP status codes for UI testing purposes is an important step to ensure that the web application is working properly. By manipulating the HTTP status codes returned from the server, you can simulate different scenarios and test how your web application responds to these changes.

Here are some of the reasons why you might want to change HTTP status codes for UI testing:

  • To test error handling: by simulating errors, you can test how the web application handles these errors and ensure that the user interface is presented in a way that is informative and useful.
  • For edge case testing: there may be specific situations in which a web application may return unexpected HTTP status codes. By testing these edge cases, you can ensure that your web application is resilient and can handle these unexpected scenarios.
  • Performance improvement: By testing how your web application responds to different HTTP status codes, you can identify potential performance bottlenecks and optimize your code accordingly.

There are several different ways to change HTTP status codes for UI testing. One way is to use a tool like Fiddler or Charles Proxy to capture and modify the http code between your web application and the server. Another way is to use a tool like Selenium or Puppeteer to automate the process of making HTTP requests and verifying responses.

If you speak German and are IT tester or automated tester, take a look at our company benefits and respond to job vacancies.

About the author

Michaela Kojnoková

Agile Test Engineer

Po štúdiu informatiky na ŽU a TUKE som sa najviac ponorila do oblasti automatizácie testovania. Okrem toho sa venujem tvorbe webov, databázam, dátovej analytike, umelej inteligencii a strojovému učeniu. Mám rada cestovanie, šport a najviac si užívam čas strávený v prírode s mojimi blízkymi. LinkedIn

Let us know about you