When a server receives the request, it will respond with a Status Line and Response Headers, plus the optional Message Body. The Status Line is a three-part field, with HTTP-version being much the same as in the request. status-code and reason-phrase are the more important parts of the line.
The Response Headers have a variety of options, the most notable of which are the Connection and Keep-Alive fields. A number of other headers are also possible. The Message Body is a field with no fixed size and so it would contain, for example, the HTML contents of the requested web page:
The status codes are among the most important for cybersecurity operations centers and researchers, as they indicate what is happening on the server side. It is fairly common to see the 404 error, but other codes do exist, the most common of which are shown in the following table:
| Status code series | Code | Description |
| 1xx (Informational): Request received, server is continuing the process | 100 | Continue: The server received the request and is in the process of giving the response. |
| 2xx (Success): The request was successfully received, understood, accepted, and serviced | 200 | OK: The request has been fulfilled. |
| 3xx (Redirection): Further action must be taken in order to complete the request | 301 | Move permanently: The resource that's been requested has been permanently moved to a new location. The URL of the new location is given in the response header, called Location. The client should issue a new request to the new location. The application should update all the references to this new location. |
| 302 | Found and redirect (or move temporarily): The same as 301, but the new location is temporarily in nature. The client should issue a new request, but applications don't need to update the references. | |
| 304 | Not modified: In response to the If-Modified-Since conditional GET request, the server notifies that the resource requested has not been modified. | |
| 4xx (Client Error): The request contains bad syntax or cannot be understood | 400 | Bad request: The server could not interpret or understand the request, probably due to a syntax error in the request message. |
| 401 | Authentication required: The requested resource is protected and requires the client's credentials (username/password). The client should resubmit the request with their credentials (username/password). | |
| 403 | Forbidden: The server refuses to supply the resource, regardless of the identity of the client. | |
| 404 | Not Found: The requested resource cannot be found in the server. | |
| 405 | Method not allowed: The request method that was used, for example, POST, PUT, or DELETE, is a valid method. However, the server doesn't allow that method for the resource that's been requested. | |
| 408 | Request timeout. | |
| 414 | Request URI too large. | |
| 5xx (Server Error): The server failed to fulfill an apparently valid request | 500 | Internal server error: The server is confused, which is often caused by an error in the server-side program responding to the request. |
| 501 | Method not implemented: The request method that was used is invalid (could be caused by a typing error, for example, GET misspell as Get). | |
| 502 | Bad gateway: A proxy or gateway indicates that it receives a bad response from the upstream server. | |
| 503 | Service unavailable: The server cannot respond due to overloading or maintenance. The client can try again later. | |
| 504 | Gateway timeout: The proxy or gateway indicates that it receives a timeout from an upstream server. |
Different browsers may react to certain error codes in different ways, including different visualizations of the error. However, any captured packet stream will present the data simply as a text stream, with the status line being first.