[http] What does HTTP/1.1 302 mean exactly?

Some article I read once said that it means jumping (from one URI to another), but I detected this "302" even when there was actually no jumping at all!

This question is related to http redirect http-headers http-status-code-302

The answer is


This question was asked a long ago, while the RFC 2616 was still hanging around. Some answers to this question are based in such document, which is no longer relevant nowadays. Quoting Mark Nottingham who, at the time of writing, co-chairs the IETF HTTP and QUIC Working Groups:

Don’t use RFC2616. Delete it from your hard drives, bookmarks, and burn (or responsibly recycle) any copies that are printed out.

The old RFC 2616 has been supplanted by the following documents that, together, define the HTTP/1.1 protocol:

So I aim to provide an answer based in the RFC 7231 which is the current reference for HTTP/1.1 status codes.

The 302 status code

A response with 302 is a common way of performing URL redirection. Along with the 302 status code, the response should include a Location header with a different URI. Such header will be parsed by the user agent and then perform the redirection:


Redirection example


Web browsers may change from POST to GET in the subsequent request. If this behavior is undesired, the 307 (Temporary Redirect) status code can be used instead.

This is how the 302 status code is defined in the RFC 7231:

6.4.3. 302 Found

The 302 (Found) status code indicates that the target resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client ought to continue to use the effective request URI for future requests.

The server SHOULD generate a Location header field in the response containing a URI reference for the different URI. The user agent MAY use the Location field value for automatic redirection. The server's response payload usually contains a short hypertext note with a hyperlink to the different URI(s).

Note: For historical reasons, a user agent MAY change the request method from POST to GET for the subsequent request. If this behavior is undesired, the 307 (Temporary Redirect) status code can be used instead.

According to MDN web docs from Mozilla, a typical use case for 302 is:

The Web page is temporarily not available for reasons that have not been unforeseen. That way, search engines don't update their links.

Other status codes for redirection

The RFC 7231 defines the following status codes for redirection:

  • 301 (Moved Permanently)
  • 302 (Found)
  • 307 (Temporary Redirect)

The RFC 7238 was created to define another status code for redirection:

  • 308 (Permanent Redirect)

Refer to this answer for further details.


A 302 status code is HTTP response status code indicating that the requested resource has been temporarily moved to a different URI. Since the location or current redirection directive might be changed in the future, a client that receives a 302 Found response code should continue to use the original URI for future requests.

An HTTP response with this status code will additionally provide a URL in the header field Location. This is an invitation to the user agent (e.g. a web browser) to make a second, otherwise identical, request to the new URL specified in the location field. The end result is a redirection to the new URL.


As per the http status code definitions a 302 indicates a (temporary) redirect. "The requested resource resides temporarily under a different URI"


First lets take a scenario how 301 and 302 works

  1. 301 --> Permanently moved

Imagine there is some resource like --> http://hashcodehub.com/user , now in future we are changing the resouce name to user- info --> now the url should be http://hashcodehub.com/user-info --> but the user is still trying to access the same URL --> http://hashcodehub.com/user --> here from the backend we can redirect the user to the new url and send the status code as 301 --> which is used for permanently moved.

Above I have explained how 301 Works

Lets understand how 302 will be used in real life

  1. 302 --> Temporary redirection --> here the complete url does not need to be changed but for some reason we are redirecting to resource at different locations. Here in the location header field we will give the value of the new resource url browser will again make the request to the resource url in the response location header field.

  2. 302 can be used just in case if there is something not appropriate content on our page .While we solve that issue we can redirect all our used to some temporary url and fix the issue.

  3. It can also be used if there is some attach on the website and some pages requires restoration in that case also we can redirect the user to the different resource.

  4. The redirect 302 serves, for example, to have several versions of a homepage in different languages.The main one can be in English; but if the visitors come from other countries then this system automatically redirects them to page in their language.


A simple way of looking at HTTP 301 vs. 302 redirects is:

Suppose you have a bookmark to "http://sample.com/sample". You use a browser to go there.

A 302 redirect to a different URL at this point would mean that you should keep your bookmark to "http://sample.com/sample". This is because the destination URL may change in the future.

A 301 redirect to a different URL would mean that your bookmark should change to point to the new URL as it is a permanent redirect.


For anyone who might be curious about the naming, I'm just going to add that it's probably called "Found" because the main resource(e.g., a private web page) the user intends to receive is not available at that moment(e.g., the user has not proved their identity yet), so instead the server has found a new resource that the user can receive(which is a login page in the most common use case).

Also it's "getting lost and found" in the hide-and-seek manner, meaning a lost resource under a 302 status is only lost temporarily, it is not supposed to be lost forever(unless a player has some bad intentions;)).


From Wikipedia:

The HTTP response status code 302 Found is the most common way of performing a redirection. It is an example of industrial practice contradicting the standard.


HTTP code 302 is for redirection see http://en.wikipedia.org/wiki/HTTP_302.

It tells the browse reading a page to go somewhere else and load another page. Its usage is very common.


  • The code 302 indicates a temporary redirection.
  • One of the most notable features that differentiate it from a 301 redirect is that, in the case of 302 redirects, the strength of the SEO is not transferred to a new URL.
  • This is because this redirection has been designed to be used when there is a need to redirect content to a page that will not be the definitive one. Thus, once the redirection is eliminated, the original page will not have lost its positioning in the Google search engine.

EXAMPLE:- Although it is not very common that we find ourselves in need of a 302 redirect, this option can be very useful in some cases. These are the most frequent cases:

  • When we realize that there is some inappropriate content on a page. While we solve the problem, we can redirect the user to another page that may be of interest.
  • In the event that an attack on our website requires the restoration of any of the pages, this redirect can help us minimize the incidence.

A redirect 302 is a code that tells visitors of a specific URL that the page has been moved temporarily, directing them directly to the new location.

  • In other words, redirect 302 is activated when Google robots or other search engines request to load a specific page. At that moment, thanks to this redirection, the server returns an automatic response indicating a new URL.

  • In this way errors and annoyances are avoided both to search engines and users, guaranteeing smooth navigation.

For More details Refer this Article.


A 302 redirect means that the page was temporarily moved, while a 301 means that it was permanently moved.

301s are good for SEO value, while 302s aren't because 301s instruct clients to forget the value of the original URL, while the 302 keeps the value of the original and can thus potentially reduce the value by creating two, logically-distinct URLs that each produce the same content (search engines view them as distinct duplicates rather than a single resource with two names).


In the term of SEO , 301 and 302 both are good it is depend on situation,

If only one version can be returned (i.e., the other redirects to it), that’s great! This behavior is beneficial because it reduces duplicate content. In the particular case of redirects to trailing slash URLs, our search results will likely show the version of the URL with the 200 response code (most often the trailing slash URL) -- regardless of whether the redirect was a 301 or 302.


302 is a response indicating change of resource location - "Found".

The url where the resource should be now located should be in the response 'Location' header.

The "jump" should be done by the requesting client (make a new request to the resource url in the response Location header field).


According to RFC 1945/Hypertext Transfer Protocol - HTTP / 1.0:

   302 Moved Temporarily

   The requested resource resides temporarily under a different URL.
   Since the redirection may be altered on occasion, the client should
   continue to use the Request-URI for future requests.

   The URL must be given by the Location field in the response. Unless
   it was a HEAD request, the Entity-Body of the response should
   contain a short note with a hyperlink to the new URI(s).

   If the 302 status code is received in response to a request using
   the POST method, the user agent must not automatically redirect the
   request unless it can be confirmed by the user, since this might
   change the conditions under which the request was issued.

       Note: When automatically redirecting a POST request after
       receiving a 302 status code, some existing user agents will
       erroneously change it into a GET request.

From RFC 2616 (the Hypertext Transfer Protocol Specification):

10.3.3 302 Found

   The requested resource resides temporarily under a different URI.
   Since the redirection might be altered on occasion, the client SHOULD
   continue to use the Request-URI for future requests.  This response
   is only cacheable if indicated by a Cache-Control or Expires header
   field.

   The temporary URI SHOULD be given by the Location field in the
   response. Unless the request method was HEAD, the entity of the
   response SHOULD contain a short hypertext note with a hyperlink to
   the new URI(s).

Source:

http://www.ietf.org/rfc/rfc2616.txt


Examples related to http

Access blocked by CORS policy: Response to preflight request doesn't pass access control check Axios Delete request with body and headers? Read response headers from API response - Angular 5 + TypeScript Android 8: Cleartext HTTP traffic not permitted Angular 4 HttpClient Query Parameters Load json from local file with http.get() in angular 2 Angular 2: How to access an HTTP response body? What is HTTP "Host" header? Golang read request body Angular 2 - Checking for server errors from subscribe

Examples related to redirect

React-Router External link Laravel 5.4 redirection to custom url after login How to redirect to another page in node.js How to redirect to an external URL in Angular2? How to redirect to a route in laravel 5 by using href tag if I'm not using blade or any template? Use .htaccess to redirect HTTP to HTTPs How to redirect back to form with input - Laravel 5 Using $window or $location to Redirect in AngularJS yii2 redirect in controller action does not work? Python Requests library redirect new url

Examples related to http-headers

Set cookies for cross origin requests Adding a HTTP header to the Angular HttpClient doesn't send the header, why? Passing headers with axios POST request What is HTTP "Host" header? CORS error :Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response Using Axios GET with Authorization Header in React-Native App Axios get access to response header fields Custom header to HttpClient request Send multipart/form-data files with angular using $http Best HTTP Authorization header type for JWT

Examples related to http-status-code-302

jQuery and AJAX response header HTTP redirect: 301 (permanent) vs. 302 (temporary) What does HTTP/1.1 302 mean exactly?