Common HTTP Status Code Cheat Sheet

2xx: Success

200 OK

3xx: Redirection

301 Moved Permanently
304 Not Modified
307 Temporary Redirect

4xx: Client Error

400 Bad Request - The request was not understood by the server. The client **should not** repeat the request without modifications.
401 Unauthorized - The request requires authentication. The client may try again with the correct authentication/session headers.
403 Forbidden - This code means that the user made a valid request but the server is refusing to serve the request. This could be because the user is authenticated, but lacks the proper authorization for the given request.
404 Not Found - The server was not able to find anything matching the request.

5xx: Server Error

500 Internal Server Error - This means that the server cannot process the request for some unknown reason. This is usually due to an unhandled exception in the server-side code that should have been caught during testing. If the response does not give you enough information to determine the cause, you better hope that your team has proper error logging.
Do not intensionally use this status for situations where input parameters caused the error. This is true whether the error was direct (i.e. they were invalid) or indirect (e.g. they referenced data that was in an unexpected state). A 400 status should be used instead.
501 Not Implemented - This is the HTTP status equivalent of a not implemented exception. The route was found; otherwise there would have been a 404 status.
503 Service Unavailable - This occurs when the server is overwhelmed with requests. Yes, there is the possibility that some evil black hat hacker is performing a DDOS attack on your machine. But, it is more likely that your client code is too chatty, your server code is too slow, or both.