All games

HTTP Status Defender

Choose the correct HTTP status code for realistic backend scenarios and learn the response semantics behind each answer.

Concept
HTTP status codes and response semantics
Difficulty
Beginner
Play time
5-8 minutes
Path
Foundations
practice/http-status-defender Accuracy and speed score

Play, get feedback, save local progress, and optionally submit a leaderboard score.

Concept explanation

HTTP status codes are a compact language between backend services and clients. In this game, each scenario asks what the server should say through the status line before any response body is considered.

Your local progress

0 XP 0 games played 0 completed

Progress, review history, and best scores are stored in this browser with localStorage.

Open full progress dashboard

Playable game area

Use the controls below. Feedback appears immediately, and final scores are stored locally.

Leaderboard

Top 10 submitted scores. No account required.

Loading leaderboard...

    Finish the game to load your latest local score.

    Learning objectives

    • Map common API outcomes to precise HTTP status codes.
    • Distinguish authentication, authorization, validation, and conflict responses.
    • Recognize when success responses should include a body, a location, or no content.

    How to play

    1. Read the backend scenario.
    2. Choose the HTTP status code that best communicates the outcome.
    3. Use the explanation to compare nearby codes before moving to the next scenario.

    Scoring

    • Correct answers add points.
    • Fast correct answers receive a small speed bonus.
    • Incorrect answers show the right code and continue the round.

    Backend concept notes

    HTTP status codes are part of the API contract. They let clients decide whether to retry, prompt for login, update local cache, or fix request data.

    Good backend APIs use status codes consistently. A 401 means the client needs authentication, while a 403 means the authenticated actor is not allowed to perform the action.

    Common mistakes

    • Returning 200 OK for every API response and hiding errors inside the JSON body.
    • Using 404 Not Found for authorization failures that should be 403 Forbidden.
    • Using 500 Internal Server Error for client validation mistakes.

    FAQ

    Short answers for how this game fits backend interview and study practice.

    Is 422 always better than 400 for validation?

    No. Use the convention your API documents. This game teaches 422 as a useful choice for semantically valid JSON that fails domain validation.

    Why include 304 Not Modified?

    Conditional requests are common in caching. 304 tells the client its cached copy is still valid.