HTTP 204 No Content

The server successfully processed your request but has no content to return in the response body. The browser should not navigate away from the current page. This status is commonly used for DELETE operations and save actions where no response data is needed.

What Is HTTP 204 No Content?

HTTP 204 No Content is a success status code indicating the server has fulfilled the request but there is no additional content to send in the response body. Unlike 200 OK, which typically includes data in the body, 204 signals that the operation completed successfully and the client should remain on its current page without any navigation or content refresh. The response must not include a message body, though it may include relevant headers like ETag or Cache-Control.

This status code is a cornerstone of clean REST API design. It is most commonly used for DELETE endpoints where the resource has been removed and there is nothing left to return, as well as for PUT or PATCH endpoints where the client already has the data it submitted and does not need it echoed back. By returning 204 instead of 200 with an empty JSON object, you signal your intent clearly and avoid confusing clients that might try to parse an empty body.

Another common use of 204 is in CORS preflight responses. When a browser sends an OPTIONS request to check whether a cross-origin API call is allowed, the server responds with 204 and the appropriate CORS headers. This tells the browser the actual request is permitted without transferring any unnecessary payload. Understanding when to use 204 versus 200 is a practical skill that improves both API clarity and network efficiency.

Common Causes

Successful DELETE Operation

A resource was successfully deleted from the server. Since the resource no longer exists, there is nothing meaningful to return in the body, making 204 the ideal response.

Successful PUT Update

A resource was updated successfully and the client does not need the updated representation sent back. The client already has the data it submitted, so an empty response saves bandwidth.

CORS Preflight Response

Browsers send OPTIONS preflight requests for cross-origin API calls. Servers respond with 204 and the appropriate CORS headers without any body content.

Toggle or Action Endpoint

An endpoint that performs a side effect like toggling a setting, logging an event, or triggering a background job where the client only needs to know the operation succeeded.

How to Fix

Do Not Include a Response Body

A 204 response must not contain a body. If you need to return data, use 200 instead. Including a body with 204 violates the HTTP specification and may cause unpredictable behavior in clients.

Handle 204 in Frontend Code

When your frontend receives 204, do not attempt to parse the response body as JSON. Calling response.json() on a 204 will throw an error. Check the status code first before parsing.

Choose Between 200 and 204

Use 204 when the client does not need any data back. Use 200 when you want to return the updated resource, a confirmation message, or any other payload the client should process.

Set Proper CORS Headers

For preflight responses, ensure your 204 includes Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers to enable cross-origin requests.

Code Examples

Express.js

// Express.js — return 204 for DELETE and update operations
app.delete('/api/posts/:id', async (req, res) => {
  const post = await Post.findById(req.params.id);
  if (!post) {
    return res.status(404).json({ error: 'Post not found' });
  }

  await post.destroy();
  // 204 — deleted successfully, nothing to return
  res.status(204).end();
});

// Handle CORS preflight requests
app.options('/api/*', (req, res) => {
  res.set('Access-Control-Allow-Origin', '*');
  res.set('Access-Control-Allow-Methods', 'GET,POST,PUT,DELETE');
  res.set('Access-Control-Allow-Headers', 'Content-Type,Authorization');
  res.status(204).end();
});

Flask (Python)

# Flask — return 204 for DELETE and update operations
from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/api/posts/<int:post_id>', methods=['DELETE'])
def delete_post(post_id):
    post = Post.query.get(post_id)
    if post is None:
        return jsonify(error='Post not found'), 404

    db.session.delete(post)
    db.session.commit()
    # 204 — deleted successfully, no body needed
    return '', 204

# CORS preflight handling with flask-cors or manually
@app.after_request
def add_cors_headers(response):
    response.headers['Access-Control-Allow-Origin'] = '*'
    response.headers['Access-Control-Allow-Methods'] = 'GET,POST,PUT,DELETE'
    response.headers['Access-Control-Allow-Headers'] = 'Content-Type,Authorization'
    return response

Frequently Asked Questions

Can I include a body in a 204 response?

No. The HTTP specification explicitly states that a 204 response must not contain a message body. If you need to return data, use 200 OK instead. Sending a body with 204 may cause parsing errors in clients.

Should I return 204 or 200 for a DELETE request?

Use 204 when there is nothing to return after deletion. Use 200 if you want to return a confirmation message or the deleted resource's data for logging purposes. 204 is the more common convention.

Why does my fetch call fail on a 204 response?

Calling response.json() on a 204 throws an error because there is no body to parse. Check the status code before parsing: if (response.status === 204) return null instead of calling response.json().

Is 204 the same as an empty 200?

Semantically, no. A 200 with an empty body is ambiguous and may indicate an error. A 204 explicitly communicates that no content is expected. Using 204 is clearer and follows HTTP specifications more faithfully.

When should I use 204 for CORS preflight?

Servers should return 204 for OPTIONS preflight requests along with the Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers headers. This tells the browser the cross-origin request is permitted without sending unnecessary data.