Site Optimized for Chrome and Firefox

HTTP 400 and 500 Status Codes


The AT&T Application Resource Optimizer (ARO) specifically identifies all HTTP 400 and 500 Status Codes that are found in an application trace. These codes are an important part of application analysis, because they provide information about possible errors resulting from an HTTP request.

The best known HTTP Status Code is the error code 404, which has come into common public knowledge because of the Web. It means that a requested page doesn't exist.

This Best Practice Deep Dive provides some background on what the different classes of HTTP Status Codes represent, describes the issues raised by the most common 400 and 500 Status Codes, and discusses possible resolutions for them.


The term "HTTP Status Code" is typically used interchangeably with the term "HTTP Status Line", but they are slightly different. The HTTP Status Line is more complete, being comprised of two parts: (1) the HTTP Status Code (i.e.404) and the HTTP Reason Phrase (i.e. requested page doesn't exist).

The first digit of the HTTP Status Code specifies one of five classes of response. The bare minimum for an HTTP client is that it recognizes these five classes. A first digit of 1, 2, or 3 represents a fully functional request. A first digit of 4 represents a client—side error, with the most common codes in the range of 400 to 404. A first digit of 5 represents a server—side error, with the most common codes in the range of 500 to 510. Because the codes in 400 and 500 range represent errors, they are also referred to as HTTP Error Codes.

It's important to be aware of what the HTTP 400 and 500 Error Codes mean so that you can address the issues that they raise, especially if you have control over the cause.

For a full listing of all HTTP Status Codes, refer to either the IANA or the W3C.

The Issue

The appearance of an HTTP Error Code indicates an issue that could disrupt the flow of an application or degrade a user's experience.

AT&T ARO considers any appearance of an HTTP Error Code in an application trace to be a failure of the "400, 500 HTTP response codes" Best Practices test. The results of this test are reported in the Best Practices tab of the ARO Data Analyzer, where you can see how many HTTP Error Codes of each type were recorded.

However, failing this test does not necessarily mean there is something to act upon. Each issue that is raised by an HTTP Error Code needs to be addressed separately.

Best Practice Recommendation

The Best Practice Recommendation for HTTP 400 and 500 Error Codes is to do everything possible to resolve the issue causing the error.

The goal is that there should be no errors. However, there can be extenuating circumstances for the appearance of an HTTP Error Code — such as user error — so each occurrence of an error code must be judged individually.

The following list describes the most common HTTP Error Codes and includes some possible resolutions.

400 Bad Request
This error indicates that the user's request contains incorrect syntax.

401 Unauthorized
This error indicates that the requested file requires authentication (a username and password).

403 Forbidden
This error indicates that the server will not allow the visitor to access the requested file. If a visitor receives this code unexpectedly, you should check the file's permission settings, or check whether the file has been protected.

404 Not Found
This error indicates that the server could not find the file that the visitor requested. This commonly occurs when a URL is mistyped.

5xx Errors
These errors are caused by the server being unable to fulfill an apparently valid request from a visitor. Often, you will need the help of a server administrator to investigate them.

It is also important to consider that quite often, a chain of servers is handling an HTTP request, so that it may not be your server that is returning the error.

500 Internal Server Error
This error indicates that the server has encountered an unexpected condition. This often occurs when an application request cannot be fulfilled due to the application being configured incorrectly on the server.

501 Not Implemented
This error indicates that the HTTP method sent by the client is not supported by the server. This is most often caused by the server being out of date. It is a very rare error and generally requires that the web server be updated.

502 Bad Gateway
This error is usually due to improperly configured proxy servers. However, the problem may also arise when there is poor IP communication between back—end computers, when the client's server is overloaded, or when a firewall is functioning improperly.

The first step in resolving the issue is to clear the client's cache. This action should result in a different proxy being used to resolve the web server's content.

503 Service Unavailable
This error occurs when the server is unable to handle requests due to a temporary overload or due to the server being temporarily closed for maintenance. The error indicates that the server will only temporarily be down. It is possible to receive other errors in place of 503.

Contact the server administrator if this problem persists.

504 Gateway Timeout
This error occurs when a server somewhere along the chain does not receive a timely response from a server further up the chain. The problem is caused entirely by slow communication between upstream computers.

To resolve this issue, contact the system administrator.

505 HTTP Version Not Supported
This error occurs when the server refuses to support the HTTP protocol that has been specified by the client computer. This can be caused by the protocol not being specified properly by the client computer; for example, if an invalid version number has been specified.

506 Variant Also Negotiates
This error indicates that the server is not properly configured. Contact the system administrator to resolve this issue.

507 Insufficient Storage
This error indicates that the server is out of free memory. This is most likely to occur when an application that is being requested cannot allocate the necessary system resources to run.

To resolve the issue, the server's hard disk may need to be cleaned of any unnecessary documents to free up more hard disk space, its memory may need to be expanded, or it may simply need to be restarted.

Contact the system administrator for more information regarding this error message.

509 Bandwidth Limit Exceeded
This error occurs when the bandwidth limit imposed by the system administrator has been reached. The only fix for this issue is to wait until the limit is reset in the following cycle.

Consult the system administrator for information about acquiring more bandwidth.

510 Not Extended
This error occurs when an extension attached to the HTTP request is not supported by the web server.

To resolve the issue, you may need to update the server. Consult the system administrator for more information.