400 Bad Request

HTTP response status case 400 Bad Request is a generic client error that is normally returned by the server to indicate that the client did something wrong. There is some ambiguity between 4XX codes and there are some cases that are not explicitly covered. In situations such as these, the server may return the 400 Bad Request status as a catch-all approach.

Usage

When the 400 Bad Request error message is received, the client is responsible for examining the message body to learn more about the failure. With any error, the server will return sufficient detail for the client to rectify the problem. Common reasons that 400 Bad Request are returned are:

  • URL syntax error: this might mean that illegal characters were used in the request.
  • Uploading a file that is too large: if the server is configured to have a size limit, then it may return this error code.
  • Invalid Cookies: when login cookies expire or are no longer valid.
  • DNS cache error: when the client-side version of the DNS cache expires or becomes corrupt, and the name resolution is no longer valid, this error will be returned.

When these errors occur, the client might try to solve the problem by double-checking that the URL is correct, or clearing the browser Cookies. If the error is the result of an oversized file then compressing it may also be an option to resolve it.

Note

Search engines like Google will not index a URL with 400 Bad Request response status, and consequently, URLs that have been indexed in the past but are now returning this HTTP status code will be removed from the search results.

Example

In the example, the client requests a resource and the server responds with a 400 Bad Request status code because the HTTP request contains the curly bracket characters. These are not valid in a URL.

Request

GET /index{15}.html HTTP/1.1
Host: www.example.re

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=UTF-8
Content-Length: 132

<html>
  <head>
    <title>Malformed URL<\title>
  </head>
  <body>
    <p>Invalid characters in HTTP request</p>
  </body>
</html>

Code references

.NET

HttpStatusCode.BadRequest

Rust

http::StatusCode::BAD_REQUEST

Rails

:bad_request

Go

http.StatusBadRequest

Symfony

Response::HTTP_BAD_REQUEST

Python3.5+

http.HTTPStatus.BAD_REQUEST

Java

java.net.HttpURLConnection.HTTP_BAD_REQUEST

Apache HttpComponents Core

org.apache.hc.core5.http.HttpStatus.SC_BAD_REQUEST

Angular

@angular/common/http/HttpStatusCode.BadRequest

Takeaway

The 400 Bad Request status code is a client error that is normally sent by the server to indicate that the client did something wrong, such as use a malformed URL in the request. In rare instances, the error can be server-side.

See also

Last updated: August 2, 2023