400 Bad Request

HTTP Status CodesClient (400)commonStatus Code: 400Last updated: todayTested on:Google ChromeNode.js v20 LTSJune 2026

The server cannot process the request due to something that is perceived to be a client error.

400 Bad Request Quick Fix⏱️ Est. Fix Time: 3 minutes

Usually happens because:

  • Malformed request syntax in headers
  • Request cookie size exceeds server
  • Deceptive or invalid network gateway

🔍 Quick Checklist:

Meaning

The HTTP 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

Root Causes

  • Malformed request syntax in headers or body payload data.
  • Request cookie size exceeds server limits.
  • Deceptive or invalid network gateway requests.
CauseFrequency
Malformed request syntax in headers⭐⭐⭐⭐⭐
Request cookie size exceeds server⭐⭐⭐⭐
Deceptive or invalid network gateway⭐⭐⭐

Common Mistakes

  • Returning HTTP 200 OK with error bodies (Soft 200) instead of a clear 400 Bad Request.
  • Sending unescaped query string arguments, resulting in server-side parsing crashes.

How to Fix

1Verify client query parameters and request serialization formats.
2Clear client browser cookies and cached site files.
3Check proxy and firewall access configurations.

Framework-Specific Examples

Express middleware validating JSON payloads and returning 400.

Express Example
app.post('/api/users', (req, res) => {
  if (!req.body.name) {
    return res.status(400).json({ error: 'Name is required' });
  }
});

Server Configuration Examples

Setting buffer limits to reject overly large header sizes.

Nginx Config
large_client_header_buffers 4 8k;

Prevention

  • Implement standard payload schema validators (e.g. Zod, Joi, or Hibernate Validators).
  • Sanitize and encode all URI query parameters.

Frequently Asked Questions (FAQ)

Q: Can a client-side library trigger 400 errors?

Yes. If an AJAX request fails to serialize its payload (e.g., sending invalid JSON string representations), the receiving server will reject the request as a 400 Bad Request.

Q: What is the difference between 400 Bad Request and 422 Unprocessable Entity?

400 means syntax is corrupt (like invalid JSON). 422 means syntax is correct, but semantic rules fail (like email address already taken).

Q: How do I log 400 errors?

Log them in backend request filters before returning responses. Ensure client payload trace details are captured.

Q: Can invalid cookies cause a 400 Bad Request?

Yes. If browser cookie sizes accumulate beyond proxy buffer limits, Nginx or Apache will reject the request with a 400 Bad Request.

Still having this problem?

Didn't solve your problem?

SuggestRequest Error