Bad Request

ⓘ Quick Definition

The server cannot process the request due to something perceived as a client error - malformed syntax, invalid request framing, or deceptive request routing. This is one of the most common HTTP errors and indicates that the request sent to the server was somehow incorrect or corrupted and the server could not understand it.

⏰ When It Occurs

A 400 Bad Request error occurs when the server determines that the incoming request is invalid before attempting to process it. This can happen during form submissions, API calls, file uploads, or even regular page navigation. The server's request parser rejects the request because it violates the HTTP specification or the server's validation rules.

You'll commonly see this error when submitting forms with malformed data, making API calls with incorrect JSON formatting, or when browser cookies have become corrupted.

⚠ Common Causes

• Malformed JSON/XML in request body - Syntax errors in the payload prevent the server from parsing it
• Missing required parameters - The endpoint expects certain fields that are not included
• Invalid URL encoding - Special characters in the URL are not properly percent-encoded
• Request header too large - Headers exceed the server's configured maximum size
• Corrupted cookies - Damaged or oversized cookie data sent with the request
• Exceeding URL length limits - URLs longer than the server's maximum (commonly 8KB)
• Invalid Content-Type header - The declared content type doesn't match the actual body format

Platform-Specific Notes:

Nginx Returns 400 when the request header or cookie is too large (default limit: 8KB). Check large_client_header_buffers directive.

Apache Triggers 400 for malformed request lines or headers exceeding LimitRequestFieldSize.

Cloudflare May return 400 if the request violates WAF rules or the hostname is missing from the Host header.

Node.js Express returns 400 when body-parser fails to parse JSON or when validation middleware rejects the input.

🛠 How to Fix

1. Validate request body format - Ensure JSON is properly structured with correct syntax (matching braces, quoted keys, proper commas)
2. Check URL encoding - Encode special characters using percent-encoding (e.g., spaces as %20)
3. Clear browser cookies - Delete cookies for the affected domain to remove corrupted data
4. Verify Content-Type header - Make sure the Content-Type matches the actual body format (e.g., application/json for JSON)
5. Reduce URL length - Move long parameter data into the request body instead of the URL query string
6. Check request headers size - Remove unnecessary headers or reduce cookie data to stay within server limits
7. Validate required parameters - Ensure all required fields are present and correctly formatted before sending the request

💻 HTTP Example

# Request with malformed JSON body
POST /api/users HTTP/1.1
Host: example.com
Content-Type: application/json
Content-Length: 42

{"name": "John", "email": "john@example.com",}
                                           ^ trailing comma = invalid JSON

# Server Response
HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error": "Bad Request",
  "message": "Invalid JSON: Unexpected token } at position 41",
  "statusCode": 400
}

🔗 Related Status Codes