500 vs 502: Internal Server Error vs Bad Gateway
500 and 502 can look similar in logs, but they tell clients, crawlers, and API consumers different things.
| Aspect | HTTP 500 โ Internal Server Error | HTTP 502 โ Bad Gateway |
|---|---|---|
| Definition | The server encountered an unexpected condition that prevented it from fulfilling the request. Unlike 4xx errors, this is not a client mistake โ it is a server-side failure that needs investigation. | Your reverse proxy (nginx, Cloudflare, load balancer) received a bad or unreadable response from the application server or upstream service it was proxying to. |
| Plain-language summary | An unexpected condition on the server prevented the request from being fulfilled. This is the generic server-side error catch-all. The problem is always on the server, not the client. The request may have been valid; the server simply failed to process it. | A gateway or proxy received an invalid, unreadable, or unexpected response from an upstream server. The problem is between your proxy (Nginx, Cloudflare, ALB) and the upstream application server. The upstream may be down, crashed, or sending a malformed response. |
| When to use | Use 500 as the default when no more specific 5xx code applies. Use 502 for gateway/proxy errors from upstream, 503 for deliberate unavailability, 504 for gateway timeouts. Do not use 500 for client errors โ those are 4xx. | Proxies and gateways emit 502 automatically. As an application developer, your responsibility is ensuring the upstream service is running, returning valid HTTP responses, and reachable from the proxy. |
| Client behavior | May retry after a delay (the server may recover). Automated clients should implement bounded retry with exponential backoff. After a threshold of retries, surface the error to the user or alert. | May retry โ the upstream may recover. Implement exponential backoff. After repeated 502s, escalate to alert the operations team. |
| Caching behavior | Not cached. | Not cached. |
| SEO / crawler impact | Search crawlers interpret 500 (server-errors) for indexation and link equity accordingly. | Search crawlers interpret 502 (server-errors) for indexation and link equity accordingly. |
| API / backend impact | API clients branching on 500 expect Internal Server Error semantics. | API clients branching on 502 expect Bad Gateway semantics. |
| Safe to retry? | Yes, with backoff โ server may recover | Yes, with backoff โ server may recover |
Common real-world scenarios
When you see HTTP 500
500s are the most critical alert trigger in server monitoring. Always alert on 500 rate spikes. Correlate 500s with: recent deployments, upstream dependency health, resource utilization (memory/CPU), and database error rates. A 500 that appears only for specific users or request patterns indicates a bug in request-specific code paths rather than an infrastructure failure.
When you see HTTP 502
In Nginx logs: "upstream sent invalid header," "connect() failed," or "recv() failed." In Cloudflare logs: error 502. Common causes: application server process crashed, application server returned HTTP 1.0 response to HTTP/1.1 proxy, application server not reachable on configured port, or application server returned headers that violate HTTP spec.
Decision rule
Use 500 when the response should communicate internal server error behavior; use 502 when bad gateway is the accurate protocol signal.
A frequent mistake is swapping 500 and 502 for convenience; that causes client retry bugs, incorrect cache signals, and misleading monitoring data.
Use 500 when the correct protocol signal is Internal Server Error. Use 502 when the correct signal is Bad Gateway. Returning either code for the wrong reason breaks client expectations, cache behavior, and monitoring accuracy.
FAQ
What is the biggest difference between 500 and 502?
500 communicates Internal Server Error, while 502 communicates Bad Gateway. Choosing the right one keeps clients and intermediaries predictable.
Do 500 and 502 have SEO or caching impact?
Yes. Search engines and caches interpret status classes differently. Use each code according to its semantics to avoid accidental indexing, stale responses, or crawl inefficiency.
Can APIs safely return 500 instead of 502?
Only when it matches contract semantics. API clients often branch logic by exact code, so swapping them can break retries, auth handling, or user-facing errors.
Full guides
HTTP 500 Internal Server Error โ full guide ยท HTTP 500 status reference ยท HTTP 502 Bad Gateway โ full guide ยท HTTP 502 status reference ยท All comparisons