502 vs 504: Bad Gateway vs Gateway Timeout
502 and 504 can look similar in logs, but they tell clients, crawlers, and API consumers different things.
| Aspect | HTTP 502 โ Bad Gateway | HTTP 504 โ Gateway Timeout |
|---|---|---|
| Definition | Your reverse proxy (nginx, Cloudflare, load balancer) received a bad or unreadable response from the application server or upstream service it was proxying to. | Your reverse proxy (nginx, Cloudflare, etc.) gave up waiting for the origin server to respond within the configured timeout. The origin may be overloaded, slow, or hung. |
| Plain-language summary | A gateway or proxy received an invalid, unreadable, or unexpected response from an upstream server. The problem is between your proxy (Nginx, Cloudflare, ALB) and the upstream application server. The upstream may be down, crashed, or sending a malformed response. | A gateway or proxy timed out waiting for a response from an upstream server. The upstream received the request but did not respond within the allowed time window. This is different from 502 (upstream sent a bad response) โ 504 means the upstream sent no response at all within the timeout. |
| When to use | Proxies and gateways emit 502 automatically. As an application developer, your responsibility is ensuring the upstream service is running, returning valid HTTP responses, and reachable from the proxy. | Gateways and proxies emit 504 automatically. As an application developer, tune upstream timeout configurations and optimize slow processing paths to avoid 504s. Always implement request timeouts on all outbound HTTP calls. |
| Client behavior | May retry โ the upstream may recover. Implement exponential backoff. After repeated 502s, escalate to alert the operations team. | May retry โ the upstream may be temporarily slow. Implement bounded retry with exponential backoff. After repeated 504s, surface the error and alert. |
| Caching behavior | Not cached. | Not cached. |
| SEO / crawler impact | Search crawlers interpret 502 (server-errors) for indexation and link equity accordingly. | Search crawlers interpret 504 (server-errors) for indexation and link equity accordingly. |
| API / backend impact | API clients branching on 502 expect Bad Gateway semantics. | API clients branching on 504 expect Gateway Timeout semantics. |
| Safe to retry? | Yes, with backoff โ server may recover | Yes, with backoff โ server may recover |
Common real-world scenarios
When you see HTTP 502
In Nginx logs: "upstream sent invalid header," "connect() failed," or "recv() failed." In Cloudflare logs: error 502. Common causes: application server process crashed, application server returned HTTP 1.0 response to HTTP/1.1 proxy, application server not reachable on configured port, or application server returned headers that violate HTTP spec.
When you see HTTP 504
In Nginx: "upstream timed out." In Cloudflare: <a href="/guides/cloudflare-524/">Cloudflare error 524</a> (a Cloudflare-specific timeout code). Common causes: database query that ran over the timeout threshold, external API call that was slow or hung, application code in an infinite loop or deadlock, or upstream server under high load and processing slowly.
Decision rule
Use 502 when the response should communicate bad gateway behavior; use 504 when gateway timeout is the accurate protocol signal.
A frequent mistake is swapping 502 and 504 for convenience; that causes client retry bugs, incorrect cache signals, and misleading monitoring data.
Use 502 when the correct protocol signal is Bad Gateway. Use 504 when the correct signal is Gateway Timeout. Returning either code for the wrong reason breaks client expectations, cache behavior, and monitoring accuracy.
FAQ
What is the biggest difference between 502 and 504?
502 communicates Bad Gateway, while 504 communicates Gateway Timeout. Choosing the right one keeps clients and intermediaries predictable.
Do 502 and 504 have SEO or caching impact?
Yes. Search engines and caches interpret status classes differently. Use each code according to its semantics to avoid accidental indexing, stale responses, or crawl inefficiency.
Can APIs safely return 502 instead of 504?
Only when it matches contract semantics. API clients often branch logic by exact code, so swapping them can break retries, auth handling, or user-facing errors.
Full guides
HTTP 502 Bad Gateway โ full guide ยท HTTP 502 status reference ยท HTTP 504 Gateway Timeout โ full guide ยท HTTP 504 status reference ยท All comparisons