Causes and Solutions
The official description of what causes HTTP 400 errors is very broad: “The request could not be understood by the server due to malformed syntax.&rdquo In turn, that can have several causes:
Bad server name
When the server indicates “Bad Request (Invalid Hostname)”:
The website name may lead to a web hosting server that no longer serves the web site with that name. If there are multiple sites listed in the “Other Website On” section at the bottom of http://www.websiteoutlook.com, then the server is probably part of a web hosting site. This can happen when the owner of a web site ends an agreement with a web hosting service, but has not updated information about their site from the Domain Name System (DNS).
Two things that you can do are:
- Clear your DNS cache by
This will force your system to check the current mapping between the name of the server that you are after and the address of its server, and may ensure that you are using the current server.
- opening a Command Prompt
ipconfig /flushdns (See this page if you need to fix a “The requested operation requires elevation” error)
- Restart your web browser.
- Try checking for an archived copy of the object, e.g. by entering the address in The Internet Archive Wayback Machine.
Microsoft IIS web servers may report this situation with a HTTP 404.1 error.
Header line too long
The requests and responses that flow between a web browser and web server include header lines that define the type of request and response. While there is no official limit to the length of these lines, many web server implementations impose their own limits (e.g. 1024 characters). For such servers, excessively long header lines can lead to HTTP 400 errors.
Most online tools for viewing HTTP headers focus on the headers in responses from the server, whereas HTTP 400 errors relate to errors in the headers in the request sent by your browser. To get some idea of what headers your browser, try this HTTP headers tool which will use the headers that your browser uses, when it connects to the tool, when this tool connects to a server that you specify. Select the “Follow Redirects” option, since redirection can sometimes cause this problem by extending the URL or
Referer line with each redirection.
What you can do about it
You can control some header lines:
- An article in the IEBlog describes how to control the Accept-Language Header for Internet Explorer 7
- This line is included if you were referred to the target web page through a link, e.g. by clicking on the link. You can prevent this line from being included by pasting the address of the page that you want to access in the address bar, rather than accessing it via a link.
- Try deleting the cookie for the web site, as described in the section on Bad cookies below.
Some web sites, e.g. Gmail, return a HTTP 400 error when “Your browser has a bad or outdated cookie.” and will show the message “Bad Request: Your client has issued a malformed or illegal request.” (as shown above in the Symptoms section)
To fix this, try to delete cookies relating to that site that are stored on your computer.
Microsoft IIS web servers may return a 400 response when the request contains characters that are not valid2. See the HTTP specification for details about which characters are valid in which positions of a request.
Proxy DNS timeout
“some deployed proxies are known to return 400 or 500 when DNS lookups time out.” [RFC 2616]
To fix this error, follow the instructions for HTTP 504 Gateway Timeout, since that error is more specific to this problem.
Microsoft IIS web servers may also respond to header lines that are too long or that contain invalid characters with extended HTTP 404 error codes 404.10 to 404.15
Microsoft WebTopics blog: How to troubleshoot HTTP 400 errors
by examining server logs
Microsoft Knowledge Base article 247249: “Error Message: HTTP/1.1 Error 400 - Bad Request”
Describes why IIS web servers that are configured to provide custom errors may still return basic 400 error messages
Microsoft WebTopics blog: HTTP 400 Bad Request when client terminates request headers improperly
An example of requests being bad because lines ended with just a Carriage Return (CR) rather than Carriage Return and Line Feed (CRLF).
Microsoft Knowledge Base article 300707: “Invalid Content-Length Header May Cause Requests to Fail Through ISA Server”
When POST requests pass through a Microsoft ISA gateway and include a CRLF sequence after the data which is not accounted for in the Content-Length header field
1 The exception is that some proxies issue HTTP 400 after they timeout.
2 Microsoft Knowledge Base article 943891: “The HTTP status codes in IIS 7.0” states that HTTP 400 errors occur when
“The Http.sys file blocks IIS 7.0 from processing the request because of a problem in the request. Typically, this HTTP status code means that the request contains characters or sequences that are not valid or that the request contradicts the security settings in the Http.sys file.”
Updated 14 June 2012