HTTP Status Hub

Common HTTP Mistakes

Learn from these common HTTP configuration mistakes and understand why they happen and how to fix them.

Using 302 Instead of 301 for Permanent Redirects

Wrong

Using 302 for a permanent URL change

# Wrong - search engines won't transfer SEO value
Redirect 302 /old-page /new-page
Correct

Using 301 for permanent redirects

# Correct - SEO value is transferred
Redirect 301 /old-page /new-page

Why this matters: 301 tells search engines to permanently update their index, transferring SEO value. 302 is for temporary changes only.

Not Setting Proper CORS Headers

Wrong

Missing CORS headers causing browser errors

app.get('/api/data', (req, res) => {
  res.json({ data: 'value' });
});
Correct

Properly configured CORS

app.get('/api/data', (req, res) => {
  res.set('Access-Control-Allow-Origin', 'https://example.com');
  res.set('Access-Control-Allow-Methods', 'GET, POST');
  res.set('Access-Control-Allow-Headers', 'Content-Type');
  res.json({ data: 'value' });
});

Why this matters: Without proper CORS headers, browsers block cross-origin requests for security. Always specify allowed origins and methods.

Returning 200 OK for Errors

Wrong

Returning 200 with error in body

app.get('/api/user/:id', (req, res) => {
  const user = findUser(req.params.id);
  if (!user) {
    res.status(200).json({ error: 'User not found' }); // Wrong!
  }
});
Correct

Using appropriate error status codes

app.get('/api/user/:id', (req, res) => {
  const user = findUser(req.params.id);
  if (!user) {
    res.status(404).json({ error: 'User not found' }); // Correct!
  }
});

Why this matters: Status codes help clients handle responses correctly. Use 404 for not found, 400 for bad requests, etc.

Not Handling 5xx Errors Gracefully

Wrong

Exposing stack traces to users

app.get('/api/data', async (req, res) => {
  const data = await fetchData(); // Throws on error
  res.json(data);
}); // Unhandled error shows stack trace!
Correct

Proper error handling

app.get('/api/data', async (req, res) => {
  try {
    const data = await fetchData();
    res.json(data);
  } catch (error) {
    console.error(error); // Log for debugging
    res.status(500).json({ error: 'An error occurred' });
  }
});

Why this matters: Always catch errors and return user-friendly messages. Log detailed errors server-side for debugging.

Ignoring Cache Headers

Wrong

Not setting cache headers

location /static/ {
    root /var/www/html;
    # No cache headers - browser caches unpredictably
}
Correct

Proper cache configuration

location /static/ {
    root /var/www/html;
    expires 1y;
    add_header Cache-Control "public, immutable";
}

Why this matters: Proper cache headers improve performance and give you control over how browsers cache resources.

Not Using HTTPS Redirects

Wrong

Allowing HTTP without redirect

server {
    listen 80;
    server_name example.com;
    # No HTTPS redirect - insecure!
}
Correct

Forcing HTTPS

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

Why this matters: Always redirect HTTP to HTTPS to protect user data and improve SEO (Google prefers HTTPS).