Error codes explained

When something goes wrong with a web request, the server responds with a three-digit HTTP status code. These codes are grouped by their first digit: 1xx are informational, 2xx mean success, 3xx are redirects, 4xx mean the client sent a request the server could not fulfil, and 5xx mean something went wrong on the server side.

Understanding what each code means - and why it appears - makes troubleshooting your website much faster, whether you are a developer or managing your own site for the first time. This article covers the codes you are most likely to encounter, from common redirects and client errors through to server faults and Cloudflare-specific responses. For each one we explain what is happening, what typically causes it, and what you can do to fix it.

301 Moved permanently

The requested resource has been permanently moved to a new URL, and the server is redirecting the client there automatically.

Resolution: Your browser should follow the redirect without any action needed. If you own the site, update any internal links and bookmarks to point to the new URL so the redirect is no longer necessary.

If you need to set up a 301 redirect yourself, you can do this in cPanel using the Redirects tool - see How to set up domain redirects in cPanel for a walkthrough.

302 Found (temporary redirect)

The requested resource is temporarily available at a different URL. Unlike a 301, a 302 tells browsers and search engines that the move is not permanent, so they should keep using the original URL.

Common causes:

• A CMS or application is temporarily redirecting traffic - for example, to a maintenance page or a login screen.
• A redirect rule in your .htaccess file is using a temporary flag (R=302 or just R) rather than a permanent one (R=301).
• Your application is redirecting HTTP to HTTPS or www to non-www using a temporary redirect when a permanent one would be more appropriate.

Resolution: If you are seeing an unexpected 302 on your own site, check your .htaccess file for redirect rules and review any redirect settings in your CMS or application. If the redirect should be permanent, change the flag to R=301. See Troubleshooting .htaccess issues if you need help diagnosing .htaccess rules, and How to set up domain redirects in cPanel if you want to manage redirects through cPanel instead.

400 Bad request

The server could not understand the request because of malformed syntax.

Resolution: Check the URL and any data sent with the request. This error commonly occurs when a URL is improperly formatted or incorrect parameters are included in the request.

403 Forbidden

The server understood the request but is refusing to fulfil it because the client lacks the necessary permission.

Resolution: Check your login credentials if the resource requires authentication. If you believe you should have access, contact the site administrator. If you are the administrator, review the file and directory permissions in cPanel.

Other common causes include:

• Incorrect file or directory permissions - web-accessible files should typically be 644 and directories 755. You can check and change permissions in cPanel's File Manager or via FTP. See How to use File Manager in cPanel for guidance.
• A missing index file - if a directory has no index file (such as index.html or index.php) and directory listing is disabled, the server returns a 403. Either add an index file or adjust directory listing behaviour using the Index Manager in cPanel.
• An .htaccess rule blocking access - a deny directive or IP block in your .htaccess file can produce a 403. See Troubleshooting .htaccess issues and How to block IP addresses via an .htaccess file.
• Password-protected directory - if a folder is protected via cPanel's Directory Privacy tool, visitors who have not authenticated will see a 403. See How to password protect a folder in cPanel.

404 Not found

The server cannot find the requested page or resource.

Resolution: Check the URL for typos, or try navigating to the page through the site's main menu.

If you are the site administrator, work through the following common causes:

• Files uploaded to the wrong location - your website files must be inside the correct document root for your domain. For your main domain this is public_html; for addon domains it is the folder you specified when you created the domain. See Where do I upload my website? and How to create an addon domain in cPanel for reference.
• File not uploaded at all - confirm the file exists on the server using File Manager or FTP. See How to use File Manager in cPanel or the FTP Getting Started Guide.
• WordPress permalink or .htaccess issue - on WordPress sites, 404 errors on pages and posts that definitely exist are almost always caused by a broken permalink structure or a missing or corrupted .htaccess file. See How to Diagnose and Fix 404 Errors on WordPress (Permalinks, .htaccess and Missing Files) for a full walkthrough, and Troubleshooting .htaccess issues for general .htaccess diagnosis.
• URL rewriting not working - if your application relies on mod_rewrite-style URL rewriting and clean URLs are returning 404s, check that rewriting is enabled. See How can I enable mod_rewrite?.
• Custom 404 page - if you want visitors to see a helpful branded page instead of a generic browser error, you can set one up in cPanel. See How to create custom error pages in cPanel.

500 Internal server error

Something went wrong on the server side - this is often a PHP version mismatch or a coding error in the site itself.

Resolution: Check the server's error logs for PHP-related messages. You may need to roll back or update the PHP version in cPanel, or debug the code to find the specific problem. Our shared hosting runs on CloudLinux, so per-account error logs are available in cPanel under Errors.

For a detailed step-by-step diagnosis guide, see How to fix a 500 Internal Server Error on your website. If the error is on a WordPress site, Diagnosing critical errors in WordPress: a survival guide covers WordPress-specific causes in depth.

Other common causes include:

• A syntax error in .htaccess - even a single misplaced character in your .htaccess file will cause a 500. See Troubleshooting .htaccess issues.
• Incorrect file permissions - scripts with overly permissive permissions (for example 777) can be rejected by the server. Files should generally be 644 and directories 755.
• PHP memory or execution limits - if a script exceeds its memory or time limits it can produce a 500. You can adjust these in cPanel using the Select PHP Version tool. See How to manage the PHP version in cPanel using the Select PHP Version tool.

503 Service unavailable

The server is temporarily unable to handle the request. While this can mean scheduled maintenance, it is often caused by something other than a straightforward server outage.

Common causes include:

• Resource limits reached - on shared hosting, each account has CPU and memory limits enforced by CloudLinux. If your site exceeds them, requests are rejected with a 503 until usage drops back down. You can check your current resource usage in cPanel under Resource Usage.
• Application-level errors - platforms such as Magento can return a 503 when the application itself fails to start or encounters a fatal error, even if the server is otherwise healthy. Check your application's error logs (for Magento, look in var/log/ within your Magento installation) for clues.
• Maintenance mode - some applications put themselves into maintenance mode during updates and return a 503 until the process completes.

Resolution: Wait a moment and refresh the page. If the error persists, check your resource usage in cPanel and review your application error logs. On shared hosting, this can also be related to your site's optimisation and resource usage. Contact our support team if you cannot identify the cause.

Cloudflare errors

If your domain is proxied through Cloudflare, you may encounter Cloudflare-specific error pages rather than standard HTTP responses. These originate from Cloudflare's network, not directly from your hosting server.

521 Web server is down

Cloudflare can reach your domain but your origin server (your hosting account) refused the connection.

Resolution: Check that your site is loading correctly when accessed directly via your server IP or a bypass URL. If your hosting account is up but the error persists, check whether a firewall rule is blocking Cloudflare's IP ranges. Contact our support team if you need help investigating the origin server side.

522 Connection timed out

Cloudflare successfully connected to your origin server but the server did not respond in time.

Resolution: This is often caused by high server load or a slow application. Check your resource usage in cPanel and review your error logs. Optimising your site's performance - for example by enabling caching - can help prevent this.

523 Origin is unreachable

Cloudflare cannot reach your origin server at all. This usually means the DNS record Cloudflare is using to find your server is incorrect or the server is offline.

Resolution: Check that the DNS A record for your domain points to the correct server IP address. If the IP has recently changed, update the record in your DNS zone. See How to Add or Manage DNS Records in cPanel (Zone Editor) for help.

524 A timeout occurred

Cloudflare connected to your origin server but the server took too long to send a complete response. This is common on pages that run long database queries or generate large amounts of content.

Resolution: Investigate what is causing the slow response - long-running database queries, unoptimised code, or heavy page generation are typical culprits. Enabling server-side caching can reduce the time needed to build pages.

525 SSL handshake failed

Cloudflare could not complete an SSL handshake with your origin server. This usually happens when Cloudflare's SSL mode is set to Full (strict) but the SSL certificate on your origin server is missing, expired, or self-signed.

Resolution: Make sure your domain has a valid SSL certificate installed in cPanel. AutoSSL can issue one automatically - see How to manually run AutoSSL for a domain in cPanel for details. Alternatively, set Cloudflare's SSL mode to Full rather than Full (strict) if you are using a self-signed certificate on the origin. If Cloudflare is interfering with AutoSSL renewal, see Using AutoSSL with Cloudflare.

526 Invalid SSL certificate

Cloudflare cannot validate the SSL certificate on your origin server.

Resolution: Check that your SSL certificate is valid and has not expired. In cPanel, you can run AutoSSL manually to renew it. If the certificate is valid but the error persists, check that the certificate chain is complete.

1020 Access denied

A Cloudflare firewall rule is blocking the request. This is not a server error - Cloudflare itself is rejecting the visitor before the request reaches your hosting account.

Resolution: Review your Cloudflare firewall rules and WAF settings. If you are seeing this on your own site unexpectedly, check whether a rule is too broad and adjust it in your Cloudflare dashboard.