loading table of contents...

4.3.9.5. Best practices for error pages

  • Error pages should set an appropriate HTTP status code: 4xx for client errors such as invalid requests and 5xx for server errors.

  • HTTP error codes will prevent upstream components from caching the response. Heavyweight error pages which rely on upstream response caching should therefore be avoided.

  • Invalid requests should be detected early and be rejected quickly, without spending much CPU resources on them.

  • For security reasons, error messages and error pages should not reveal information about the application or its infrastructure. For instance, avoid sending stack traces to untrusted users.